Harry Ha

**Name of the Vulnerable Software and Affected Versions** Niushop B2B2C V5 (affected versions not specified) **Description** The issue allows attackers to run arbitrary SQL commands via `latitude` and `longitude` parameters in the `/app/api/controller/Store.php` endpoint. This enables potential exploitation for malicious purposes. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Anyscale Ray versions 2.6.3 through 2.8.0 **Description** The issue allows for a Server-Side Request Forgery (SSRF) attack via the /log proxy endpoint. The vendor considers this report irrelevant, stating that Anyscale Ray is not intended for use outside a strictly controlled network environment. **Recommendations** For versions 2.6.3 through 2.8.0, consider restricting access to the /log proxy endpoint to minimize the risk of SSRF exploitation.