David Bors

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 149.0.7827.53 **Description** A use after free issue in Chromoting allows a remote attacker to execute arbitrary code through malicious network traffic. Use after free is a memory corruption flaw that occurs when an application continues to use a pointer after it has been freed. **Recommendations** Update to version 149.0.7827.53.

**Name of the Vulnerable Software and Affected Versions** DreamFactory (affected versions not specified) **Description** A flaw exists in the implementation of the `saveZipFile` method that could allow remote attackers to execute arbitrary code on affected DreamFactory installations. Authentication is required for exploitation. The issue stems from insufficient validation of user-supplied input before it is used in a system call, potentially allowing an attacker to execute code with the privileges of the service account. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** trenoncourt AutoQueryable version 1.7.0 **Description** An issue in trenoncourt AutoQueryable allows a remote attacker to obtain sensitive information via the `Unselectable` function. **Recommendations** For trenoncourt AutoQueryable version 1.7.0, consider disabling the `Unselectable` function as a temporary workaround until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.