Advisory ROSA-SA-2026-3249

software: vim 9.1.2148 WASP: ROSA-CHROME unaffected versions = vim-9.1.2148-1 affected versions vim-9.1.2148-1 CVE-ID: CVE-2026-25749 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: Heap overflow in Vim before version 9.1.2132 when processing the 'helpfile' option. In gettagfname src/tag.c, the value of...

PT-2026-4959

Name of the Vulnerable Software and Affected Versions ixray-team ixray-1.6-stcop versions prior to 1.3 Description A flaw exists that can lead to the exposure of sensitive information to an unauthorized actor. Recommendations Update ixray-team ixray-1.6-stcop to version 1.3 or later...

Astra Linux – Vulnerability in Firefox

A memory safety bug exists in Firefox 143 and Thunderbird 143. This bug exhibited signs of memory corruption, and we assume that with sufficient effort, this could have been exploited to execute arbitrary code. This vulnerability has been fixed in Firefox 144 and Thunderbird 144...

GO-2025-4187 Mattermost Server is vulnerable to Path Traversal when files are stored locally in github.com/mattermost/mattermost-server

Mattermost Server is vulnerable to Path Traversal when files are stored locally in github.com/mattermost/mattermost-server. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positi...

AZL-71566 CVE-2025-65637 affecting package containerized-data-importer for versions less than 1.55.0-27

A denial-of-service vulnerability exists in github.com/sirupsen/logrus when using Entry.Writer to log a single-line payload larger than 64KB without newline characters. Due to limitations in the internal bufio.Scanner, the read fails with "token too long" and the writer pipe is closed, leaving...

EUVD-2025-38076

Unrestricted Upload of File with Dangerous Type vulnerability in Case-Themes Case Addons case-addons.This issue affects Case Addons: from n/a through 1.3.0...

PT-2025-41617

Name of the Vulnerable Software and Affected Versions Drupal Facets versions 0.0.0 through 2.0.9 Drupal Facets versions 3.0.0 through 3.0.0 Description A missing authorization issue exists in Drupal Facets, potentially allowing forceful browsing. The issue relates to insufficient access controls...

CVE-2025-0879

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Shopside Software Shopside App allows Cross-Site Scripting XSS. This issue requires high privileges. This issue affects Shopside App: before 17.02.2025...

PT-2025-34754 · Teamviewer · Teamviewer

Name of the Vulnerable Software and Affected Versions: TeamViewer versions prior to 15.69 Description: A race condition exists in the directory validation logic within the TeamViewer Full Client and Host on Windows. This allows a local, non-administrator user to create arbitrary files with SYSTEM...

CVE-2025-54812

Improper Output Neutralization for Logs vulnerability in Apache Log4cxx. When using HTMLLayout, logger names are not properly escaped when writing out to the HTML file. If untrusted data is used to retrieve the name of a logger, an attacker could theoretically inject HTML or Javascript in order t...

CVE-2025-8875 Insecure Deserialization Vulnerability

Deserialization of Untrusted Data vulnerability in N-able N-central allows Local Execution of Code.This issue affects N-central: before 2025.3.1...

PT-2025-32482 · Unknown · Xujeff Tianti 天梯

Name of the Vulnerable Software and Affected Versions: xujeff tianti 天梯 versions prior to 2.3 Description: A problematic issue exists in xujeff tianti 天梯. The exportOrder function within the /tianti-module-admin/user/ajax/save file of the com.jeff.tianti.controller component is susceptible to CSV...

CVE-2025-54950

An out-of-bounds access vulnerability in the loading of ExecuTorch models can cause the runtime to crash and potentially result in code execution or other undesirable effects. This issue affects ExecuTorch prior to commit b6b7a16df5e7852d976d8c34c8a7e9a1b6f7d005...

CVE-2025-5272

Memory safety bugs present in Firefox 138 and Thunderbird 138. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox 139 and Thunderbird 139...

PT-2025-5585 · Acronis · Acronis Cyber Protect Cloud Agent

Name of the Vulnerable Software and Affected Versions: Acronis Cyber Protect Cloud Agent Windows versions prior to build 39378 Description: The issue is related to a local privilege escalation due to a DLL hijacking vulnerability. This vulnerability affects Acronis Cyber Protect Cloud Agent...

PT-2024-13813 · Unknown · Code Embed

Name of the Vulnerable Software and Affected Versions: Code Embed versions prior to 2.3.7 Description: The issue is related to Uncontrolled Resource Consumption. This affects the Code Embed software. Recommendations: For versions prior to 2.3.7, update to version 2.3.7 or later to resolve the iss...

CVE-2023-3374

Incomplete List of Disallowed Inputs vulnerability in Unisign Bookreen allows Privilege Escalation. This issue affects Bookreen: before 3.0.0...

CVE-2023-25313

OS injection vulnerability in World Wide Broadcast Network AVideo version before 12.4, allows attackers to execute arbitrary code via the video link field to the Embed a video link feature...

SUSE CVE-2021-29966

Mozilla developers reported memory safety bugs present in Firefox 88. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox 89...

PT-2022-14822 · Jenkins · Jenkins Mailer Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Mailer Plugin versions 391.ve4a 38c1b cf4b and earlier Jenkins Mailer Plugin prior to 408.vd726a 1130320 and 1.34.2 Description: A cross-site request forgery CSRF vulnerability in the Jenkins Mailer Plugin allows attackers to use the...