Ddennedy

**Name of the Vulnerable Software and Affected Versions** Shotcut versions prior to 20.09.13 **Description** The issue arises from the misuse of TLS in the upgrade check due to the setting of `setPeerVerifyMode(QSslSocket::VerifyNone)` in mainwindow.cpp. This could allow a man-in-the-middle attacker to offer a spoofed download resource. **Recommendations** For versions prior to 20.09.13, update to version 20.09.13 or later to resolve the issue. As a temporary workaround, consider restricting network access to trusted sources until the update is applied.