Gladys Assistant before 4.45.1 allows Privilege Escalation (a user changing their own role) because req.body.role can be used in updateMySelf in server/api/controllers/user.controller.js. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Privilege Escalation
Denial Of Service
NVD
GitHub
CVSS 3.1
8.8
EPSS
0.6%
SnakeYaml Deser Load Malicious xml rce vulnerability in Apache HertzBeat (incubating). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Deserialization
Apache
Hertzbeat
NVD
CVSS 3.1
8.8
EPSS
4.1%