Nepxion Discovery is a solution for Spring Cloud. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
SSRF
Information Disclosure
Java
Discovery
NVD
GitHub
CVSS 3.1
7.5
EPSS
0.6%
The secp256k1-js package before 1.1.0 for Node.js implements ECDSA without required r and s validation, leading to signature forgery. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Information Disclosure
Jwt Attack
Node.js
Secp256K1 Js
NVD
GitHub
CVSS 3.1
7.5
EPSS
0.5%