Zznq

**Name of the Vulnerable Software and Affected Versions** Milvus versions prior to 2.5.27 Milvus versions prior to 2.6.10 **Description** Milvus, an open-source vector database for generative AI applications, is affected by an issue that allows authentication bypasses. The software exposes TCP port 9091 by default, and the `/expr` debug endpoint uses a weak, predictable default authentication token derived from `etcd.rootPath` (default: by-dev), enabling arbitrary expression evaluation. The full REST API (`/api/v1/*`) is registered on the metrics/management port without authentication, allowing unauthenticated access to all business operations, including data manipulation and credential management. **Recommendations** Milvus versions prior to 2.5.27 should be upgraded to version 2.5.27 or later. Milvus versions prior to 2.6.10 should be upgraded to version 2.6.10 or later.

**Name of the Vulnerable Software and Affected Versions** tiny-rdm versions through 1.2.5 **Description** A security issue exists in tiny-rdm related to deserialization. The `pickle.loads` function within the `pickle convert.go` file is affected. This can be triggered remotely and requires a high level of complexity to exploit, though exploitation appears difficult. The details of the issue have been publicly disclosed. The project maintainers were notified but have not yet responded. **Recommendations** versions prior to 1.2.6

**Name of the Vulnerable Software and Affected Versions** giantspatula SewKinect versions prior to 7fd963ceb3385af3706af02b8a128a13399dffb1 **Description** A flaw exists in giantspatula SewKinect that allows for remote manipulation. The issue stems from the `pickle.loads` function within the `/calculate` file of the Endpoint component. Exploitation involves manipulating the `body parts/point cloud` argument, leading to deserialization. The exploit has been publicly disclosed. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** GuanxingLu vlarl versions prior to 31abc0baf53ef8f5db666a1c882e1ea64def2997 **Description** A flaw exists in the `experiments.robot.bridge.reasoning server::run reasoning server` function within the `experiments/robot/bridge/reasoning server.py` file of the ZeroMQ component. Manipulation of the `Message` argument leads to deserialization, potentially allowing for remote exploitation. The exploit has been publicly disclosed. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** MigoXLab LMeterX version 1.2.0 **Description** A vulnerability exists in MigoXLab LMeterX 1.2.0 related to path traversal. The `process cert files` function within the `backend/service/upload service.py` file is affected. Manipulation of the `task id` argument can lead to a path traversal attack, which can be launched remotely. The exploit has been publicly disclosed. **Recommendations** Apply the patch with identifier f1b00597e293d09452aabd4fa57f3185207350e8 to resolve this issue.

**Name of the Vulnerable Software and Affected Versions** Ackites KillWxapkg versions up to 2.4.1 **Description** A critical issue affects the `processFile` function of the wxapkg File Parser component, located in the file internal/unpack/unpack.go. This issue leads to os command injection and can be initiated remotely. The complexity of an attack is rather high, and the exploitation appears to be difficult. **Recommendations** For Ackites KillWxapkg versions up to 2.4.1, as a temporary workaround, consider disabling the `processFile` function until a patch is available. Restrict access to the wxapkg File Parser component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Ackites KillWxapkg versions up to 2.4.1 **Description** A vulnerability was found in the wxapkg File Decompression Handler component, affecting some unknown processing. This issue leads to resource consumption and can be initiated remotely. The complexity of an attack is rather high, and the exploitation is known to be difficult. **Recommendations** For Ackites KillWxapkg versions up to 2.4.1, consider updating to a version later than 2.4.1 to resolve the issue. As a temporary workaround, consider restricting access to the wxapkg File Decompression Handler component to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** OpenBMB XAgent version 1.0.0 **Description** A critical issue was found in the component Privileged Mode, leading to a sandbox issue. The manipulation requires a local approach. **Recommendations** For OpenBMB XAgent version 1.0.0, at the moment, there is no information about a newer version that contains a fix for this vulnerability.