M3X1

**Name of the Vulnerable Software and Affected Versions** router-for-me CLIProxyAPI version 6.9.29 **Description** An issue exists in the API Interface component within the file internal/api/handlers/management/api tools.go. Manipulation of the `url` argument allows for server-side request forgery (SSRF), a flaw where an attacker can induce the server to make requests to an unintended location. This can be exploited remotely. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** TaleLin Lin-CMS versions up to 0.6.0 **Description** A security issue exists in TaleLin Lin-CMS. The issue involves the manipulation of the `username`/`password` arguments, potentially leading to exposure of passwords within the configuration file located at '/tests/config.py' in the Tests Folder component. The attack can be carried out remotely, but requires a high level of complexity and is considered difficult to exploit. The exploit has been publicly disclosed. **Recommendations** Versions prior to 0.6.0 should be updated.