Bakabaka

**Name of the Vulnerable Software and Affected Versions** bird-lg-go versions prior to commit 6187a4e **Description** A flaw exists in the traceroute module of bird-lg-go that allows for argument injection. The `shlex.Split` function is used to process user-supplied input without proper validation. This allows attackers to inject arbitrary flags, such as `-w` and `-q`, through the `q` parameter. Successful exploitation can lead to a Denial of Service (DoS) by consuming system resources. The vulnerable parameter is `q`. **Recommendations** Update bird-lg-go to commit 6187a4e or a later version.

**Name of the Vulnerable Software and Affected Versions** Hex-Dragon Plain Craft Launcher 2 version Alpha 1.3.9 **Description** The issue allows local attackers to execute arbitrary code and gain sensitive information due to a Directory Traversal vulnerability. **Recommendations** For Hex-Dragon Plain Craft Launcher 2 version Alpha 1.3.9, at the moment, there is no information about a newer version that contains a fix for this vulnerability.