Ilyass El Hadi

**Name of the Vulnerable Software and Affected Versions** Apache Tapestry versions 3.x **Description** The issue allows deserialization of untrusted data, leading to remote code execution. This problem is similar to but distinct from an issue affecting the 4.x version line. The affected version line, 3.x, is no longer supported by the maintainer. **Recommendations** For Apache Tapestry versions 3.x, upgrade to a supported version line of Apache Tapestry.

**Name of the Vulnerable Software and Affected Versions** WP Cerber versions prior to 8.9.3 **Description** The issue allows for MFA bypass via manipulation of the `wordpress logged in [hash]`. There is no information provided about the estimated number of potentially affected devices worldwide or details about real-world incidents where this issue was exploited. **Recommendations** For versions prior to 8.9.3, update to version 8.9.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the `wordpress logged in [hash]` to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** WP Cerber versions prior to 8.9.3 **Description** The issue allows bypass of `/wp-json` access control via a trailing `?` character. **Recommendations** For versions prior to 8.9.3, update to version 8.9.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the `/wp-json` endpoint to minimize the risk of exploitation.