Esjay

**Name of the Vulnerable Software and Affected Versions** SEW-EURODRIVE MOVITOOLS MotionStudio (affected versions not specified) **Description** The issue arises when SEW-EURODRIVE MOVITOOLS MotionStudio processes XML information, leading to unrestricted file access. This can result in information disclosure due to XML External Entity Processing. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Vinchin Backup and Recovery version 6.5.0.17561 **Description** This issue allows remote attackers to bypass authentication on affected installations. The specific flaw exists within the configuration of the MySQL server, which uses a hard-coded password for the administrator user. An attacker can leverage this vulnerability to bypass authentication on the system. **Recommendations** For Vinchin Backup and Recovery version 6.5.0.17561, consider changing the hard-coded password for the administrator user in the MySQL server configuration as a temporary workaround until a patch is available. Restrict access to the MySQL server to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.