Prav33N-Sec

**Name of the Vulnerable Software and Affected Versions** Worklenz versions prior to 2.1.7 **Description** Worklenz, a project management tool, contains multiple SQL injection flaws in its backend SQL query construction. These flaws affect project and task management controllers, reporting and financial data endpoints, real-time socket.io handlers, and resource allocation and scheduling features. The issue allows for potential unauthorized access and manipulation of data through crafted SQL queries. **Recommendations** Update to version 2.1.7 or later.

**Name of the Vulnerable Software and Affected Versions** Solspace Freeform plugin for Craft CMS versions 5.0 through 5.14.6 **Description** A low-privilege authenticated user with form creation/editing permissions can inject arbitrary HTML and JavaScript code into the Craft Control Panel builder and integrations views. Form labels and integration metadata, controlled by the user, are rendered using `dangerouslySetInnerHTML` without proper sanitization, resulting in stored cross-site scripting (XSS). This allows for the execution of malicious scripts when any administrator views the builder or integration screens. **Recommendations** Update to version 5.14.7 or later.