Lagongit

Name of the Vulnerable Software and Affected Versions InvoiceShelf versions prior to 2.2.0 Description InvoiceShelf is a web and mobile application used for expense tracking, payments, invoice creation, and estimates. A Server-Side Request Forgery (SSRF) exists in the Estimate PDF generation module in versions prior to 2.2.0. User-supplied HTML within the estimate Notes field is passed without sanitization to the Dompdf rendering library, allowing it to fetch remote resources referenced in the HTML markup. The vulnerability is exploitable through the PDF preview and customer view endpoints. Recommendations Update to version 2.2.0 or later.

Name of the Vulnerable Software and Affected Versions InvoiceShelf versions prior to 2.2.0 Description InvoiceShelf is a web and mobile application used for expense tracking, payments, and invoice/estimate creation. A Server-Side Request Forgery (SSRF) exists in the Payment receipt PDF generation module in versions prior to 2.2.0. User-supplied HTML within the payment Notes field is passed without sanitization to the Dompdf rendering library, allowing it to fetch remote resources referenced in the markup. The vulnerability is exploitable through the PDF receipt endpoint, regardless of email attachment settings. Recommendations Update to version 2.2.0 or later.

Name of the Vulnerable Software and Affected Versions InvoiceShelf versions prior to 2.2.0 Description InvoiceShelf is a web and mobile application for tracking expenses, payments, and creating invoices and estimates. A Server-Side Request Forgery (SSRF) vulnerability exists in the Invoice PDF generation module in versions prior to 2.2.0. User-supplied HTML within the invoice Notes field is passed without sanitization to the Dompdf rendering library, allowing it to fetch remote resources referenced in the HTML markup. This can be triggered through the PDF preview and email delivery endpoints. Recommendations Update to version 2.2.0 or later.

**Name of the Vulnerable Software and Affected Versions** AnythingLLM versions prior to 1.10.0 **Description** AnythingLLM is an application that converts content into context for use with Large Language Models (LLMs). If configured to use Qdrant as the vector database with an API key, versions prior to 1.10.0 expose the `QdrantApiKey` in plain text to unauthenticated users via the `/api/setup-complete` endpoint. Compromise of the `QdrantApiKey` grants an unauthenticated attacker full read/write access to the Qdrant vector database instance used by AnythingLLM, potentially leading to the leakage of confidential uploaded documents. **Recommendations** Update to version 1.10.0 or later.