Tom23

**Name of the Vulnerable Software and Affected Versions** Typora versions 1.5.5 and earlier **Description** A critical issue was found in the WSH JScript Handler component, leading to code injection. The manipulation requires a local attack approach. The issue has been publicly disclosed and may be exploited. **Recommendations** For versions 1.5.5 and earlier, upgrade to version 1.5.8 to address this issue. As a temporary workaround, consider restricting access to the WSH JScript Handler component until the update is applied.

**Name of the Vulnerable Software and Affected Versions** MarkText versions up to 0.17.1 **Description** A critical vulnerability has been found in MarkText, affecting an unknown functionality of the component WSH JScript Handler. The manipulation leads to code injection, requiring local access to approach this attack. The exploit has been disclosed to the public and may be used. **Recommendations** For MarkText versions up to 0.17.1, update to a version later than 0.17.1 to resolve the issue. As a temporary workaround, consider restricting local access to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** JP1016 Markdown-Electron (affected versions not specified) **Description** A critical issue was found in the software, affecting some unknown functionality, which leads to code injection when manipulated. The attack requires local access. The exploit has been disclosed publicly. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.