Cucumbersalad

**Name of the Vulnerable Software and Affected Versions** DecoCMS Mesh versions up to 1.0.0-alpha.31 **Description** A flaw exists in DecoCMS Mesh due to improper access controls. This issue is related to the manipulation of the `domain` argument within the `createTool` function located in the file `packages/sdk/src/mcp/teams/api.ts` of the Workspace Domain Handler component. The attack can be initiated remotely, but exploitation is considered difficult. **Recommendations** Upgrade to version 1.0.0-alpha.32.

**Nome do Software Vulnerável e Versões Afetadas** deco-cx apps versões até 0.120.1 **Descrição** Existe um problema de segurança no deco-cx apps. A manipulação do argumento `url` dentro da função `AnalyticsScript`, localizada no arquivo `website/loaders/analyticsScript.ts` do componente Parameter Handler, pode resultar em falsificação de solicitação no lado do servidor (SSRF). Este ataque pode ser realizado remotamente. O exploit para este problema foi divulgado publicamente. **Recomendações** Atualize para a versão 0.120.2 para resolver este problema.

**Name of the Vulnerable Software and Affected Versions** TOZED ZLT T10 T10PLUS version 3.04.15 **Description** A flaw exists in TOZED ZLT T10 T10PLUS. Manipulation of an unknown function within the `/reqproc/proc post` file of the Reboot Handler component can lead to a denial of service. Access to the local network is required to exploit this issue. The exploit is publicly available. The vendor was contacted regarding this disclosure but did not respond. **Recommendations** TOZED ZLT T10 T10PLUS version 3.04.15: At the moment, there is no information about a newer version that contains a fix for this vulnerability.