Viperbluff

**Name of the Vulnerable Software and Affected Versions** Novastar-VNNOX-iCare Novaicare version 7.16.0 **Description** The issue allows attackers to gain privilege escalation, enabling them to view corporate information and SMTP server details, delete users, view roles, and potentially cause other unspecified impacts. **Recommendations** For Novastar-VNNOX-iCare Novaicare version 7.16.0, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** EVlink City versions prior to R8 V3.4.0.2 EVlink Parking versions prior to R8 V3.4.0.2 EVlink Smart Wallbox versions prior to R8 V3.4.0.2 **Description** The issue is related to a Cross-Site Request Forgery (CSRF) vulnerability. This vulnerability can be exploited by a remote attacker to impersonate a user managing the charging station. The exploitation occurs when crafted malicious parameters are submitted in POST requests to the charging station web server. **Recommendations** For EVlink City versions prior to R8 V3.4.0.2, update to version R8 V3.4.0.2 or later. For EVlink Parking versions prior to R8 V3.4.0.2, update to version R8 V3.4.0.2 or later. For EVlink Smart Wallbox versions prior to R8 V3.4.0.2, update to version R8 V3.4.0.2 or later.