Tristaninsec

**Name of the Vulnerable Software and Affected Versions** Plane versions prior to 1.3.1 **Description** An ORM Field Reference Injection exists where the `SavedAnalyticEndpoint` passes the user-controlled `segment` query parameter directly to a Django F() expression without validation. An authenticated workspace MEMBER can send a GET request to the endpoint '/api/workspaces/<slug>/saved-analytic-view/<analytic id>/' with a crafted `segment` value. This value is forwarded into the `build graph plot()` function and can traverse foreign-key relationships, such as `workspace owner password`, before being projected via `.values("dimension", "segment")`. This process returns referenced field values directly in the JSON response, exposing sensitive data including bcrypt password hashes, API tokens, and email addresses of related users. **Recommendations** Update to version 1.3.1. As a temporary workaround, restrict access to the '/api/workspaces/<slug>/saved-analytic-view/<analytic id>/' endpoint or avoid using the `segment` parameter until the update is applied.

**Name of the Vulnerable Software and Affected Versions** iOS versions prior to 26.5 iPadOS versions prior to 26.5 macOS Tahoe versions prior to 26.5 tvOS versions prior to 26.5 visionOS versions prior to 26.5 watchOS versions prior to 26.5 **Description** Processing maliciously crafted web content may lead to an unexpected process crash due to improper memory handling. **Recommendations** Update iOS to version 26.5. Update iPadOS to version 26.5. Update macOS Tahoe to version 26.5. Update tvOS to version 26.5. Update visionOS to version 26.5. Update watchOS to version 26.5.

**Name of the Vulnerable Software and Affected Versions** iOS versions prior to 18.7.9 iOS versions prior to 26.5 iPadOS versions prior to 18.7.9 iPadOS versions prior to 26.5 macOS Sequoia versions prior to 15.7.7 macOS Sonoma versions prior to 14.8.7 macOS Tahoe versions prior to 26.5 tvOS versions prior to 26.5 watchOS versions prior to 26.5 **Description** A race condition occurs when the system attempts to perform two or more operations at the same time, but the operations are executed in an unexpected order. This issue allows an app to cause unexpected system termination. **Recommendations** Update iOS to version 18.7.9 or 26.5 Update iPadOS to version 18.7.9 or 26.5 Update macOS Sequoia to version 15.7.7 Update macOS Sonoma to version 14.8.7 Update macOS Tahoe to version 26.5 Update tvOS to version 26.5 Update watchOS to version 26.5

Name of the Vulnerable Software and Affected Versions Plane versions prior to 1.3.0 Description Plane, an open-source project management tool, has an issue where the `IssueBulkUpdateDateEndpoint` allows a project member with ADMIN or MEMBER privileges to modify the `start date` and `target date` of any issue across the entire Plane instance, irrespective of workspace or project membership. The endpoint retrieves issues by ID without proper filtering, leading to cross-boundary data modification. Recommendations Update to version 1.3.0 or later.

Name of the Vulnerable Software and Affected Versions hoppscotch versions prior to 2026.3.0 Description hoppscotch, an open source API development ecosystem, contains a stored Cross-Site Scripting (XSS) issue that could potentially lead to Cross-Site Request Forgery (CSRF). Recommendations Update to version 2026.3.0 or later.