Ky0Tofu

**Name of the Vulnerable Software and Affected Versions** Sonatype Nexus Repository versions 3.6.0 through 3.91.0 **Description** An authenticated user with upload permissions to a hosted repository can store content that triggers arbitrary JavaScript execution in the browser of any user viewing that repository directory through the HTML index page. This allows an attacker to perform actions within the context of the victim's session. **Recommendations** Update to version 3.92.0 or later.

**Name of the Vulnerable Software and Affected Versions** systemd versions 258 through 259 **Description** A local unprivileged user can trigger an assert when a unit with `Delegate=yes` and `User=<unset>` is running. **Recommendations** Update to version 260.

**Name of the Vulnerable Software and Affected Versions** Shopire theme for WordPress versions prior to 1.0.58 **Description** The Shopire theme for WordPress has an issue where data can be modified without authorization. This is due to a missing capability check within the `shopire admin install plugin()` function. Attackers with Subscriber-level access or higher can install the 'fable-extra' plugin. **Recommendations** Update the Shopire theme to version 1.0.58 or later.