Elias Hohl

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 135.0.7049.95 Microsoft Edge (Chromium-based) versions (affected versions not specified) **Description** A heap buffer overflow in Codecs in Google Chrome on Windows allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. The issue is rated as Critical. **Recommendations** For Google Chrome versions prior to 135.0.7049.95, update to version 135.0.7049.95 or later to resolve the issue. For Microsoft Edge (Chromium-based), apply the relevant security update from Microsoft to address the vulnerability. As a temporary workaround, consider restricting access to potentially vulnerable Codecs functionality until a patch is available.

**Name of the Vulnerable Software and Affected Versions** patrickfuller camp versions up to and including commit bbd53a256ed70e79bd8758080936afbf6d738767 **Description** The issue concerns Incorrect Access Control. Access to the `password.txt` file is not properly restricted as it is in the root directory served by `StaticFileHandler`. The Tornado rule to throw a 403 error when `password.txt` is accessed can be bypassed. Furthermore, it is not necessary to crack the `password` hash to authenticate with the application because the `password` hash is also used as the `cookie` secret, so an attacker can generate his own authentication `cookie`. **Recommendations** For versions up to and including commit bbd53a256ed70e79bd8758080936afbf6d738767, consider restricting access to the `password.txt` file to minimize the risk of exploitation. As a temporary workaround, consider disabling the `StaticFileHandler` for the root directory until a proper fix is applied. Additionally, avoid using the `password` hash as the `cookie` secret to prevent unauthorized authentication. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Translate Multilingual sites WordPress plugin versions prior to 2.3.3 **Description** The issue allows for an authenticated SQL injection. This can be achieved by adding a new language via the settings page, containing specific special characters, which can surpass the backticks in the SQL query and allow a time-based blind payload to be injected. **Recommendations** For versions prior to 2.3.3, update to version 2.3.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the settings page to minimize the risk of exploitation. Avoid using special characters when adding new languages until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** NEX-Forms WordPress plugin versions prior to 7.9.7 **Description** The issue arises from the plugin's failure to properly sanitise and escape user input before using it in SQL statements, leading to SQL injections. This can be exploited by anyone permitted to view the forms statistics chart, which by default includes administrators, although permissions can be configured otherwise via the plugin settings. **Recommendations** For versions prior to 7.9.7, update to version 7.9.7 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** NVFLARE versions prior to 2.1.4 **Description** The issue concerns deserialization of untrusted data due to Pickle usage, which may allow an unprivileged network attacker to cause Remote Code Execution, Denial Of Service, and impact both Confidentiality and Integrity. **Recommendations** For versions prior to 2.1.4, update to version 2.1.4, which uses MessagePack instead of Pickle for serialization and deserialization. Note that some object serializations supported by Pickle are not supported by MessagePack, so users may need to convert objects to numpy or bytes before sending them to remote machines. Refer to the list of supported object types for more information.