Nicocha30

**Name of the Vulnerable Software and Affected Versions** Unraid (affected versions not specified) **Description** A path traversal flaw exists in the Unraid update request handling mechanism. This issue could allow for remote code execution. The vulnerability is related to the handling of update requests, potentially allowing an attacker to traverse file paths and execute arbitrary code on the system. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Unraid (affected versions not specified) **Description** A path traversal authentication bypass issue exists in Unraid’s authentication request process. This allows remote attackers to bypass authentication on affected systems without needing to authenticate. The flaw is located in the `auth-request.php` file and is due to insufficient validation of a user-supplied path before it is used during authentication. An attacker can exploit this to bypass authentication on the system. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** IceWarp Servers (affected versions not specified) **Description** IceWarp Servers are experiencing a directory traversal issue that allows unauthorized disclosure of sensitive information. This issue is being actively exploited and does not require authentication. The exploitation is potentially linked to the FANCY BEAR threat actor. The vulnerability allows remote attackers to access sensitive data through a directory traversal mechanism. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** NetAlertX version 25.4.13 and earlier **Description** NetAlertX is a network, presence scanner and alert framework. Prior to version 25.4.14, it is possible to bypass the authentication mechanism of NetAlertX to update settings without authentication. An attacker can trigger sensitive functions within `util.php` by sending crafted requests to "/index.php". **Recommendations** For versions prior to 25.4.14, update to version 25.4.14 or later to resolve the issue. As a temporary workaround, consider restricting access to the "/index.php" endpoint to minimize the risk of exploitation. Additionally, avoid using sensitive functions within `util.php` until the issue is resolved.