Jason Woods

**Name of the Vulnerable Software and Affected Versions** GrapesJS (affected versions not specified) **Description** The GrapesJS Builder allows the upload of arbitrary files due to a lack of file type restrictions. If the media folder is not configured to prevent file execution, this could lead to remote code execution. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Mautic (affected versions not specified) **Description** A user with limited privileges can bypass restrictions related to Composer and install or remove packages. This can occur even if the platform's update settings have Composer-based updates disabled. This allows a low-privileged user to potentially install malicious code and escalate their privileges on the system. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.