Dsonbacker

**Name of the Vulnerable Software and Affected Versions** colinhacks Zod versions prior to 4.3.7 **Description** A flaw in the CUID Data Type Handler, specifically within an unknown function in the `packages/zod/src/v4/core/regexes.ts` file, allows for remote SQL injection. SQL injection is a technique where an attacker inserts malicious SQL code into a query, potentially allowing them to manipulate or access the database. **Recommendations** Update to a version later than 4.3.6.

**Name of the Vulnerable Software and Affected Versions** Whistle version 2.9.98 **Description** A path traversal issue exists in the '/cgi-bin/sessions/get-temp-file' endpoint. The flaw allows for the manipulation of the `filename` argument to access files outside of the intended directory. Approximately 7 devices worldwide are potentially affected. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, restrict access to the '/cgi-bin/sessions/get-temp-file' endpoint to minimize the risk of exploitation.