Nmaochea

**Name of the Vulnerable Software and Affected Versions** AliasVault App versions through 0.25.3 **Description** A security issue exists in AliasVault App on Android/iOS. The issue is related to the Backup Handler component and affects the shared prefs/aliasvault.xml file. Manipulation of the `accessToken`, `refreshToken`, `metadata`, `key derivation params`, and `auth methods` arguments can lead to unauthorized exposure of backup files. The attack requires local access and is considered complex and difficult to exploit. The tokens stored in aliasvault.xml are API session tokens and do not, on their own, allow decryption of the vault; the master password is still required. **Recommendations** Upgrade to version 0.26.0 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Artifex MuPDF versions up to 1.26.1 **Description** An issue exists in Artifex MuPDF up to version 1.26.1 on Windows. The `get system dpi` function within the `platform/x11/win main.c` file is susceptible to an uncontrolled search path manipulation. This requires local access to exploit and is considered to have high complexity with difficult exploitability. **Recommendations** Upgrade to version 1.26.2 to resolve this issue.