Nathaniel Oh

**Name of the Vulnerable Software and Affected Versions** Google Chrome on Mac versions prior to 148.0.7778.168 **Description** A heap buffer overflow in ANGLE allows a remote attacker to potentially perform a sandbox escape by using a crafted HTML page. A heap buffer overflow occurs when a program writes more data to a buffer allocated on the heap than it can hold, potentially leading to memory corruption. **Recommendations** Update to version 148.0.7778.168 or later.

**Name of the Vulnerable Software and Affected Versions** iOS versions prior to 26.5 iPadOS versions prior to 26.5 macOS Tahoe versions prior to 26.5 tvOS versions prior to 26.5 visionOS versions prior to 26.5 watchOS versions prior to 26.5 **Description** Processing maliciously crafted web content may lead to an unexpected process crash due to improper memory handling. **Recommendations** Update iOS to version 26.5. Update iPadOS to version 26.5. Update macOS Tahoe to version 26.5. Update tvOS to version 26.5. Update visionOS to version 26.5. Update watchOS to version 26.5.

**Name of the Vulnerable Software and Affected Versions** iOS versions prior to 18.7.9 iOS versions prior to 26.5 iPadOS versions prior to 18.7.9 iPadOS versions prior to 26.5 macOS Sequoia versions prior to 15.7.7 macOS Sonoma versions prior to 14.8.7 macOS Tahoe versions prior to 26.5 tvOS versions prior to 26.5 visionOS versions prior to 26.5 watchOS versions prior to 26.5 **Description** An app may be able to disclose kernel memory due to improper memory handling. **Recommendations** Update iOS to version 18.7.9 or 26.5. Update iPadOS to version 18.7.9 or 26.5. Update macOS Sequoia to version 15.7.7. Update macOS Sonoma to version 14.8.7. Update macOS Tahoe to version 26.5. Update tvOS to version 26.5. Update visionOS to version 26.5. Update watchOS to version 26.5.

**Name of the Vulnerable Software and Affected Versions** macOS versions prior to Tahoe 26.3 iOS versions prior to 18.7.5 iPadOS versions prior to 18.7.5 visionOS versions prior to 26.3 Safari versions prior to 26.3 **Description** The issue involves improved memory handling. A remote attacker may be able to cause a denial-of-service. **Recommendations** Update macOS to version Tahoe 26.3. Update iOS to version 18.7.5. Update iPadOS to version 18.7.5. Update visionOS to version 26.3. Update Safari to version 26.3.

**Name of the Vulnerable Software and Affected Versions** macOS Sequoia versions prior to 15.7 macOS Sonoma versions prior to 14.8 macOS Tahoe versions prior to 26 iOS versions prior to 18.7 iPadOS versions prior to 18.7 **Description** A denial-of-service issue was addressed with improved validation. An app may be able to cause a denial-of-service. **Recommendations** Update macOS to version 15.7 or later. Update macOS to version 14.8 or later. Update macOS to version 26 or later. Update iOS to version 18.7 or later. Update iPadOS to version 18.7 or later.

**Name of the Vulnerable Software and Affected Versions** macOS Sequoia versions prior to 15.7 macOS Sonoma versions prior to 14.8 macOS Tahoe versions prior to 26 iOS versions prior to 18.7 iPadOS versions prior to 18.7 **Description** A denial-of-service issue was addressed with improved validation. An app may be able to cause a denial-of-service. **Recommendations** Update macOS to version 15.7 or later. Update macOS to version 14.8 or later. Update macOS to version 26 or later. Update iOS to version 18.7 or later. Update iPadOS to version 18.7 or later.

**Name of the Vulnerable Software and Affected Versions** macOS versions prior to Sequoia 15.7 macOS versions prior to Sonoma 14.8 macOS versions prior to Tahoe 26 **Description** The issue was addressed with improved bounds checks. Processing a maliciously crafted string may lead to heap corruption. **Recommendations** Update to macOS Sequoia 15.7 or later. Update to macOS Sonoma 14.8 or later. Update to macOS Tahoe 26 or later.

**Name of the Vulnerable Software and Affected Versions** Xcode versions prior to 26 **Description** A path handling issue was addressed with improved validation. Processing an overly large path value may crash a process. **Recommendations** Update to Xcode version 26.

