Edoardottt

**Name of the Vulnerable Software and Affected Versions** mem0ai mem0 versions prior to 1.0.12 **Description** An unsafe deserialization issue exists in the `pickle.load()` and `pickle.dump()` functions within the `mem0/vector stores/faiss.py` file. This allows a remote attacker to perform a manipulation that results in deserialization, which is the process of converting a byte stream back into an object. **Recommendations** Apply patch 62dca096f9236010ca15fea9ba369ba740b86b7a to resolve the issue. As a temporary workaround, restrict the use of the `pickle.load()` and `pickle.dump()` functions in the `mem0/vector stores/faiss.py` file.

**Name of the Vulnerable Software and Affected Versions** SimpleJWT versions prior to 1.1.1 **Description** A flaw exists in SimpleJWT that allows an unauthenticated attacker to cause a denial of service through manipulation of the JWE header when PBES2 algorithms are used. Specifically, the vulnerability stems from a lack of input validation on the iteration count (`p2c` parameter) within the PBES2 algorithm. An attacker can supply a very large value for the `p2c` parameter, leading to excessive CPU consumption during key derivation via the `hash pbkdf2()` function. This can exhaust server resources and render the application unavailable. The vulnerable code resides in the `decryptKey()` and `generateKeyFromPassword()` functions of the `PBES2.php` file. The attack can be triggered even with an invalid JWE, as authentication is not required before processing the header. A proof of concept demonstrates the ability to shut down a PHP development server by sending a crafted JWE with a high `p2c` value. **Recommendations** Update to SimpleJWT version 1.1.1 or later.

**Name of the Vulnerable Software and Affected Versions** datapizza-labs datapizza-ai version 0.0.2 **Description** A flaw exists in the `RedisCache` function within the `datapizza-ai-cache/redis/datapizza/cache/redis/cache.py` file of datapizza-ai. This issue allows for deserialization, and exploitation requires local network access. The complexity of exploitation is considered high, and it is described as difficult. The details of the exploit have been publicly disclosed. The vendor was informed of the issue but did not respond. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** datapizza-labs datapizza-ai version 0.0.2 **Description** A flaw exists in the Jinja2 Template Handler component of datapizza-ai. Specifically, the `ChatPromptTemplate` function within the `datapizza-ai-core/datapizza/modules/prompt/prompt.py` file is susceptible to improper neutralization of special elements used in a template engine due to manipulation of the `Prompt` argument. This allows for remote exploitation. The exploit has been published. The vendor was contacted but did not respond. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** changedetection.io versions prior to 0.50.34 **Description** A Stored Cross Site Scripting issue exists in changedetection.io’s Watch update API due to inadequate security checks. An attacker can insert a new watch with a URL pointing to a web page, then modify the URL to include a JavaScript payload. Alternatively, an attacker can replace the URL in an existing watch with a JavaScript payload. When a user previews the malicious link, the JavaScript code is executed. This impacts the application's ability to securely handle user-provided URLs. **Recommendations** Update to version 0.50.34 or later.

Name of the Vulnerable Software and Affected Versions: Gogs versions 0.14.0+dev and prior Description: Gogs is an open source self-hosted Git service. The issue is a stored cross-site scripting (XSS) vulnerability, which allows client-side Javascript code execution. This is caused by the usage of a vulnerable and outdated component: pdfjs-1.4.20, located in public/plugins/. Recommendations: For versions 0.14.0+dev and prior, update to version 0.13.3 or later to resolve the issue. As a temporary workaround, consider disabling the pdfjs-1.4.20 component under public/plugins/ until a patch is available.

**Name of the Vulnerable Software and Affected Versions** changedetection.io version 0.45.20 **Description** The issue is a Server Side Template Injection (SSTI) in Jinja2 that allows Remote Command Execution on the server host. Attackers can run any system command without restriction and could use a reverse shell. The impact is critical as the attacker can completely take over the server machine. This can be reduced if changedetection is behind a login page, but this isn't required by the application. **Recommendations** For version 0.45.20, consider protecting changedetection access with a login page and password to reduce the risk of exploitation. As a temporary workaround, restrict access to the vulnerable Jinja2 template engine until a patch is available. Avoid using the `notification body` and `notification title` parameters in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** TotalJS messenger (affected versions not specified) **Description** A stored cross-site scripting (XSS) vulnerability in TotalJS messenger allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the private task field. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** TotalJS Flow version 10 **Description** A stored cross-site scripting (XSS) vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the `platform name` field in the `settings module`. This issue enables attackers to inject malicious code, potentially leading to unauthorized access or control of the affected system. **Recommendations** For TotalJS Flow version 10, consider disabling the settings module or restricting access to it until a patch is available. Avoid using the `platform name` field in the settings module until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** TotalJS messenger version b6cf1c9 **Description** A stored cross-site scripting (XSS) issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the `channel description field`. This enables attackers to potentially manipulate the web application's behavior. **Recommendations** For version b6cf1c9, as a temporary workaround, consider restricting user input in the `channel description field` to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** TotalJS messenger version b6cf1c9 **Description** A stored cross-site scripting (XSS) issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the `user information field`. This enables attackers to potentially steal user data or take control of user sessions. **Recommendations** For version b6cf1c9, as a temporary workaround, consider validating and sanitizing user input in the `user information field` to prevent malicious payloads from being injected. Restrict access to sensitive features until a proper fix is applied. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** TotalJS OpenPlatform version b80b09d **Description** A stored cross-site scripting (XSS) issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the `platform name` field. **Recommendations** For version b80b09d, consider restricting the input allowed in the `platform name` field to prevent the injection of malicious scripts until a patch is available.

**Name of the Vulnerable Software and Affected Versions** TotalJS OpenPlatform version b80b09d **Description** A stored cross-site scripting (XSS) issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the `account name` field. This enables the execution of malicious code on the platform. **Recommendations** For version b80b09d, consider validating and sanitizing user input in the `account name` field to prevent the injection of malicious payloads. As a temporary workaround, restrict access to the account name field until a proper fix is implemented.

**Name of the Vulnerable Software and Affected Versions** Changedetection.io versions prior to 0.40.1.1 **Description** The issue is related to a stored cross-site scripting (XSS) vulnerability in the main page of Changedetection.io. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the `URL` parameter under the "Add a new change detection watch" function. **Recommendations** For versions prior to 0.40.1.1, update to version 0.40.1.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the "Add a new change detection watch" function to minimize the risk of exploitation. Avoid using the `URL` parameter in the affected function until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Total.js versions prior to 0e5ace7 **Description** The issue allows remote command execution via shell metacharacters in the `host` parameter of the "/api/common/ping" API endpoint. **Recommendations** For versions prior to 0e5ace7, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to the "/api/common/ping" API endpoint to minimize the risk of exploitation. Avoid using shell metacharacters in the `host` parameter until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** TotalJS version 8c2c8909 **Description** A cross-site scripting (XSS) issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the `Website name` text field under `Main Settings`. **Recommendations** For version 8c2c8909, consider restricting access to the `Main Settings` section until a patch is available, and avoid using the `Website name` text field to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.