Spoofing issue in Firefox. This vulnerability was fixed in Firefox 145, Firefox ESR 140.5, and Firefox ESR 115.30.

Use-after-free in the Audio/Video component. This vulnerability was fixed in Firefox 145, Firefox ESR 140.5, Firefox ESR 115.30, Thunderbird 145, and Thunderbird 140.5.

Mitigation bypass in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 145, Firefox ESR 140.5, Firefox ESR 115.30, Thunderbird 145, and Thunderbird 140.5.

Race condition in the Graphics component. This vulnerability was fixed in Firefox 145, Firefox ESR 140.5, Firefox ESR 115.30, Thunderbird 145, and Thunderbird 140.5.

System call entry on Cortex M (and possibly R and A, but I think not) has a race which allows very practical privilege escalation for malicious userspace processes.

Insecure default permissions in the agent of Ivanti Endpoint Manager before version 2024 SU4 allows a local authenticated attacker to write arbitrary files anywhere on disk

In JetBrains YouTrack before 2025.3.104432 a race condition allowed bypass of helpdesk Agent limit

Files or Directories Accessible to External Parties, Exposure of Private Personal Information to an Unauthorized Actor vulnerability in Premierturk Information Technologies Inc. Excavation Management Information System allows Footprinting, Functionality Misuse.This issue affects Excavation Manageme…

A local code execution security issue exists within Studio 5000® Simulation Interface™ via the API. This vulnerability allows any Windows user on the system to extract files using path traversal sequences, resulting in execution of scripts with Administrator privileges on system reboot.

A local server-side request forgery (SSRF) security issue exists within Studio 5000® Simulation Interface™ via the API. This vulnerability allows any Windows user on the system to trigger outbound SMB requests, enabling the capture of NTLM hashes.