The exotel (aka exotel-py) package in PyPI as of 0.1.6 includes a code execution backdoor inserted by a third party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
RCE
Exotel
NVD
GitHub
CVSS 3.1
9.8
EPSS
1.2%
A vulnerability classified as critical has been found in SourceCodester Simple Task Managing System. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
PHP
SQLi
Simple Task Managing System
NVD
VulDB
CVSS 3.1
9.8
EPSS
0.5%