Adam Reiser

**Name of the Vulnerable Software and Affected Versions** TruffleHog version 3.90.2 **Description** An arbitrary code execution issue exists in the git functionality of TruffleHog. A specially crafted repository can trigger this, potentially leading to arbitrary code execution. An attacker can provide a malicious repository to exploit this. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Moodle version 3.10 **Description** A command execution vulnerability exists in the default legacy spellchecker plugin. This issue can be exploited through a specially crafted series of HTTP requests, leading to command execution. An attacker must have administrator privileges to exploit this vulnerability. **Recommendations** For Moodle version 3.10, consider disabling the default legacy spellchecker plugin until a patch is available to prevent command execution. Restrict access to administrator privileges to minimize the risk of exploitation.