Cinzinga

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 148.0.7778.216 **Description** A use after free issue in the Network component allows a remote attacker to execute arbitrary code within a sandbox by utilizing a specially crafted HTML page. Use after free occurs when an application continues to use a pointer after it has been freed, which can lead to memory corruption. **Recommendations** Update to version 148.0.7778.216 or later.

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 147.0.7727.55 Description A heap buffer overflow in ANGLE within Google Chrome on Mac could allow a remote attacker to execute arbitrary code within a sandbox through a specially crafted HTML page. Exploitation involves crafted WebGL/graphics content that can corrupt memory in ANGLE, potentially escalating renderer compromises. Recommendations Update Google Chrome to version 147.0.7727.55 or later.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 145.0.7632.159 **Description** An integer overflow in ANGLE, a low-level graphics library, within Google Chrome could allow a remote attacker to potentially perform out of bounds memory access. This issue is triggered by a crafted HTML page. **Recommendations** Update Google Chrome to version 145.0.7632.159 or later.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 146.0.7680.71 **Description** An integer overflow issue exists in the WebML component of Google Chrome. A remote attacker could potentially exploit heap corruption by using a specially crafted HTML page. The security severity of this issue is rated as High by Chromium. **Recommendations** Update Google Chrome to version 146.0.7680.71 or later.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 145.0.7632.116 **Description** A flaw exists in Google Chrome's Tint component on Mac operating systems. This issue allows a remote attacker to perform out of bounds memory access through a specially crafted HTML page. The security severity is rated as High. **Recommendations** Update Google Chrome to version 145.0.7632.116 or later.

**Name of the Vulnerable Software and Affected Versions** openSIS Community Edition version 7.3 **Description** The issue allows for SQL injection via the `USERNAME` parameter of the "index.php" endpoint. **Recommendations** For openSIS Community Edition version 7.3, avoid using the `USERNAME` parameter in the index.php endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** PHPGurukul Dairy Farm Shop Management System version 1.0 **Description** The issue allows for XSS attacks, as demonstrated by the `category` and `CategoryCode` parameters in "add-category.php", the `CompanyName` parameter in "add-company.php", and the `ProductName` parameter in "add-product.php". **Recommendations** For PHPGurukul Dairy Farm Shop Management System version 1.0, consider validating and sanitizing user input for the `category`, `CategoryCode`, `CompanyName`, and `ProductName` parameters to prevent XSS attacks. As a temporary workaround, restrict access to the "add-category.php", "add-company.php", and "add-product.php" pages until a proper fix is applied.

**Name of the Vulnerable Software and Affected Versions** PHPGurukul Dairy Farm Shop Management System version 1.0 **Description** The issue affects the PHPGurukul Dairy Farm Shop Management System, where SQL injection is possible. This is demonstrated through various parameters in different PHP files, including the `username` parameter in "index.php", the `category` and `CategoryCode` parameters in "add-category.php", the `CompanyName` parameter in "add-company.php", and the `ProductName` and `ProductPrice` parameters in "add-product.php". **Recommendations** For PHPGurukul Dairy Farm Shop Management System version 1.0, consider restricting access to the vulnerable parameters `username`, `category`, `CategoryCode`, `CompanyName`, `ProductName`, and `ProductPrice` in their respective PHP files until a patch is available. As a temporary workaround, avoid using these parameters in the affected API endpoints, such as those in "index.php", "add-category.php", "add-company.php", and "add-product.php". At the moment, there is no information about a newer version that contains a fix for this issue.