Alperen Keski̇n

**Name of the Vulnerable Software and Affected Versions** Apinizer versions 2026.04.0 through 2026.04.5 **Description** Improper neutralization of special elements used in an expression language statement leads to an expression language injection, which allows for code injection. **Recommendations** Update to version 2026.04.6.

**Name of the Vulnerable Software and Affected Versions** DivvyDrive versions 4.8.2.9 through 4.8.3.1 **Description** DivvyDrive contains a stored cross-site scripting (XSS) flaw, which occurs when the application fails to properly neutralize input during the generation of web pages. This allows an attacker to store malicious scripts on the server that are later executed in the browsers of other users. **Recommendations** Update to version 4.8.3.2.

**Name of the Vulnerable Software and Affected Versions** DivvyDrive versions 4.8.2.9 through 4.8.3.1 **Description** DivvyDrive contains an issue where script-related HTML tags are not properly neutralized in a web page, allowing for Cross-Site Scripting (XSS), which occurs when an application includes untrusted data in a web page without proper validation or escaping. **Recommendations** Update to version 4.8.3.2.

**Name of the Vulnerable Software and Affected Versions** DivvyDrive versions 4.8.2.9 through 4.8.3.1 **Description** DivvyDrive allows parameter injection, which leads to an open redirect. This occurs when the application redirects users to an untrusted site via a manipulated parameter. **Recommendations** Update to version 4.8.3.2.