Ghosto

**Name of the Vulnerable Software and Affected Versions** robdns version d76d2e6 **Description** The issue is related to a NULL pointer dereference via the `item->tokens` component at `/src/conf-parse.c`. This occurs in robdns commit d76d2e6. **Recommendations** For version d76d2e6, consider applying a patch to fix the NULL pointer dereference issue. As a temporary workaround, consider restricting access to the `/src/conf-parse.c` component until a patch is available. Avoid using the `item->tokens` component in the affected configuration parsing functionality until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Typora version 0.9.65 **Description** A Cross Site Scripting (XSS) issue allows a remote attacker to obtain sensitive information via the PDF file exporting function. **Recommendations** For Typora version 0.9.65, update to a version that fixes this issue to prevent exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** waline version 1.6.1 **Description** The issue allows an attacker to submit messages using the `X-Forwarded-For` header to forge any IP address. **Recommendations** For waline version 1.6.1, consider restricting the use of the `X-Forwarded-For` header until a patch is available.