Y0N3Er

**Name of the Vulnerable Software and Affected Versions** Apache Syncope versions 3.0 through 3.0.15 Apache Syncope versions 4.0 through 4.0.3 **Description** An issue exists in Apache Syncope Console where an administrator with sufficient privileges to create or edit Keymaster parameters can construct malicious XML text to launch an XML External Entity (XXE) attack. This can lead to sensitive data leakage. **Recommendations** Upgrade to Apache Syncope version 3.0.16 Upgrade to Apache Syncope version 4.0.4

**Name of the Vulnerable Software and Affected Versions** phpok version 6.4.003 **Description** The issue is related to a Cross Site Scripting (XSS) vulnerability. It affects the `ok f()` method located in the `framework/api/upload control.php` file. **Recommendations** For phpok version 6.4.003, consider disabling the `ok f()` method until a patch is available to prevent potential exploitation.