Patrick

**Name of the Vulnerable Software and Affected Versions** advanced-custom-fields plugin versions prior to 5.7.8 **Description** The issue allows authors to perform cross-site scripting (XSS) attacks. **Recommendations** For versions prior to 5.7.8, update to version 5.7.8 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Serv-U FTP server versions 4.x through 5.x **Description** The issue allows remote attackers to cause a denial of service, resulting in an application crash. This can be achieved by sending a STORE UNIQUE (STOU) command with specific MS-DOS device name arguments, such as `COM1`, `LPT1`, `PRN`, or `AUX`. **Recommendations** For Serv-U FTP server versions 4.x through 5.x, consider disabling the STORE UNIQUE (STOU) command as a temporary workaround until a patch is available. Restrict access to the server to minimize the risk of exploitation.