Maciej Kawka

**Name of the Vulnerable Software and Affected Versions** The product name cannot be determined (affected versions not specified) **Description** An incorrectly placed cast from bytes to int in the AES-GCM packet decoder allows for a server-side panic when processing well-crafted inputs. A server-side panic is a critical error that causes the application to crash unexpectedly. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Versions prior to 2025-62503 **Description** A user possessing CREATE privilege but lacking UPDATE privilege for Pools, Connections, and Variables can modify existing records through the bulk create API utilizing the overwrite action. This allows unauthorized modification of data despite insufficient permissions. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.