Lime

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 131.0.6778.139 **Description** The issue is related to a use after free vulnerability in the Translate component of Google Chrome, which can be exploited by a remote attacker to potentially impact the confidentiality, integrity, and availability of protected information. This can be achieved via a crafted HTML page, allowing the attacker to exploit heap corruption. **Recommendations** For Google Chrome versions prior to 131.0.6778.139, update to version 131.0.6778.139 or later to resolve the issue. As a temporary workaround, consider avoiding the use of the Translate component until the update is applied.

**Name of the Vulnerable Software and Affected Versions** Codezips Hospital Appointment System version 1.0 **Description** A critical issue has been found in the processing of the file /editBranchResult.php, where the manipulation of the `ID` argument leads to SQL injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. **Recommendations** For Codezips Hospital Appointment System version 1.0, consider disabling the /editBranchResult.php file or restricting access to it until a patch is available. As a temporary workaround, avoid using the `ID` argument in the affected file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** 1000 Projects Bookstore Management System version 1.0 **Description** A critical issue has been found in the 1000 Projects Bookstore Management System, affecting unknown code in the file book detail.php. The manipulation of the `id` argument leads to SQL injection. This issue can be initiated remotely. **Recommendations** For version 1.0, update to the latest version to mitigate risks. As a temporary workaround, consider restricting access to the `book detail.php` file until a patch is available. Avoid using the `id` argument in the affected file until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Codezips Online Institute Management System versions up to 1.0 **Description** A critical vulnerability was found in the Codezips Online Institute Management System. This issue affects unknown code of the file /profile.php. The manipulation of the `old image` argument leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. **Recommendations** For versions up to 1.0, as a temporary workaround, consider disabling the file upload functionality in the /profile.php file until a patch is available. Restrict access to the /profile.php file to minimize the risk of exploitation. Avoid using the `old image` argument in the affected file until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 128.0.6613.137 Microsoft Edge (affected versions not specified) **Description** The issue is related to a use after free in the Autofill function, which can be exploited by a remote attacker to potentially corrupt the heap via a crafted HTML page. This could impact the confidentiality, integrity, and availability of protected information. **Recommendations** For Google Chrome versions prior to 128.0.6613.137, update to version 128.0.6613.137 or later to resolve the issue. For Microsoft Edge, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Google Chrome on Android versions prior to 128.0.6613.137 Microsoft Edge (affected versions not specified) **Description** The issue is related to a use after free vulnerability in the Media Router component of Google Chrome on Android and Microsoft Edge browsers. This vulnerability can be exploited by a remote attacker, potentially allowing them to impact the confidentiality, integrity, and availability of protected information. The exploitation can occur via a crafted HTML page, potentially leading to heap corruption. **Recommendations** For Google Chrome on Android versions prior to 128.0.6613.137, update to version 128.0.6613.137 or later to resolve the issue. For Microsoft Edge, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 130.0.6723.58 **Description** The issue is related to a use-after-free vulnerability in the user interface of Google Chrome on iOS. This vulnerability can be exploited by a remote attacker who convinces a user to engage in specific UI gestures, potentially allowing the attacker to exploit heap corruption via a crafted HTML page. The estimated severity of this issue is medium. **Recommendations** For Google Chrome versions prior to 130.0.6723.58, update to version 130.0.6723.58 or later to resolve the issue. As a temporary workaround, consider avoiding the use of specific UI gestures that may trigger the vulnerability until a patch is applied. Restrict access to crafted HTML pages to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 130.0.6723.58 Microsoft Edge (affected versions not specified) **Description** The issue is related to a use after free in ParcelTracking, which can be exploited by a remote attacker who convinces a user to engage in specific UI gestures, potentially leading to heap corruption via a crafted HTML page. This could impact the confidentiality, integrity, and availability of protected information. **Recommendations** For Google Chrome versions prior to 130.0.6723.58, update to version 130.0.6723.58 or later to resolve the issue. For Microsoft Edge, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 127.0.6533.99 Microsoft Edge (affected versions not specified) **Description** The issue is related to a use after free flaw in the Sharing component, which could allow a remote attacker to potentially exploit heap corruption via a crafted HTML page. This may enable the attacker to execute arbitrary code. The severity of this issue is considered high. **Recommendations** For Google Chrome versions prior to 127.0.6533.99, update to version 127.0.6533.99 or later to resolve the issue. For Microsoft Edge, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 127.0.6533.72 Microsoft Edge (affected versions not specified) **Description** The issue is related to a use after free in the Downloads component, which can be exploited by a remote attacker to potentially corrupt the heap via a crafted HTML page. This could allow an attacker to execute arbitrary code. The vulnerability is considered high severity. **Recommendations** For Google Chrome versions prior to 127.0.6533.72, update to version 127.0.6533.72 or later to resolve the issue. For Microsoft Edge, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 126.0.6478.182 Microsoft Edge (affected versions not specified) **Description** The issue is related to a use after free vulnerability in the Screen Capture function, which can be exploited by a remote attacker using a crafted HTML page. This could potentially lead to heap corruption, allowing the attacker to gain unauthorized access to protected information, execute arbitrary code, or cause a denial of service. The attacker must convince a user to engage in specific UI gestures to exploit the vulnerability. **Recommendations** For Google Chrome versions prior to 126.0.6478.182, update to version 126.0.6478.182 or later to resolve the issue. For Microsoft Edge, at the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting access to the Screen Capture function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 126.0.6478.182 Microsoft Edge (affected versions not specified) **Description** The issue is related to a use after free vulnerability in the Audio component of Google Chrome and Microsoft Edge browsers. This vulnerability can be exploited by a remote attacker using a specially crafted HTML page, potentially allowing them to access protected information, execute arbitrary code, or cause a denial of service by exploiting heap corruption. **Recommendations** For Google Chrome versions prior to 126.0.6478.182, update to version 126.0.6478.182 or later to resolve the issue. For Microsoft Edge, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** macOS Sonoma versions prior to 14.3 watchOS versions prior to 10.3 tvOS versions prior to 17.3 iOS versions prior to 17.3 iPadOS versions prior to 17.3 **Description** The issue is related to improved memory handling and may allow an app to execute arbitrary code with kernel privileges. This is due to a buffer overflow in the kernel of Mac OS, tvOS, watchOS, iOS, and iPadOS, which can be exploited to elevate privileges, execute arbitrary code, or cause a denial of service. **Recommendations** For macOS Sonoma versions prior to 14.3, update to macOS Sonoma 14.3 or later. For watchOS versions prior to 10.3, update to watchOS 10.3 or later. For tvOS versions prior to 17.3, update to tvOS 17.3 or later. For iOS versions prior to 17.3, update to iOS 17.3 or later. For iPadOS versions prior to 17.3, update to iPadOS 17.3 or later.

