H3Nrrrych4U

**Name of the Vulnerable Software and Affected Versions** OWASP DefectDojo versions through 2.55.4 **Description** A security issue has been identified in OWASP DefectDojo related to denial of service. The issue resides in the `input zip.read` function within the `parser.py` file of the `SonarQubeParser/MSDefenderParser` component. This allows for remote exploitation, and the exploit has been publicly disclosed. **Recommendations** Upgrade to version 2.56.0 or later.

**Name of the Vulnerable Software and Affected Versions** fosrl Pangolin versions up to 1.15.4-s.3 **Description** A flaw exists in the Role Handler component of fosrl Pangolin. Specifically, the `verifyRoleAccess`/`verifyApiKeyRoleAccess` function is susceptible to manipulation, resulting in improper access controls. Remote exploitation is possible, and the exploit has been publicly disclosed. **Recommendations** Upgrade to version 1.15.4-s.4.