Caishibo

**Name of the Vulnerable Software and Affected Versions** yangzongzhuan RuoYi versions up to 4.8.2 **Description** A security issue exists in yangzongzhuan RuoYi, specifically within the Quartz Job Handler component. The issue involves code injection stemming from manipulation of the `invokeTarget` argument when processing files under the `/monitor/job/` path. This allows for remote execution of code. The exploit for this issue has been publicly disclosed. The vendor was notified but did not respond. **Recommendations** Versions prior to 4.8.2 should be used.

Name of the Vulnerable Software and Affected Versions: code-projects Crud Operation System version 1.0 Description: A critical issue affects some unknown processing of the file savedata.php. The manipulation of the argument `sname` leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Recommendations: As a temporary workaround, consider disabling the `savedata.php` file until a patch is available. Restrict access to the `sname` argument in the affected file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.