Q

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 148.0.7778.168 **Description** An integer overflow in Skia allows a remote attacker who has compromised the renderer process to perform an out-of-bounds memory write by using a crafted HTML page. An integer overflow occurs when an arithmetic operation attempts to create a numeric value that is outside of the range that can be represented with a given number of digits. **Recommendations** Update to version 148.0.7778.168 or later.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 147.0.7727.138 **Description** A type confusion issue exists in V8, the JavaScript and WebAssembly engine used by Google Chrome. This flaw allows a remote attacker to execute arbitrary code within a sandbox by enticing a user to open a specially crafted HTML page. **Recommendations** Update to version 147.0.7727.138 or later.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 147.0.7727.138 **Description** A use after free issue in Navigation allows a remote attacker to execute arbitrary code via a crafted HTML page. Use after free is a memory corruption flaw that occurs when an application continues to use a pointer after it has been freed. **Recommendations** Update to version 147.0.7727.138 or later.

**Name of the Vulnerable Software and Affected Versions** Radware AlteonOS Web UI Management version 33.0.4.50 **Description** A security issue exists in the Administrative interface of Radware AlteonOS Web UI Management. An attacker with authentication can inject a crafted payload into the `Description` parameter, potentially leading to the execution of arbitrary web scripts or HTML. This is a cross-site scripting (XSS) issue. **Recommendations** Apply a fix for Radware AlteonOS Web UI Management version 33.0.4.50.

Name of the Vulnerable Software and Affected Versions: AVSCMS version 8.2.0 Description: The issue is related to weak default credentials for the Administrator account. Recommendations: For AVSCMS version 8.2.0, change the default credentials of the Administrator account to strong, unique credentials as soon as possible to mitigate the risk.

**Name of the Vulnerable Software and Affected Versions** Hongcms versions 4.0.0 **Description** The issue is related to a path traversal vulnerability in the /hcms/admin/index.php/language/ajax component of the Hongcms content management system. This vulnerability can be exploited by a remote attacker to view, edit, and delete arbitrary files using a specially crafted POST request to the "hcms/admin/index.php/language/ajax" endpoint. The `language` and `ajax` parameters are involved in the vulnerability, but specific details about vulnerable parameters or variables are not provided. **Recommendations** For Hongcms version 4.0.0, update to a version that includes a fix for this issue, as the current version allows remote attackers to manipulate files. At the moment, there is no information about a newer version that contains a fix for this vulnerability.