Zgbsm

**Nome do Software Vulnerável e Versões Afetadas** Versões do 1Panel-dev MaxKB até 2.0.2 e 2.1.0 **Descrição** Existe uma vulnerabilidade no 1Panel-dev MaxKB devido ao processamento inadequado de arquivos. Especificamente, o arquivo `/admin/api/workspace/default/tool/debug` é suscetível à manipulação do argumento `code`, resultando em desserialização. Este problema pode ser explorado remotamente. O exploit foi divulgado publicamente. **Recomendações** Atualize para a versão 2.1.1 para corrigir o problema.

**Name of the Vulnerable Software and Affected Versions** rmountjoy92 DashMachine versions 0.5-4 **Description** A problematic issue was found in the Config Handler component, specifically in the /settings/save config file. The manipulation of the `value template` argument leads to code injection. The issue has been publicly disclosed and may be exploited. **Recommendations** For versions 0.5-4, consider restricting access to the Config Handler component, specifically the /settings/save config file, to minimize the risk of exploitation. As a temporary workaround, avoid using the `value template` argument in the affected functionality until a fix is available. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** rmountjoy92 DashMachine versions 0.5 through 4 **Description** A critical issue has been found in the software, affecting some unknown functionality of the file /settings/delete file. The manipulation of the argument `file` leads to path traversal, allowing access to files outside the intended directory, such as '../filedir'. The issue has been publicly disclosed and may be exploited. **Recommendations** For versions 0.5 through 4, consider restricting access to the /settings/delete file functionality until a patch is available. As a temporary workaround, avoid using the `file` argument in the affected file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** linkding version 1.23.0 **Description** A vulnerability has been found in linkding, where the manipulation of the argument `q` leads to cross-site scripting. This issue can be exploited remotely. The vendor was contacted and responded professionally, releasing a fixed version of the product. **Recommendations** For linkding version 1.23.0, upgrade to version 1.23.1 to address this issue. As a temporary workaround, consider restricting the use of the argument `q` until the upgrade is applied.

**Name of the Vulnerable Software and Affected Versions** Lissy93 Dashy version 2.1.1 **Description** A critical vulnerability has been found in Lissy93 Dashy, affecting an unknown part of the file `/config-manager/save` of the component Configuration Handler. The manipulation of the argument `config` leads to improper access controls. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. **Recommendations** As a temporary workaround, consider restricting access to the `/config-manager/save` endpoint until a patch is available. Avoid using the argument `config` in the affected endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.