Marcin Nowak

**Name of the Vulnerable Software and Affected Versions** mkscripts Download After Email versions through 2.1.6 **Description** The software contains a missing authorization issue in the download-after-email functionality. This allows exploitation due to incorrectly configured access control security levels. **Recommendations** Versions prior to 2.1.6 should be updated.

**Name of the Vulnerable Software and Affected Versions** Dropbear SSH versions prior to 2025.88 **Description** The issue allows command injection via an untrusted hostname argument, because a shell is used. This occurs when the `dbclient` in Dropbear SSH is used with an untrusted hostname. **Recommendations** For versions prior to 2025.88, update to version 2025.88 or later to resolve the issue. As a temporary workaround, consider validating and sanitizing all hostname arguments to prevent command injection. Restrict access to the `dbclient` until the issue is resolved.