Vitaly Simonovich

**Name of the Vulnerable Software and Affected Versions** TYPO3 CMS versions prior to 10.4.57 TYPO3 CMS versions 11.0.0 through 11.5.51 TYPO3 CMS versions 12.0.0 through 12.4.46 TYPO3 CMS versions 13.0.0 through 13.4.31 TYPO3 CMS versions 14.0.0 through 14.3.3 **Description** The cache frontend (VariableFrontend) and persistent key-value store (Registry) deserialize PHP payloads without integrity validation or class restrictions. An attacker with write access to the underlying storage backend, such as the file system or the `sys registry` database table, can inject a crafted serialized payload to trigger PHP Object Injection. This may allow the exploitation of a gadget chain to achieve Remote Code Execution. **Recommendations** Update to version 10.4.57 or later. Update to version 11.5.52 or later. Update to version 12.4.47 or later. Update to version 13.4.32 or later. Update to version 14.3.4 or later.

**Name of the Vulnerable Software and Affected Versions** iOS versions prior to 18.7.9 iOS versions prior to 26.5 iPadOS versions prior to 18.7.9 iPadOS versions prior to 26.5 macOS Tahoe versions prior to 26.5 visionOS versions prior to 26.5 **Description** Processing maliciously crafted web content may disclose sensitive user information. **Recommendations** Update iOS to version 18.7.9 or 26.5. Update iPadOS to version 18.7.9 or 26.5. Update macOS Tahoe to version 26.5. Update visionOS to version 26.5.

**Name of the Vulnerable Software and Affected Versions** iOS versions prior to 18.7.9 iPadOS versions prior to 18.7.9 iOS versions prior to 26.5 iPadOS versions prior to 26.5 macOS Tahoe versions prior to 26.5 tvOS versions prior to 26.5 visionOS versions prior to 26.5 watchOS versions prior to 26.5 **Description** Processing maliciously crafted web content may lead to an unexpected process crash. The issue is caused by insufficient input validation. **Recommendations** Update to iOS 18.7.9 Update to iPadOS 18.7.9 Update to iOS 26.5 Update to iPadOS 26.5 Update to macOS Tahoe 26.5 Update to tvOS 26.5 Update to visionOS 26.5 Update to watchOS 26.5

**Name of the Vulnerable Software and Affected Versions** iOS versions prior to 18.7.9 iPadOS versions prior to 18.7.9 iOS versions prior to 26.5 iPadOS versions prior to 26.5 macOS Tahoe versions prior to 26.5 tvOS versions prior to 26.5 visionOS versions prior to 26.5 watchOS versions prior to 26.5 **Description** Processing maliciously crafted web content may lead to an unexpected process crash due to improper memory handling. **Recommendations** Update to iOS 18.7.9 Update to iPadOS 18.7.9 Update to iOS 26.5 Update to iPadOS 26.5 Update to macOS Tahoe 26.5 Update to tvOS 26.5 Update to visionOS 26.5 Update to watchOS 26.5

**Name of the Vulnerable Software and Affected Versions** The product name cannot be determined (affected versions not specified) **Description** An attacker can send a web request that causes unlimited memory allocation in the internal web server, leading to a denial of service. The internal web server is disabled by default. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** BIND (affected versions not specified) **Description** An attacker can send a notify request that causes a new secondary domain to be added to the bind backend. This process leads the backend to update its configuration to an invalid state, resulting in a denial of service where the backend is unable to run upon the next restart and requires manual intervention to resolve. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Apache Log4j Core versions 2.12.0 through 2.25.3 **Description** A flaw exists where hostname verification is ignored when configured through the `verifyHostName` attribute of the '<Ssl>' element. This occurs even if the attribute is explicitly set, leaving TLS connections susceptible to interception. A network-based attacker could perform a man-in-the-middle attack if an SMTP, Socket, or Syslog appender is used, TLS is configured via a nested '<Ssl>' element, and the attacker possesses a certificate issued by a CA trusted by the configured or default Java trust store. **Recommendations** Upgrade to Apache Log4j Core 2.25.4.

**Name of the Vulnerable Software and Affected Versions** Jenkins versions 2.554 and earlier Jenkins LTS versions 2.541.2 and earlier **Description** The software does not safely handle symbolic links when extracting .tar and .tar.gz archives. This allows crafted archives to write files to arbitrary locations on the filesystem, limited by the file system access permissions of the user running Jenkins. An attacker with Item/Configure permission, or control over agent processes, can exploit this to deploy malicious scripts or plugins on the controller. **Recommendations** Update Jenkins to a version later than 2.554. Update Jenkins LTS to a version later than 2.541.2.

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 147.0.7727.55 Description A flaw exists in Blink, a component of Google Chrome, that could allow a remote attacker to read memory outside of allocated boundaries. This issue occurs when processing a specially crafted HTML page. The security severity is considered low. Recommendations Update Google Chrome to version 147.0.7727.55 or later.

**Name of the Vulnerable Software and Affected Versions** MongoDB versions 3.4 and later **Description** A flaw in MongoDB’s OP COMPRESSED handling allows unauthenticated attackers to crash servers with minimal traffic. The issue arises because MongoDB allocates approximately 48MB of memory per connection before validating decompression parameters. Attackers can send crafted packets, around 47KB in size, with manipulated uncompressedSize values, triggering rapid memory exhaustion. Concurrent connections can lead to out-of-memory kills and service disruption. This vulnerability affects deployments with compression enabled, which is the default setting since version 3.6, including MongoDB Atlas. Approximately 207,000 instances are potentially exposed. The attack involves sending a zlib-compressed packet claiming a larger uncompressed size to cause excessive memory allocation. **Recommendations** MongoDB versions 3.4 and later should be patched to address this vulnerability. Limit exposure of MongoDB instances to the internet.

**Name of the Vulnerable Software and Affected Versions** TYPO3 versions 10.0.0 through 10.4.54 TYPO3 versions 11.0.0 through 11.5.48 TYPO3 versions 12.0.0 through 12.4.40 TYPO3 versions 13.0.0 through 13.4.22 TYPO3 versions 14.0.0 through 14.0.1 **Description** A flaw exists in TYPO3 that allows local users with write access to the spool directory to execute arbitrary PHP code on the web server. This is possible by crafting a malicious file that is deserialized during the `mailer:spool:send` command. **Recommendations** Update TYPO3 versions to a version later than 10.4.54. Update TYPO3 versions to a version later than 11.5.48. Update TYPO3 versions to a version later than 12.4.40. Update TYPO3 versions to a version later than 13.4.22. Update TYPO3 versions to a version later than 14.0.1.

**Name of the Vulnerable Software and Affected Versions** GNU C Library versions 2.0 through 2.42 **Description** Using the `wordexp` function with `WRDE REUSE` and `WRDE APPEND` together in the GNU C Library can lead to the function returning uninitialized memory in the `we wordv` member. Subsequent calls to `wordfree` may then cause the process to terminate. **Recommendations** Avoid using `WRDE REUSE` in conjunction with `WRDE APPEND` when calling the `wordexp` function.