Millad7

**Name of the Vulnerable Software and Affected Versions** SOGo Webmail versions through 5.6.0 **Description** An Insecure Direct Object Reference (IDOR) vulnerability allows an authenticated user to send emails on behalf of other users by manipulating a user-controlled identifier in the email-sending request. The server does not verify if the authenticated user is authorized to use the specified sender identity, leading to unauthorized message delivery. This can result in impersonation, phishing, or unauthorized communication. **Recommendations** Update SOGo Webmail to a version newer than 5.6.0.

**Name of the Vulnerable Software and Affected Versions** Axelor version 5.2.4 **Description** A Boolean-based SQL injection issue exists in Axelor version 5.2.4 through the ` domain` parameter. An attacker can manipulate the SQL query logic and determine true/false conditions, potentially leading to data exposure or further exploitation. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Flask-AppBuilder versions prior to 4.5.3 **Description** The issue allows unauthenticated users to enumerate existing usernames by timing the response time from the server when brute forcing requests to login. **Recommendations** For versions prior to 4.5.3, update to version 4.5.3 to resolve the issue.