Mrdgef

**Name of the Vulnerable Software and Affected Versions** Trilium Notes versions prior to 0.102.2 **Description** A malicious ZIP archive imported with safe import enabled can lead to remote code execution (RCE) and cross-site scripting (XSS). This is achieved through path traversal using the `#docName` label. An attacker combines a payload note (type: code, mime: text/plain) containing raw HTML/JS with a trigger note (type: doc or type: launcher). The trigger note uses `../` path traversal in the `#docName` label to point to the payload note's API endpoint. Because the desktop client Electron renderer runs with `nodeIntegration` enabled, the RCE is triggered upon execution of the payload. **Recommendations** Update to version 0.102.2.

**Name of the Vulnerable Software and Affected Versions** Pangolin versions 1.6.2 and earlier **Description** An authentication bypass exists in Pangolin versions 1.6.2 and before due to an insecure default configuration. This allows attackers to access Pangolin resources. **Recommendations** Update Pangolin to a version later than 1.6.2.

**Name of the Vulnerable Software and Affected Versions** Fossorial fosrl/pangolin versions prior to 1.6.3 **Description** An issue allows a remote attacker to escalate privileges through the two-factor authentication (2FA) component. **Recommendations** Update to a version prior to 1.6.3.

**Name of the Vulnerable Software and Affected Versions** Trilium Notes versions prior to 0.97.0 **Description** Trilium Notes is a cross-platform hierarchical note taking application. A brute-force protection bypass in the initial sync seed retrieval endpoint allows unauthenticated attackers to guess the login password without triggering rate limiting. The application is single-user and does not require a username. The application can be exposed to the internet due to features like multi-factor authentication and note sharing. **Recommendations** Update to version 0.97.0 or later.

**Name of the Vulnerable Software and Affected Versions** spatie/browsershot versions prior to 5.0.5 **Description** The issue is related to improper input validation in the `setHtml` function, which can be bypassed by omitting slashes in the file URI, such as `file:../../../../etc/passwd`. This is due to missing validations of user input that should block file URI schemes, like `file://` and `file:/`, in the HTML content. The `Browsershot::html()` function invokes the vulnerable `setHtml` function. **Recommendations** For spatie/browsershot versions prior to 5.0.5, consider updating to version 5.0.5 or later to resolve the issue. As a temporary workaround, consider validating user input to block file URI schemes in the HTML content to minimize the risk of exploitation. Restrict the use of the `setHtml` function until a patch is applied.