Furkan Kayapinar

**Name of the Vulnerable Software and Affected Versions** Kron Tech Single Connect version 2.16 **Description** The issue is related to Improper Input Validation and Authorization Bypass Through User-Controlled Key, allowing Privilege Abuse in Kron Tech Single Connect on Windows. **Recommendations** For version 2.16, consider restricting access to sensitive features until a patch is available, and ensure proper input validation to prevent unauthorized access. As a temporary workaround, consider disabling any user-controlled key functionality to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** sar2html versions 3.2.2 and prior **Description** An OS command injection vulnerability exists due to insufficient input validation when processing the `plot` parameter in the `index.php` file. Remote, unauthenticated attackers can inject shell commands by appending them to the `plot` parameter in a crafted GET request (e.g., `?plot=;id`). The output of the command is displayed in the application's interface after interacting with the host selection UI, leading to arbitrary command execution on the underlying system. **Recommendations** sar2html versions prior to 3.2.2: At the moment, there is no information about a newer version that contains a fix for this vulnerability.