Elysee Franchuk

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 147 **Description** A denial-of-service issue exists in the DOM: Service Workers component. **Recommendations** Update Firefox to version 147 or later.

**Name of the Vulnerable Software and Affected Versions** Apache Tomcat versions 8.5.60 through 8.5.100 Apache Tomcat versions 9.0.40 through 9.0.108 Apache Tomcat versions 10.1.0-M1 through 10.1.44 Apache Tomcat versions 11.0.0-M1 through 11.0.10 **Description** Tomcat did not properly handle ANSI escape sequences within log messages. When running on a Windows console that supports these sequences, an attacker could potentially inject specially crafted ANSI escape sequences via a URL. This could allow manipulation of the console and clipboard, potentially tricking an administrator into executing attacker-controlled commands. While a specific attack vector was not identified, the possibility of exploitation on other operating systems was noted. The issue involves improper neutralization of escape, meta, or control sequences. **Recommendations** Upgrade to Apache Tomcat version 11.0.11 or later. Upgrade to Apache Tomcat version 10.1.45 or later. Upgrade to Apache Tomcat version 9.0.109 or later.

Name of the Vulnerable Software and Affected Versions: TP-Link KP303 Smartplug versions prior to 1.1.0 Description: The TP-Link KP303 Smartplug is susceptible to unauthenticated protocol commands that can lead to an unintended power-off condition and potential information leak. Recommendations: Update the TP-Link KP303 Smartplug to version 1.1.0 or later.

**Name of the Vulnerable Software and Affected Versions** No specific software or versions are mentioned in the provided descriptions. **Description** The mail template feature lacks an escaping mechanism, causing XSS vectors in multiple extensions. No information is provided about the estimated number of potentially affected devices worldwide or real-world incidents where this issue was exploited. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Software (affected versions not specified) **Description** The issue is related to improper access controls, allowing backend users to overwrite their username even when it is disallowed. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.