Maverickfir

**Name of the Vulnerable Software and Affected Versions** xinhu xinhuoa version 2.2.1 **Description** The issue is related to a File upload vulnerability. There is no information provided about the estimated number of potentially affected devices worldwide or real-world incidents where this issue was exploited. **Recommendations** For xinhu xinhuoa version 2.2.1, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** RuoYi versions up to v4.6 **Description** The issue is a SQL injection vulnerability. It can be exploited via the "/system/dept/edit" API endpoint. **Recommendations** For versions up to v4.6, as a temporary workaround, consider restricting access to the "/system/dept/edit" API endpoint until a patch is available.