Suphawith Phusanbai

**Name of the Vulnerable Software and Affected Versions** Operately version 0.1.0 **Description** The issue allows a privileged user to achieve Remote Code Execution via uploading and executing malicious files without validating file extensions or content types in the Discussions tab. **Recommendations** For Operately version 0.1.0, consider validating file extensions and content types before allowing uploads to prevent malicious file execution. As a temporary workaround, restrict access to the Discussions tab to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** sbondCo Watcharr version 1.43.0 **Description** The issue allows a remote attacker to execute arbitrary code and escalate privileges via the Change Password function. **Recommendations** For sbondCo Watcharr version 1.43.0, consider disabling the Change Password function until a patch is available. Restrict access to the Change Password feature to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.