Advisory ROSA-SA-2025-2926

software: yelp 42.2 WASP: ROSA-CHROME unaffected versions = yelp-42.2-2 affected versions yelp-42.2-2 CVE-ID: CVE-2025-3155 BDU-ID: 2025-03944 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the Yelp help system is related to the inclusion of features from an invalid controlled scope when processing...

CVE-2025-54583

GitProxy is an application that stands between developers and a Git remote endpoint e.g., github.com. Versions 1.19.1 and below allow users to push to remote repositories while bypassing policies and explicit approvals. Since checks and plugins are skipped, code containing secrets or unwanted...

AVG TuneUp for PC TuneupSvc Link Following Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of AVG TuneUp for PC. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the AVG TuneUp...

smolagents has Sandbox Escape Vulnerability in the local_python_executor.py Module

A sandbox escape vulnerability was identified in huggingface/smolagents version 1.14.0, allowing attackers to bypass the restricted execution environment and achieve remote code execution RCE. The vulnerability stems from the localpythonexecutor.py module, which inadequately restricts Python code...

CVE-2025-7254

IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView CADImage Plugin. User interaction is required to exploit this vulnerability in that the...

CVE-2025-53770

Deserialization of untrusted data in on-premises Microsoft SharePoint Server allows an unauthorized attacker to execute code over a network. Microsoft is aware that an exploit for CVE-2025-53770 exists in the wild. Microsoft is preparing and fully testing a comprehensive update to address this...

Security Updates for Microsoft SharePoint Server 2019

The Microsoft SharePoint Server 2019 installation on the remote host is missing security updates. It is, therefore, affected by multiple vulnerabilities: - Improper limitation of a pathname to a restricted directory 'path traversal' in Microsoft Office SharePoint allows an authorized attacker to...

Microsoft SharePoint Deserialization of Untrusted Data Vulnerability

Microsoft SharePoint Server on-premises contains a deserialization of untrusted data vulnerability that could allow an unauthorized attacker to execute code over a network. This vulnerability could be chained with CVE-2025-53771. CVE-2025-53770 is a patch bypass for CVE-2025-49704, and the update...

CVE-2025-49670

Heap-based buffer overflow in Windows Routing and Remote Access Service RRAS allows an unauthorized attacker to execute code over a network...

CVE-2025-49753

Heap-based buffer overflow in Windows Routing and Remote Access Service RRAS allows an unauthorized attacker to execute code over a network...

CVE-2025-49714

Trust boundary violation in Visual Studio Code - Python extension allows an unauthorized attacker to execute code locally...

CVE-2025-49657

Heap-based buffer overflow in Windows Routing and Remote Access Service RRAS allows an unauthorized attacker to execute code over a network...

CVE-2025-49735

Use after free in Windows KDC Proxy Service KPSSVC allows an unauthorized attacker to execute code over a network...

CVE-2025-49714

Trust boundary violation in Visual Studio Code - Python extension allows an unauthorized attacker to execute code locally...

CVE-2025-49714

Trust boundary violation in Visual Studio Code - Python extension allows an unauthorized attacker to execute code locally...

CVE-2025-49691

Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code over an adjacent network...

CVE-2025-49729

Technical details about CVE-2025-49729 are not provided in the connected documents. The initial description notes a heap-based buffer overflow in RRAS that could enable remote code execution, but no affected product/version specifics or mitigations are included.

CVE-2025-49714

CVE-2025-49714 involves the Visual Studio Code Python Extension. The connected sources describe a trust boundary violation that can let an unauthorized attacker execute code locally, effectively a remote code execution scenario through the Python extension. The vulnerability is tied to Visual Stu...

CVE-2025-49700

CVE-2025-49700 is a Microsoft Word remote code execution vulnerability caused by a use-after-free in Word. Affected product: Microsoft Word (Office). Impact: local code execution with_high_ impact as per Microsoft’s CVSS (AV:L, AC:L, PR:N, UI:R, C:H/I:H/A:H). Remediation: Microsoft has released s...

CVE-2025-49697

CVE-2025-49697 is a Microsoft Office remote code execution vulnerability. The issue is described as a heap-based buffer overflow in Office that allows an attacker with local access to run arbitrary code on a vulnerable system, with no user interaction required (local access, no UI). Publicly avai...