Alessio Dalla Piazza

**Name of the Vulnerable Software and Affected Versions** Upsonic (affected versions not specified) **Description** A remote code execution issue exists in Upsonic due to deserialization of untrusted data. This allows for unauthenticated exploitation, potentially impacting systems that rely on the component. The issue has a CVSS score of 9.8. The vulnerability was discovered using AI-powered techniques, raising concerns about the increasing accessibility of automated vulnerability research. The vulnerability could be exploited to target APIs, authentication flows, and business logic. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: IBM WebSphere Application Server Network Deployment versions 8.5 through 9.0 Description: The issue allows a remote authenticated attacker to traverse directories by sending a specially-crafted URL request containing `dot dot` sequences (`/../`) to read and delete arbitrary files on the system. Recommendations: For IBM WebSphere Application Server Network Deployment versions 8.5 through 9.0, consider restricting access to sensitive files and directories to minimize the risk of exploitation. As a temporary workaround, consider implementing additional validation and sanitization of URL requests to prevent directory traversal attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.