Wachizungu

**Name of the Vulnerable Software and Affected Versions** OpenCTI versions prior to 6.9.7 **Description** An organization administrator can escalate their privileges by adding a user from a different organization who possesses higher privileges into their own organization. This occurs due to an incorrect Access Control List (ACL), which is a set of rules that defines permissions for users or systems, on the `userEdit` relationAdd function. **Recommendations** Update to version 6.9.7.

**Name of the Vulnerable Software and Affected Versions** RansomLook versions prior to 1.9.0 **Description** RansomLook is a tool used to monitor ransomware groups and markets to extract victim data. The API improperly filters private location entries within 'website/web/api/genericapi.py'. Due to the code removing elements from a list during iteration, entries marked as private may be unintentionally included in API responses, leading to the unauthorized disclosure of non-public location information. **Recommendations** Update to version 1.9.0.