Rahul Kadavil

A stored cross-site scripting (XSS) vulnerability in Bynder v0.1.394 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.

**Name of the Vulnerable Software and Affected Versions** TCPWave DDI version 11.34P1C2 **Description** The issue allows for Remote Code Execution via Unrestricted File Upload combined with Path Traversal. **Recommendations** For TCPWave DDI version 11.34P1C2, consider restricting access to file upload functionality to minimize the risk of exploitation until a patch is available.

Name of the Vulnerable Software and Affected Versions: Vegam 4i versions 6.3.47.0 and earlier Description: A Local File Inclusion issue allows a remote attacker to obtain sensitive information through the print label function. The `filePathList` parameter is susceptible to this issue, enabling a malicious user to include files from the web server, such as `web.config` or `/etc/hosts`, leading to the disclosure of sensitive information. Recommendations: For versions 6.3.47.0 and earlier, consider disabling the print label function until a patch is available. Restrict access to sensitive files on the web server to minimize the risk of exploitation. Avoid using the `filePathList` parameter in the affected print labelling function until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.