Cucumbersalad

**Name of the Vulnerable Software and Affected Versions** DecoCMS Mesh versions up to 1.0.0-alpha.31 **Description** A flaw exists in DecoCMS Mesh due to improper access controls. This issue is related to the manipulation of the `domain` argument within the `createTool` function located in the file `packages/sdk/src/mcp/teams/api.ts` of the Workspace Domain Handler component. The attack can be initiated remotely, but exploitation is considered difficult. **Recommendations** Upgrade to version 1.0.0-alpha.32.

**Name of the Vulnerable Software and Affected Versions** deco-cx apps versions up to 0.120.1 **Description** A security issue exists in deco-cx apps. Manipulation of the `url` argument within the `AnalyticsScript` function, located in the `website/loaders/analyticsScript.ts` file of the Parameter Handler component, can lead to server-side request forgery. This attack can be carried out remotely. The exploit for this issue has been publicly disclosed. **Recommendations** Upgrade to version 0.120.2 to address this issue.

**Name of the Vulnerable Software and Affected Versions** TOZED ZLT T10 T10PLUS version 3.04.15 **Description** A flaw exists in TOZED ZLT T10 T10PLUS. Manipulation of an unknown function within the `/reqproc/proc post` file of the Reboot Handler component can lead to a denial of service. Access to the local network is required to exploit this issue. The exploit is publicly available. The vendor was contacted regarding this disclosure but did not respond. **Recommendations** TOZED ZLT T10 T10PLUS version 3.04.15: At the moment, there is no information about a newer version that contains a fix for this vulnerability.