Mhzcyber

**Name of the Vulnerable Software and Affected Versions** Bagisto versions prior to 2.3.10 **Description** Bagisto, an open source Laravel eCommerce platform, has an issue where API routes remain active even after the initial installation is complete. The API endpoints (`/install/api/*`) are directly accessible and exploitable without authentication. This allows an unauthenticated attacker to bypass the installer and create admin accounts, modify application configurations, and potentially overwrite existing data. **Recommendations** Update to version 2.3.10 or later.

**Name of the Vulnerable Software and Affected Versions** libgepub (affected versions not specified) **Description** A flaw in libgepub causes the software to mishandle file size calculations when opening specially crafted EPUB files, leading to incorrect memory allocations. This results in the application crashing. The issue may affect applications that use libgepub to parse user-supplied EPUB content, potentially leading to a denial of service. Known affected usage includes desktop services like Tumbler, which may process malicious files automatically when browsing directories. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.