Nikolas-Ch

Name of the Vulnerable Software and Affected Versions: Avigilon ACM version 7.10.0.20 Description: A CSV injection vulnerability exists in the `/id profiles` API endpoint of the software. This allows attackers to execute arbitrary code by supplying a crafted Excel file. Recommendations: As a temporary workaround, consider restricting access to the `/id profiles` API endpoint until a fix is available.

**Name of the Vulnerable Software and Affected Versions** Avigilon ACM version 7.10.0.20 **Description** A Host Header Injection issue exists in Avigilon ACM version 7.10.0.20. This allows attackers to potentially execute arbitrary code by providing a specially crafted URL. The vulnerability is triggered by manipulating the Host header in HTTP requests. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: N8N versions 1.95.3, 1.100.1, and 1.101.1 Description: An arbitrary file upload vulnerability exists in the Chat Trigger component of N8N. This allows attackers to execute arbitrary code by uploading a crafted HTML file. Recommendations: Update N8N to a version newer than 1.95.3. Update N8N to a version newer than 1.100.1. Update N8N to a version newer than 1.101.1.

Name of the Vulnerable Software and Affected Versions: Adform Site Tracking version 1.1 Description: Adform Site Tracking version 1.1 is susceptible to HTML injection and arbitrary code execution through cookie hijacking. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Sentry versions 25.1.0 through 25.5.1 Description: The issue allows an authenticated attacker to access a project's issue endpoint and perform unauthorized actions, such as adding a comment, without being a member of the project's team. This can be done if the attacker knows a seven-digit issue ID, which is not treated as a secret and might be mentioned publicly or predicted. Recommendations: For Sentry versions 25.1.0 through 25.5.1, consider restricting access to the issue endpoint until a patch is available. As a temporary workaround, avoid using the issue endpoint for sensitive projects until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** LearnDash version 6.7.1 **Description** A stored Cross-Site Scripting (XSS) issue was found in the ld-comment-body class. This allows for malicious scripts to be stored and executed on the site, potentially affecting user sessions. **Recommendations** For LearnDash version 6.7.1, update to a newer version that contains a fix for this issue, as using outdated software can pose significant security risks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** LearnDash version 6.7.1 **Description** A stored Cross-Site Scripting (XSS) issue was discovered in the materials-content class. This issue allows for malicious scripts to be stored and executed on the site, potentially affecting user sessions. **Recommendations** For LearnDash version 6.7.1, update to a newer version that contains a fix for this issue, as using outdated versions may expose users to stored XSS attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.