Blankshiro

**Name of the Vulnerable Software and Affected Versions** ADB Explorer versions 0.9.26020 and below **Description** ADB Explorer, a fluent UI for ADB on Windows, contains a flaw due to an unvalidated command-line argument. This allows any user to trigger recursive deletion of arbitrary directories on the Windows filesystem. The application accepts a path argument to set a custom data directory, but only verifies its existence. The `ClearDrag()` method uses `Directory.Delete(dir, true)` on every subdirectory of the provided path during application startup and exit. An attacker can create a malicious shortcut or batch script that launches ADB Explorer with a critical directory as the argument, resulting in permanent, recursive deletion of all its subdirectories. This deletion bypasses the Recycle Bin. **Recommendations** Update to version 0.9.26021 or later.

**Name of the Vulnerable Software and Affected Versions** ADB Explorer versions prior to Beta 0.9.26020 **Description** ADB Explorer, a fluent UI for ADB on Windows, contains a flaw due to Insecure Deserialization, potentially leading to Remote Code Execution. The application deserializes the `App.txt` settings file using Newtonsoft.Json with `TypeNameHandling` set to `Objects`. An attacker can provide a specially crafted JSON file containing a gadget chain, such as `ObjectDataProvider`, to execute arbitrary code when the application launches and saves its settings. **Recommendations** Update to Beta 0.9.26020 or later.

**Name of the Vulnerable Software and Affected Versions** PowerDocu versions prior to 2.4.0 **Description** PowerDocu, a Windows GUI executable for technical documentation, has a security issue in its JSON parsing process within Flow or App packages. The application incorrectly trusts the ` $type` property in JSON files, which allows an attacker to create and run arbitrary .NET objects, leading to potential code execution. **Recommendations** Update to version 2.4.0 or later.