B1Tbreaker

Name of the Vulnerable Software and Affected Versions Balena Etcher versions prior to 2.1.4 Description A Time-of-Check to Time-of-Use (TOCTOU) race condition exists in Balena Etcher for Windows prior to version 2.1.4. This condition allows attackers to escalate privileges and execute arbitrary code by replacing a legitimate script with a crafted payload during the flashing process. Recommendations Update Balena Etcher to version 2.1.4 or later.

**Name of the Vulnerable Software and Affected Versions** Mealie versions prior to 3.0.1 **Description** The software is susceptible to Cross-Site Scripting (XSS) within the recipe creation feature. User-provided data in the "note" and "text" fields is not adequately sanitized before being displayed on the frontend, resulting in persistent XSS. The affected API endpoint is `/api/recipes/{recipe name}`, where `recipe name` is a vulnerable parameter. **Recommendations** Update to a version newer than 3.0.1.