Mohin Paramasivam

**Name of the Vulnerable Software and Affected Versions** Sentry version 8.2.0 **Description** Authenticated superusers can execute arbitrary commands with application privileges by injecting malicious pickle-serialized objects. This is achieved by submitting crafted POST requests to the 'admin audit log' endpoint containing base64-encoded compressed pickle payloads within the `data` parameter. Pickle is a Python module used for serializing and deserializing objects, which can lead to code execution if untrusted data is processed. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Survey & Poll version 1.5.7.3 **Description** An SQL injection allows unauthenticated attackers to execute arbitrary SQL queries. This is achieved by injecting malicious code through the `wp sap` cookie parameter, enabling the extraction of sensitive database information such as usernames, passwords, and other confidential data. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.