Vityuasd

**Name of the Vulnerable Software and Affected Versions** linshenkx prompt-optimizer versions 1.3.0 through 1.4.2 **Description** A Server-Side Request Forgery (SSRF) exists in the `/api/proxy/` component. This allows attackers to scan internal resources by sending a specially crafted request. The `api/proxy` endpoint is vulnerable. **Recommendations** Update to a version later than 1.4.2.

Name of the Vulnerable Software and Affected Versions: Akaunting version 3.1.18 Description: An issue in the `/settings/localisation` component allows authenticated attackers to cause a Denial of Service (DoS) via a crafted POST request. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Akaunting version 3.1.18 Description: A cross-site scripting (XSS) issue exists in the `/common/reports` component of the software. Attackers can execute arbitrary web scripts or HTML by injecting a crafted payload into the `name` parameter. Recommendations: As a mitigation, sanitize or encode user-supplied data for the `name` parameter in the `/common/reports` component.

Name of the Vulnerable Software and Affected Versions: Agent-Zero versions 0.8.0 through 0.8.9 Description: An issue exists in the `/api/download work dir file.py` component that allows attackers to execute a directory traversal. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Agent-Zero versions 0.8.0 through 0.8.9 Description: Insecure permissions in Agent-Zero allow attackers to arbitrarily reset the system via unspecified vectors. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.