Aiyakami

**Name of the Vulnerable Software and Affected Versions** WuKongOpenSource WukongCRM version 9.0 **Description** A problematic vulnerability was found in the file AdminSysConfigController.java of the File Upload component. The manipulation of the `File` argument leads to cross-site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. **Recommendations** For WuKongOpenSource WukongCRM version 9.0, as a temporary workaround, consider disabling the file upload functionality until a patch is available. Restrict access to the AdminSysConfigController.java file to minimize the risk of exploitation. Avoid using the `File` argument in the affected component until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** jsnjfz WebStack-Guns version 1.0 **Description** A vulnerability was found in the jsnjfz WebStack-Guns software. It has been classified as problematic and affects an unknown function of the file UserMgrController.java of the component File Upload. The manipulation of the `File` argument leads to cross-site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. **Recommendations** As a temporary workaround, consider disabling the file upload functionality until a patch is available. Restrict access to the UserMgrController.java file to minimize the risk of exploitation. Avoid using the `File` argument in the affected component until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** jsnjfz WebStack-Guns version 1.0 **Description** A vulnerability was found in the software, affecting an unknown functionality, which leads to cross-site request forgery. The attack can be launched remotely. The vendor was contacted about this disclosure but did not respond. **Recommendations** For jsnjfz WebStack-Guns version 1.0, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** WuKongOpenSource WukongCRM version 9.0 **Description** A vulnerability was found in WuKongOpenSource WukongCRM, affecting an unknown functionality of the file /system/user/updataPassword. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The vendor was contacted early about this disclosure but did not respond in any way. **Recommendations** For WuKongOpenSource WukongCRM version 9.0, as a temporary workaround, consider disabling the functionality related to the /system/user/updataPassword file until a patch is available. Restrict access to this file to minimize the risk of exploitation. Avoid using the affected endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** TechPowerUp GPU-Z version 2.23.0 **Description** A problematic issue was found in the function `sub 140001880` within the `GPU-Z.sys` library, affecting the `0x8000645C` IOCTL Handler component. This issue leads to a memory leak. The attack can be launched locally. **Recommendations** For version 2.23.0, as a temporary workaround, consider disabling the `sub 140001880` function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this issue.

Name of the Vulnerable Software and Affected Versions: Projectworlds Life Insurance Management System version 1.0 Description: A critical issue affects some unknown functionality of the file /deleteAgent.php, where the manipulation of the `agent id` argument leads to SQL injection. This issue can be exploited remotely. Recommendations: For Projectworlds Life Insurance Management System version 1.0, as a temporary workaround, consider restricting access to the /deleteAgent.php file until a patch is available. Avoid using the `agent id` argument in the affected file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.