Frozzipies

**Name of the Vulnerable Software and Affected Versions** OpenProject versions prior to 17.2.0 **Description** OpenProject is an open-source, web-based project management software. A flaw exists due to improper validation of Markdown rendering, specifically in hyperlink handling. This allows an attacker to inject malicious hyperlink payloads that perform DOM clobbering. DOM clobbering can cause the entire page to crash or become blank by overwriting native DOM functions with HTML elements, leading to runtime errors during application initialization and halting further execution. **Recommendations** Versions prior to 17.2.0 should be updated to version 17.2.0 or later.

Name of the Vulnerable Software and Affected Versions: Wazuh versions prior to 4.9.1 Description: This issue occurs when the system has weak privilege access, allowing an attacker to perform privilege escalation. As a result, an attacker can view the agent list on the Wazuh dashboard without privilege access. The estimated number of potentially affected devices worldwide is not specified. There is no information about real-world incidents where this issue was exploited. Recommendations: For versions prior to 4.9.1, upgrade to version 4.9.1 to resolve the issue. As a temporary workaround, consider restricting access to the Wazuh dashboard to minimize the risk of exploitation. There are no known workarounds for this vulnerability.