Febou92

**Name of the Vulnerable Software and Affected Versions** Roo Code versions prior to 3.26.0 **Description** Roo Code is an AI-powered autonomous coding agent. A weakness exists in the command parsing logic due to incorrect handling of Bash parameter expansion and indirect reference. If the agent was configured to auto-approve command execution, an attacker influencing prompts could execute arbitrary commands alongside intended ones. **Recommendations** Update to Roo Code version 3.26.0 or later.

**Name of the Vulnerable Software and Affected Versions** Joplin (affected versions not specified) **Description** The issue arises from Joplin's failure to consider that "<" followed by a non-letter character will not be considered HTML. This oversight allows for a potential XSS attack by injecting an "illegal" tag within a tag. The vulnerability is related to the application's handling of HTML tags and characters. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.