Rahulhoysala

**Name of the Vulnerable Software and Affected Versions** Vim versions prior to 9.1.2132 **Description** Vim, an open source command line text editor, contains a heap buffer overflow in its tag file resolution logic when processing the 'helpfile' option. The issue resides in the `get tagfname()` function within src/tag.c. The `STRCPY()` function is used to copy the user-controlled 'helpfile' option value into a fixed-size heap buffer without sufficient bounds checking, leading to a potential overflow. **Recommendations** Update to Vim version 9.1.2132 or later.

**Name of the Vulnerable Software and Affected Versions** FreeRDP versions prior to 3.24.0 **Description** FreeRDP is a free implementation of the Remote Desktop Protocol. An integer underflow exists in the `update read cache bitmap order` function within FreeRDP's Core Library. **Recommendations** Update to version 3.24.0 or later.

Name of the Vulnerable Software and Affected Versions: Saurus CMS Community Edition version 4.7.1 Description: Saurus CMS Community Edition 4.7.1 contains an issue in the custom `DB::prepare()` function. The function utilizes `preg replace()` with the deprecated `/e` (eval) modifier for SQL query parameter interpolation, allowing injection of user-controlled SQL statements. This could potentially lead to arbitrary PHP code execution. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.