Kiyell

**Name of the Vulnerable Software and Affected Versions** Pi-hole versions prior to 6 **Description** The issue allows unauthenticated calls to "admin/api.php?setTempUnit=" to change the temperature units of the web dashboard. The supplier reportedly does not consider this a security issue, but the motivation for allowing arbitrary persons to change the value, which can be seen by the device owner, is unclear. **Recommendations** For versions prior to 6, update to version 6 or later to resolve the issue. As a temporary workaround, consider restricting access to the "admin/api.php?setTempUnit=" endpoint until a patch is available.

**Name of the Vulnerable Software and Affected Versions** ProjectSend versions up to r1605 **Description** A vulnerability has been found in ProjectSend, affecting the `get preview` function of the `process.php` file. This issue leads to improper control of resource identifiers and can be initiated remotely. The estimated number of potentially affected devices is not provided. There is no information about real-world incidents where this issue was exploited. **Recommendations** For ProjectSend versions up to r1605, upgrade to version r1720 to address this issue. As a temporary workaround, consider disabling the `get preview` function of the `process.php` file until the patch is applied. Restrict access to the `process.php` file to minimize the risk of exploitation.