Soheil Samanabadi

**Name of the Vulnerable Software and Affected Versions** Axigen version 10.3.3.52 **Description** A 2-Step Verification issue allows an attacker to access a mailbox by bypassing 2-Step Verification when trying to add an account to any third-party webmail service with IMAP or POP3 without any verification code. This can occur when adding an account to services like Outlook or Gmail. **Recommendations** For Axigen version 10.3.3.52, consider disabling the IMAP and POP3 services until a patch is available to prevent bypassing 2-Step Verification. Restrict access to adding accounts to third-party webmail services to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Telegram Desktop versions 2.4.3 and earlier **Description** The issue allows an attacker to access all chat conversations and media files without requiring a passcode when the Export key is pushed within the Export Telegram Data wizard. This can happen if the victim has opened the Export Wizard and is then distracted, leaving the desktop unattended. The attacker can then push the Export key to gain access to sensitive data. **Recommendations** For Telegram Desktop versions 2.4.3 and earlier, as a temporary workaround, consider disabling the Export Telegram Data wizard until a patch is available. Restrict access to the Export key within the wizard to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.