**Name of the Vulnerable Software and Affected Versions** Xcode version 26 **Description** Processing an overly large path value may crash a process. This issue is fixed with improved checks. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Car Demon plugin for WordPress versions up to, and including, 1.8.1 **Description** The Car Demon plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the `search condition` parameter due to insufficient input sanitization and output escaping. This allows unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. **Recommendations** For Car Demon plugin for WordPress versions up to, and including, 1.8.1, update to a version later than 1.8.1 to resolve the issue. As a temporary workaround, consider restricting access to the `search condition` parameter to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** The Product Table for WooCommerce by CodeAstrology plugin for WordPress versions up to, and including, 3.5.1 **Description** The issue allows unauthenticated attackers to expose sensitive information via the `var dump table` parameter. This makes it possible for attackers to access sensitive data. **Recommendations** For versions up to, and including, 3.5.1, update to a version later than 3.5.1 to resolve the issue. As a temporary workaround, consider restricting access to the `var dump table` parameter until a patch is available.

**Name of the Vulnerable Software and Affected Versions** WPFunnels plugin for WordPress versions prior to 3.5.5 **Description** The issue is related to Reflected Cross-Site Scripting due to insufficient input sanitization and output escaping via the `post id` parameter. This allows unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. **Recommendations** For versions prior to 3.5.5, upgrade to version 3.5.5 or later to fully patch the issue. As a temporary workaround, consider restricting access to the `post id` parameter to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** 5280 Bootstrap Modal Contact Form plugin for WordPress versions up to, and including, 1.0 **Description** The issue is due to missing or incorrect nonce validation in class-sbmm-list-table.php, making it possible for unauthenticated attackers to bulk delete messages via a forged request if they can trick a site administrator into performing an action such as clicking on a link. **Recommendations** For versions up to, and including, 1.0, consider disabling the `class-sbmm-list-table.php` file or restricting its functionality until a patch is available to prevent bulk deletion of messages. As a temporary workaround, restrict access to the plugin's functionality to minimize the risk of exploitation. Avoid using the plugin until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** AA Cash Calculator plugin for WordPress version 1.0 and earlier **Description** The issue is related to Reflected Cross-Site Scripting via the `invoice` parameter due to insufficient input sanitization and output escaping. This allows unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. **Recommendations** For versions up to and including 1.0, consider disabling the `invoice` parameter until a patch is available to prevent exploitation. Restrict access to the affected plugin to minimize the risk of exploitation. Avoid using the `invoice` parameter in affected pages until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** BizCalendar Web plugin for WordPress versions up to, and including, 1.1.0.19 **Description** The issue is related to Reflected Cross-Site Scripting due to insufficient input sanitization and output escaping. This allows unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. The `tab` parameter is specifically vulnerable to this issue. **Recommendations** For versions up to, and including, 1.1.0.19, avoid using the `tab` parameter in affected pages until a fix is available. As a temporary workaround, consider implementing proper input sanitization and output escaping for the `tab` parameter to prevent arbitrary web script injection.

**Name of the Vulnerable Software and Affected Versions** Blue Triad EZAnalytics plugin for WordPress versions up to, and including, 1.0 **Description** The issue allows unauthenticated attackers to inject arbitrary web scripts in pages due to insufficient input sanitization and output escaping via the `bt webid` parameter. This can be exploited if an attacker can trick a user into performing an action such as clicking on a link. **Recommendations** For versions up to, and including, 1.0, consider disabling the `bt webid` parameter until a patch is available to prevent exploitation. Restrict access to the affected plugin to minimize the risk of arbitrary web script injection. Avoid using the `bt webid` parameter in affected pages until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** The Landing Page Cat – Coming Soon Page, Maintenance Page & Squeeze Pages plugin for WordPress versions up to, and including, 1.7.2 **Description** The issue allows unauthenticated attackers to access landing pages that may not be public, potentially exposing sensitive information. This is made possible by a Sensitive Information Exposure vulnerability in the plugin. **Recommendations** For versions up to, and including, 1.7.2, update to a version later than 1.7.2 to resolve the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Affiliates Manager plugin for WordPress versions up to, and including, 2.9.34 **Description** The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on the `process bulk action` function in `ListAffiliatesTable.php`. This allows unauthenticated attackers to delete affiliates via a forged request if they can trick a site administrator into performing an action such as clicking on a link. **Recommendations** For versions up to, and including, 2.9.34, update to a version later than 2.9.34 to resolve the issue. As a temporary workaround, consider disabling the `process bulk action` function in `ListAffiliatesTable.php` until a patch is available.