Jack Moran

**Name of the Vulnerable Software and Affected Versions** Adguard Home versions prior to 0.107.52 **Description** An arbitrary file read issue allows authenticated attackers to access arbitrary files as root on the underlying Operating System by placing a crafted file into a readable directory. This poses a serious security risk, enabling attackers to read sensitive files on systems running Adguard Home. **Recommendations** For versions prior to 0.107.52, update to version 0.107.52 or later to resolve the issue. As a temporary workaround, consider restricting access to readable directories to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Emby Media Server version 4.8.3.0 **Description** A Stored Cross Site Scripting issue allows a remote attacker to escalate privileges via the notifications.html component. **Recommendations** For Emby Media Server version 4.8.3.0, consider disabling access to the notifications.html component until a patch is available to prevent privilege escalation.

**Name of the Vulnerable Software and Affected Versions** FarCry Core framework versions prior to 7.2.14 **Description** The issue allows attackers to access sensitive information in the "/facade" directory. **Recommendations** For versions prior to 7.2.14, update to version 7.2.14 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** FarCry Core framework versions prior to 7.2.14 **Description** The issue allows attackers to execute arbitrary code via uploading a crafted .cfm file to the /fileupload/upload.cfm endpoint. **Recommendations** For versions prior to 7.2.14, update to version 7.2.14 or later to resolve the issue. As a temporary workaround, consider restricting access to the /fileupload/upload.cfm endpoint until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Precisely Spectrum Spatial Analyst version 20.01 **Description** The issue is related to Server-Side Request Forgery (SSRF), which is a type of attack where an attacker can trick a server into making requests to internal or external resources. This can potentially lead to unauthorized access to sensitive data or systems. **Recommendations** For Precisely Spectrum Spatial Analyst version 20.01, as a temporary workaround, consider restricting access to sensitive resources and internal networks to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Precisely Spectrum Spatial Analyst version 20.01 **Description** The issue is related to Directory Traversal. There is no information provided about the estimated number of potentially affected devices worldwide or real-world incidents where this issue was exploited. **Recommendations** For Precisely Spectrum Spatial Analyst version 20.01, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ASP.NET and Visual Studio (affected versions not specified) **Description** The issue is caused by synchronization errors when using a shared resource in the .NET platform and Microsoft Visual Studio. This can allow a remote attacker to bypass existing security restrictions. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.