**Name of the Vulnerable Software and Affected Versions** Zoo Management System version 1.0 **Description** The issue is related to an arbitrary file upload vulnerability. This vulnerability is located in the picture upload point of the `gallery` file of the `Gallery` module in the background management system. **Recommendations** For Zoo Management System version 1.0, consider restricting access to the `gallery` file in the `Gallery` module to minimize the risk of exploitation. As a temporary workaround, avoid using the picture upload feature in the background management system until a fix is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Online Pet Shop We App version 1.0 **Description** The issue is related to SQL Injection via the "/pet shop/classes/Master.php?f=delete category,id" endpoint. This allows for potential exploitation. **Recommendations** For Online Pet Shop We App version 1.0, as a temporary workaround, consider restricting access to the "/pet shop/classes/Master.php" endpoint until a patch is available. Avoid using the `id` parameter in the affected endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Online Pet Shop We App version 1.0 **Description** The issue is related to SQL injection via the /pet shop/classes/Master.php endpoint, specifically when the `f` parameter is set to `delete sub category` and the `id` variable is used. This allows for potential exploitation. No information is provided about the estimated number of potentially affected devices or real-world incidents. **Recommendations** For Online Pet Shop We App version 1.0, consider restricting access to the /pet shop/classes/Master.php endpoint, specifically when the `f` parameter is set to `delete sub category`, to minimize the risk of exploitation. Avoid using the `id` variable in this endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Online Pet Shop We App version 1.0 **Description** The issue concerns a SQL injection vulnerability. It can be exploited via the /pet shop/classes/Master.php endpoint, specifically through the `f` and `id` parameters. There is no information provided about the estimated number of potentially affected devices worldwide or real-world incidents where this issue was exploited. **Recommendations** For Online Pet Shop We App version 1.0, consider restricting access to the /pet shop/classes/Master.php endpoint to minimize the risk of exploitation. Avoid using the `f` and `id` parameters in this endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.