Lu1U

**Name of the Vulnerable Software and Affected Versions** atlaszz AI Photo Team Galleryit App version 1.3.8.2 **Description** A path traversal weakness exists in the gallery component (`gallery.photogallery.pictures.vault.album`) of the affected software. This manipulation can be initiated locally. The exploit for this issue has been publicly released. The vendor was informed of the issue but did not provide a response. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Municorn FAX App version 3.27.0 **Description** A path traversal issue exists in Municorn FAX App 3.27.0 on Android. The issue affects unknown code within the `biz.faxapp.app` component. Local exploitation is possible. The vulnerability has been publicly disclosed. The vendor was notified but did not respond. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Smartbit CommV Smartschool App versions up to 10.4.4 **Description** A flaw exists in Smartbit CommV Smartschool App, potentially allowing path traversal. The issue impacts an unknown function within the `be.smartschool.mobile.SplashActivity` component and requires local access for exploitation. The exploit has been published. The vendor was contacted regarding this disclosure but did not respond. **Recommendations** Update Smartbit CommV Smartschool App to a version newer than 10.4.4.

**Name of the Vulnerable Software and Affected Versions** Jehovahs Witnesses JW Library App versions up to 15.5.1 **Description** A path traversal issue exists in the Jehovahs Witnesses JW Library App on Android, affecting the component `org.jw.jwlibrary.mobile.activity.SiloContainer`. Exploitation of this issue requires local access. The exploit has been publicly disclosed. **Recommendations** Update to a version later than 15.5.1.

**Name of the Vulnerable Software and Affected Versions** Rarlab RAR App versions up to 7.11 Build 127 **Description** A security issue exists in the component `com.rarlab.rar` of Rarlab RAR App on Android. This allows for path traversal, potentially enabling remote attacks. Exploitation is considered highly complex and difficult, but the exploit has been publicly disclosed. The issue specifically affects RAR for Android and does not impact WinRAR or Unix RAR versions. **Recommendations** Upgrade to version 7.20 build 128 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Rareprob HD Video Player All Formats App version 12.1.372 **Description** A security issue exists in Rareprob HD Video Player All Formats App version 12.1.372 on Android. The issue involves path traversal within the component `com.rocks.music.videoplayer` due to manipulation of an unknown function. The attack requires local access. The exploit has been publicly disclosed. The vendor was notified but did not respond. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.