Yakir Wizman

**Name of the Vulnerable Software and Affected Versions** iCloud versions prior to 6.1 **Description** The issue involves the Windows Security component and allows local users to obtain sensitive information from the iCloud desktop-client process memory. **Recommendations** For versions prior to 6.1, update to version 6.1 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** LimeSurvey version 1.49RC2 **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the `homedir` parameter to various PHP files, including (1) OLE/PPS/File.php, (2) OLE/PPS/Root.php, (3) Spreadsheet/Excel/Writer.php, or (4) OLE/PPS.php in admin/classes/pear/, or (5) Worksheet.php, (6) Parser.php, (7) Workbook.php, (8) Format.php, or (9) BIFFwriter.php in admin/classes/pear/Spreadsheet/Excel/Writer/. **Recommendations** For LimeSurvey version 1.49RC2, consider disabling remote file inclusion functionality until a patch is available. Restrict access to the `homedir` parameter in the affected PHP files to minimize the risk of exploitation. Avoid using the `homedir` parameter in the affected API endpoints until the issue is resolved.