Vcth4Nh

**Name of the Vulnerable Software and Affected Versions** a-blog cms (affected versions not specified) **Description** A server-side request forgery vulnerability exists in a-blog cms, allowing a remote unauthenticated attacker to gain access to sensitive information by sending a specially crafted request. The estimated number of potentially affected devices worldwide is over 5,000. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: a-blog cms versions (affected versions not specified) Description: The issue is related to improper neutralization of logs. A remote unauthenticated attacker may hijack a legitimate user's session if the vulnerability is exploited. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** GoAnywhere MFT versions prior to 7.4.2 **Description** A path traversal issue exists, allowing attackers to circumvent endpoint-specific permission checks in the GoAnywhere Admin and Web Clients. **Recommendations** For versions prior to 7.4.2, update to version 7.4.2 or later to resolve the issue.