Multiple Security Vulnerabilities Disclosed Across Major Software Platforms
Several major software vendors, including Mozilla, Node.js, SonicWall, Cisco, Google, Apple, Ubuntu, Red Hat, VMware, and TeamViewer, have disclosed security vulnerabilities affecting a wide range of products. These advisories highlight issues such as OS command injection in the Node.js systeminformation library, privilege escalation in SonicWall SMA1000, improper input validation in Cisco Secure Email Gateway, and multiple vulnerabilities in browsers like Firefox and Chrome. Additionally, Apple products, Epson printers, and TeamViewer DEX Client have been identified as having critical security flaws, with some advisories noting the potential for remote code execution or privilege escalation if left unpatched.
Security agencies and vendors are urging users and administrators to review the relevant advisories and apply patches or mitigations as soon as possible. The vulnerabilities span operating systems (Linux kernel in Ubuntu and Red Hat), cloud and virtualization platforms (VMware Tanzu), and widely used remote access tools (TeamViewer). The breadth of affected products underscores the importance of timely updates and vigilance in monitoring official security channels for new disclosures and remediation guidance.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
5 events from the most recent confirmed update back to the earliest known activity.
JPCERT/CC weekly report summarizes multiple newly disclosed vulnerabilities
On 2025-12-24, JPCERT/CC published a weekly report highlighting multiple significant vulnerabilities and vendor responses across products including Firefox, Chrome, Node.js systeminformation, SonicWall SMA1000, Cisco Secure Email Gateway and Web Manager, Seiko Epson printers, and Apple products. The report noted confirmed exploitation in some cases and that vendors had released or were planning updates and mitigations.
VMware releases Tanzu product security advisories
Between 2025-12-15 and 2025-12-21, VMware published security advisories covering vulnerabilities in several Tanzu products, including .NET Core Tanzu Buildpack, Cloud Native Buildpacks, Elastic Application Runtime, and Extended App Support. Users were advised to review the advisories and install recommended updates.
Red Hat publishes Linux kernel security advisories
Between 2025-12-15 and 2025-12-21, Red Hat released advisories for Linux kernel vulnerabilities affecting multiple products, including Red Hat Enterprise Linux variants, CodeReady Linux Builder, and Real Time offerings. Administrators were urged to apply the necessary updates.
Ubuntu issues Linux kernel security notices
Between 2025-12-15 and 2025-12-21, Ubuntu released security notices addressing Linux kernel vulnerabilities affecting versions from Ubuntu 14.04 LTS through 25.10. Users and administrators were advised to review the notices and apply the recommended updates.
TeamViewer releases DEX Client hotfixes for NomadBranch.exe flaws
On 2025-12-11, TeamViewer published security advisories for multiple vulnerabilities in the DEX Client's NomadBranch.exe component, including improper input validation, command injection, and privilege escalation. TeamViewer released hotfixes and updated versions and advised customers to apply the fixes.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
5 references tracked. Mallory keeps watching after this page renders.
Weekly Report 2025-12-24号
jpcert.or.jp
Open sourceUbuntu security advisory (AV25-859)
cyber.gc.ca
Open sourceRed Hat security advisory (AV25-858)
cyber.gc.ca
Open sourceVMware security advisory (AV25-860)
cyber.gc.ca
Open sourceTeamViewer security advisory (AV25-861)
cyber.gc.ca
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
Multiple High-Impact Vulnerabilities Disclosed Across Diverse Software Platforms
A series of critical and high-severity vulnerabilities have been disclosed affecting a wide range of software products, including workflow automation tools, web applications, network devices, and desktop software. Notable issues include remote code execution (RCE) flaws in *n8n*, *Lilac-Reloaded for Nagios*, *FileZilla Client*, and *AVideo*, as well as privilege escalation vulnerabilities in products like *Versa SASE Client*, *AspEmail*, and *ActFax*. Several vulnerabilities allow unauthenticated attackers to upload arbitrary files, bypass authentication, or exploit weak session management, potentially leading to full system compromise or unauthorized access to sensitive data. Many of these vulnerabilities have public exploits available, increasing the risk of active exploitation in the wild. Vendors have released patches for several of the affected products, and administrators are strongly advised to update to the latest versions or apply recommended mitigations. The vulnerabilities span a variety of attack vectors, including buffer overflows, improper input validation, insecure file upload mechanisms, and misconfigured authentication endpoints. Organizations should prioritize patching systems exposed to the internet and review access controls to limit the impact of potential exploitation. Immediate attention is warranted for products with critical CVSS scores and those with known public exploits.
Mar 21, 2026
Multiple Critical Vulnerabilities Disclosed Across Popular Software Platforms
Several critical vulnerabilities have been disclosed affecting a range of widely used software platforms, including the Linux InputPlumber component, Apache Uniffle, legacy Vivotek cameras, Ubuntu Linux Kernel, Apache Struts 2, and React Router. Each vulnerability presents unique risks, such as remote code execution, information disclosure, privilege escalation, and unauthorized access, potentially impacting both enterprise and consumer environments. Security advisories urge immediate attention to patching and mitigation, as attackers could exploit these flaws to compromise systems, intercept sensitive data, or disrupt operations. The Ubuntu Linux Kernel advisory details multiple CVEs affecting various LTS versions, with potential impacts including denial of service, elevation of privilege, and information disclosure. Other reports highlight specific vulnerabilities: InputPlumber flaws could allow hijacking of Linux gaming sessions, Apache Uniffle and Struts 2 flaws expose clusters and data to eavesdropping and leakage, React Router's CVE-2025-61686 could lead to server file exposure, and unpatched Vivotek cameras are broadcasting live video feeds publicly. Organizations are advised to review vendor advisories and apply security updates promptly to mitigate these threats.
Mar 21, 2026
Multiple High-Impact Vulnerabilities Disclosed Across Diverse Software Products
A series of critical and high-severity vulnerabilities have been disclosed affecting a wide range of software products, including network devices, workflow automation platforms, document management systems, and developer tools. Notable issues include command injection flaws in TRENDnet TEW-800MB routers (CVE-2025-15136, CVE-2025-15137), remote code execution vulnerabilities in Xspeeder SXZOS (CVE-2025-54322), Eigent (CVE-2025-68952), StreamVault (CVE-2025-66203), n8n (CVE-2025-68668), and Yealink T21P_E2 phones (CVE-2025-66738). Additional vulnerabilities involve authentication bypasses in IBM API Connect (CVE-2025-13915) and Eaton UPS Companion (CVE-2025-59887), a session token capture flaw in M-Files Server (CVE-2025-13008), prototype pollution in apidoc-core (CVE-2025-13158), and a blind SQL injection in Cloudlog (CVE-2024-44065). Several of these vulnerabilities allow for remote exploitation, with some exploits already publicly available. Vendors have responded with patches for many of the affected products, such as Eigent, StreamVault, lmdeploy, and n8n, while some issues remain with public exploits and no vendor response, as seen with TRENDnet. The vulnerabilities present risks ranging from arbitrary code execution and privilege escalation to unauthorized access and data exposure. Organizations using the affected products are strongly advised to review the relevant advisories, apply available patches, and implement recommended mitigations to reduce the risk of exploitation. The diversity and severity of these vulnerabilities underscore the importance of timely vulnerability management and monitoring for emerging threats across the software supply chain.
Mar 21, 2026