Rvizx

**Name of the Vulnerable Software and Affected Versions** Linkwarden versions prior to 2.13.0 **Description** Insufficient URL validation in the `fetchTitleAndHeaders()` function allows authenticated users to perform Server-Side Request Forgery (SSRF), a flaw where the server is tricked into making requests to unintended locations. The system only verifies that URLs begin with "http://" or "https://", enabling arbitrary HTTP requests to internal services. **Recommendations** Update to version 2.13.0. As a temporary workaround, restrict access to the `fetchTitleAndHeaders()` function until the update is applied.

**Name of the Vulnerable Software and Affected Versions** Note Mark versions 0.13.0 through 0.19.3 **Description** Authenticated users can upload assets to notes via the "/api/notes/{noteID}/assets" endpoint. The application stores the asset filename provided in the `X-Name` HTTP request header directly in the database without sanitization, failing to filter path separators or directory traversal sequences. When an administrator executes the data export CLI commands `note-mark migrate export-v1` or `note-mark migrate export`, the stored filename is used in `filepath.Join()` and `path.Join()` calls. Because these functions resolve `../` sequences, an attacker can cause the export process to write files to arbitrary locations on the filesystem. Since the export process often runs with root privileges, this can lead to Remote Code Execution by overwriting critical system binaries like `/bin/bash` or modifying systemd unit files and cron jobs. **Recommendations** Update to version 0.19.4. As a temporary workaround, restrict the use of the `X-Name` header to ensure it contains no path separators or directory traversal sequences before uploading assets.

Name of the Vulnerable Software and Affected Versions OrangeHRM versions 5.0 through 5.8 Description OrangeHRM Open Source encrypts sensitive fields using AES in ECB mode. This encryption method preserves plaintext patterns in the ciphertext, potentially allowing disclosure of stored data. Recommendations Update to version 5.8.1 or later.

Name of the Vulnerable Software and Affected Versions imich versions prior to 2.6.0 Description Prior to version 2.6.0, the Immich application discloses credentials when a user authenticates to a shared album. The application transmits the album password within the URL query parameters in a GET request to the `/api/shared-links/me` endpoint. This exposes the password in browser history, proxy logs, server logs, and referrer headers, potentially leading to unauthorized access to shared albums and exposure of user data. Recommendations Update to version 2.6.0 or later.

**Name of the Vulnerable Software and Affected Versions** SuiteCRM versions prior to 8.9.3 **Description** SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Versions up to and including 8.9.2 contain an unsafe deserialization issue in the SavedSearch filter processing component. This allows an authenticated administrator to execute arbitrary system commands on the server. The `FilterDefinitionProvider.php` file calls the `unserialize()` function on user-controlled data from the `saved search.contents` database column without restricting instantiable classes. **Recommendations** Update to SuiteCRM version 8.9.3 or later.

**Name of the Vulnerable Software and Affected Versions** SuiteCRM versions prior to 7.15.1 SuiteCRM versions prior to 8.9.3 **Description** SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. Versions prior to 7.15.1 and 8.9.3 contain a Server-Side Request Forgery (SSRF) vulnerability combined with a Denial of Service (DoS) condition in the RSS Feed Dashlet component. A Server-Side Request Forgery (SSRF) occurs when an application allows an attacker to make requests to unintended locations. This can be used to access internal resources or perform actions on behalf of the server. A Denial of Service (DoS) condition occurs when a system is made unavailable to legitimate users. **Recommendations** Update SuiteCRM to version 7.15.1 or later. Update SuiteCRM to version 8.9.3 or later.

**Name of the Vulnerable Software and Affected Versions** LinkAce versions 2.4.2 and below **Description** LinkAce, a self-hosted archive for website links, is affected by a Stored Cross-site Scripting issue. An authenticated user can inject a payload into a list description via the Atom feed endpoint ('/lists/feed') that escapes the XML CDATA section and injects a native SVG element into the Atom XML document. This allows for the execution of arbitrary JavaScript when the feed URL is visited, without requiring an RSS reader or additional rendering context. The issue arises because list descriptions are output using Blade's raw syntax without sanitization within a CDATA block. Specifically, the sequence ']]>' can be injected to prematurely close the CDATA section, enabling the injection of arbitrary XML/SVG elements that are then parsed and executed by the browser. **Recommendations** Update LinkAce to version 2.4.3 or later.