R00Tuser

Name of the Vulnerable Software and Affected Versions farion1231 cc-switch versions through 3.12.3 Description A security flaw exists in farion1231 cc-switch up to version 3.12.3. The issue is related to some unknown functionality within the `src-tauri/src/proxy/server.rs` file of the ProxyServer component, resulting in a permissive cross-domain policy with untrusted domains. This attack can be executed remotely and the exploit has been publicly released. Recommendations Update farion1231 cc-switch to a version later than 3.12.3.

**Name of the Vulnerable Software and Affected Versions** GeekAI versions up to 4.2.4 **Description** A flaw exists in GeekAI that allows for server-side request forgery. The issue is related to the `Download` function within the `api/handler/net handler.go` file. Manipulation of the `url` argument in this function can lead to exploitation. Remote exploitation is possible, and an exploit has been published. The project was notified of the issue but has not yet responded. **Recommendations** Versions prior to 4.2.4 are affected. At the moment, there is no information about a newer version that contains a fix for this vulnerability.