Pyroxenites

**Name of the Vulnerable Software and Affected Versions** Termix versions 1.7.0 through 1.9.0 **Description** Termix is a web-based server management platform offering SSH terminal, tunneling, and file editing features. A Stored Cross-Site Scripting (XSS) issue exists in the Termix File Manager component due to insufficient sanitization of SVG file content before rendering. An attacker who has gained access to a managed SSH server can place a malicious file that, when previewed by a Termix user, will execute arbitrary JavaScript within the application's context. The vulnerable component is located in `src/ui/desktop/apps/file-manager/components/FileViewer.tsx`. **Recommendations** Update to version 1.10.0 or later.

**Name of the Vulnerable Software and Affected Versions** StreamVault versions prior to 251126 **Description** StreamVault is a video download integration solution. A Remote Code Execution (RCE) issue exists in the stream-vault application (SpiritApplication). The application does not properly validate administrator-configured yt-dlp arguments through the `/admin/api/saveConfig` API endpoint. These arguments are stored and later used in `YtDlpUtil.java` when constructing the command line for executing yt-dlp. This allows for potential command execution. The vulnerable parameter is `ytdlpargs`. **Recommendations** Versions prior to 251126 should be updated to version 251126 or later.