Oiiwroo

**Name of the Vulnerable Software and Affected Versions** Discourse versions prior to the latest version **Description** Discourse is an open source platform for community discussion. In affected versions, an attacker can trick a target user to make changes to their own username via a carefully crafted link using the `activate-account` route. **Recommendations** For versions prior to the latest version, update to the latest version of Discourse to resolve the issue. As a temporary workaround, consider restricting access to the `activate-account` route until the update is applied.

**Name of the Vulnerable Software and Affected Versions** Frappe versions prior to 14.66.3 Frappe versions prior to 15.16.0 **Description** Frappe is a full-stack web application framework. The issue allows file permission to be bypassed using certain endpoints, granting less privileged users permission to delete or clone a file. **Recommendations** For versions prior to 14.66.3, update to version 14.66.3 or later to resolve the issue. For versions prior to 15.16.0, update to version 15.16.0 or later to resolve the issue.