Artem

**Name of the Vulnerable Software and Affected Versions** Cygnux sysPass versions 2.1.7 and older **Description** The issue allows for Local File Inclusion in the functionality of javascript files inclusion, enabling an attacker to read sensitive information such as configuration files containing database login and password, private encryption key, and other sensitive data. **Recommendations** For Cygnux sysPass versions 2.1.7 and older, update to a version newer than 2.1.7 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Mosquitto versions prior to 1.4.12 **Description** The issue allows clients to bypass pattern-based ACLs by setting their username/client ID to '#' or '+'. This enables locally or remotely connected clients to access MQTT topics they do not have rights to. The problem may also be present in third-party authentication/access control plugins for Mosquitto. **Recommendations** For Mosquitto versions prior to 1.4.12, update to version 1.4.12 or later to resolve the issue. As a temporary workaround, consider restricting access to MQTT topics and implementing additional authentication measures to minimize the risk of exploitation.