Sudosme

**Name of the Vulnerable Software and Affected Versions** brikcss versions prior to 1.3.1 **Description** A Prototype Pollution issue exists where manipulating the argument ` proto /constructor.prototype/prototype` allows for improperly controlled modification of object prototype attributes. This can be executed remotely. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

A vulnerability was determined in 1024bit extend-deep up to 0.1.6. The impacted element is an unknown function of the file index.js. This manipulation of the argument proto causes improperly controlled modification of object prototype attributes. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized. The code repository of the project has not been active for many years.

**Name of the Vulnerable Software and Affected Versions** classroombookings versions prior to 2.17.1 **Description** An issue exists in the User Display Name Handler component within the `read` function of the file 'crbs-core/application/views/layout.php'. Remote attackers can execute cross site scripting by manipulating the `displayname` argument. **Recommendations** Update to version 2.17.1.

**Name of the Vulnerable Software and Affected Versions** arnobt78 Hotel Booking Management System versions prior to f8922d0e0f6ac1cc761974c7616f44c2bbc04bea **Description** An issue exists in the Health Check Endpoint where a manipulation of an unknown function within the '/api/health/detailed' endpoint leads to information disclosure. This flaw allows for remote exploitation. **Recommendations** Update arnobt78 Hotel Booking Management System to a version later than f8922d0e0f6ac1cc761974c7616f44c2bbc04bea. As a temporary workaround, restrict access to the '/api/health/detailed' endpoint to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions ProjectsAndPrograms School Management System versions prior to 6b6fae5426044f89c08d0dd101c7fa71f9042a59 Description A flaw exists in ProjectsAndPrograms School Management System that allows for unrestricted file upload. The issue is located in the Profile Picture Handler component, specifically within an unknown function of the `/admin panel/settings.php` file. Manipulation of the `File` argument enables this unrestricted upload. Remote exploitation is possible. The exploit has been published. Recommendations Update to version 6b6fae5426044f89c08d0dd101c7fa71f9042a59 or later.