J0O1Ey

**Name of the Vulnerable Software and Affected Versions** Redis (affected versions not specified) **Description** A critical vulnerability was found in a port or fork of Redis, affecting the dbghelp.dll library. The issue is related to an uncontrolled search path, which can be exploited remotely. The exploit has been disclosed, but the existence of this vulnerability is still disputed. This issue might affect an unofficial fork or port on Windows only. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Jiusi OA (affected versions not specified) **Description** A critical vulnerability was found in Jiusi OA, affecting an unknown functionality of the file /jsoa/hntdCustomDesktopActionContent. The manipulation of the `inforid` argument leads to SQL injection. The exploit has been disclosed to the public and may be used. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** jeecg-boot (affected versions not specified) **Description** A critical issue has been found in jeecg-boot, affecting unknown code of the file "/api/". The manipulation of the `file` argument leads to unrestricted upload. The attack can be initiated remotely. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Zfaka versions prior to 1.4.6 **Description** A security issue was discovered in the background file upload function, where the verification check is not strict enough. This weakness can lead to remote command execution. **Recommendations** For versions prior to 1.4.6, update to version 1.4.6 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** ZFAKA versions 1.43 and earlier **Description** A SQL injection issue exists, allowing an attacker to perform SQL injection in the foreground and add a background administrator account. **Recommendations** For ZFAKA versions 1.43 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.