Vim vulnerable to potential data loss with zip.vim and special crafted zip files

An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.

An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.

HDF5 H5Ocache.c H5O__cache_chk_serialize null pointer dereference

HDF5 H5MM.c H5MM_realloc double free

HDF5 H5HLcache.c H5HL__fl_deserialize heap-based overflow

HDF5 H5Fint.c H5F_addr_encode_len heap-based overflow

HDF5 H5Faccum.c H5F__accum_free heap-based overflow

HDF5 H5FScache.c H5FS__sinfo_Srialize_Sct_cb heap-based overflow

HDF5 H5FL.c H5FL__blk_gc_list use after free

HDF5 H5Omessage.c H5O_msg_flush heap-based overflow

In SQLite 3.44.0 through 3.49.0 before 3.49.1, the concat_ws() SQL function can cause memory to be written beyond the end of a malloc-allocated buffer. If the separator argument is attacker-controlled and has a large string (e.g., 2MB or more), an integer overflow occurs in calculating the size of the result buffer, and thus malloc may not allocate enough memory.

Cert CC: CVE-2025-2884 Out-of-Bounds read vulnerability in TCG TPM2.0 reference implementation

Chromium: CVE-2025-2783 Incorrect handle provided in unspecified circumstances in Mojo on Windows

Mbed TLS before 2.28.10 and 3.x before 3.6.3, in some cases of failed memory allocation or hardware errors, uses uninitialized stack memory to compose the TLS Finished message, potentially leading to authentication bypasses such as replays.

Mbed TLS before 2.28.10 and 3.x before 3.6.3, on the client side, accepts servers that have trusted certificates for arbitrary hostnames unless the TLS client application calls mbedtls_ssl_set_hostname.

Microsoft Excel Remote Code Execution Vulnerability