37 matches found
CVE-2026-9604 JeecgBoot AiragModelController access control
A vulnerability was detected in JeecgBoot up to 3.9.1. This vulnerability affects unknown code of the component AiragModelController. The manipulation of the argument list/queryById results in improper access controls. The attack can be executed remotely. The exploit is now public and may be used...
PT-2026-41148
Discovered through manual source code review. Verified by PoC execution against a local dbt-mcp v1.15.1 installation. Summary run dbt command in src/dbt mcp/dbt cli/tools.py constructs the dbt subprocess argument list by appending user-supplied MCP tool parameters without sanitization. Two...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: vim (UTSA-2026-016508)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016508 advisory. The UNIX editor Vim prior to version 9.1.0678 has a use-after-free error in argument list handling. When adding a new file to the argument list, this triggers Buf...
CVE-2025-13445
A flaw has been found in Tenda AC21 16.03.08.16. This affects an unknown part of the file /goform/SetIpMacBind. Executing a manipulation of the argument list can lead to stack-based buffer overflow. The attack can be executed remotely. The exploit has been published and may be used...
CVE-2025-13445 Tenda AC21 SetIpMacBind stack-based overflow
A flaw has been found in Tenda AC21 16.03.08.16. This affects an unknown part of the file /goform/SetIpMacBind. Executing a manipulation of the argument list can lead to stack-based buffer overflow. The attack can be executed remotely. The exploit has been published and may be used...
CVE-2025-12595
CVE-2025-12595 affects Tenda AC23, version 16.03.07.52. The issue is in the function formSetVirtualSer of /goform/SetVirtualServerCfg, where manipulating the argument list leads to a buffer overflow. The vulnerability can be triggered remotely and public exploits/PoCs exist. Connected sources ind...
EUVD-2025-32699
A vulnerability was found in Tenda AC23 up to 16.03.07.52. Affected by this issue is the function sscanf of the file /goform/SetStaticRouteCfg. The manipulation of the argument list results in buffer overflow. It is possible to launch the attack remotely. The exploit has been made public and coul...
EUVD-2024-40255
Malicious code in bioql PyPI...
TencentOS Server 4: vim (TSSA-2024:0372)
The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2024:0372 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...
grub2: commands/extcmd: Missing check for failed allocation
A flaw was found in grub2 where the grubextcmddispatcher function calls grubarglistalloc to allocate memory for the grub's argument list. However, it fails to check in case the memory allocation fails. Once the allocation fails, a NULL point will be processed by the parseoption function, leading...
OESA-2025-1216 grub2 security update
GNU GRUB is a Multiboot boot loader. It was derived from GRUB, the GRand Unified Bootloader, which was originally designed and implemented by Erich Stefan Boleyn. Security Fixes: A flaw was found in grub2. A specially crafted JPEG file can cause the JPEG parser of grub2 to incorrectly check the...
DEBIAN-CVE-2024-45775
A flaw was found in grub2 where the grubextcmddispatcher function calls grubarglistalloc to allocate memory for the grub's argument list. However, it fails to check in case the memory allocation fails. Once the allocation fails, a NULL point will be processed by the parseoption function, leading...
Huawei EulerOS: Security Advisory for vim (EulerOS-SA-2024-2931)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
EulerOS 2.0 SP12 : vim (EulerOS-SA-2024-2925)
According to the versions of the vim packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : The UNIX editor Vim prior to version 9.1.0678 has a use-after-free error in argument list handling.When adding a new file to the argument list, this...
EulerOS 2.0 SP12 : vim (EulerOS-SA-2024-2931)
According to the versions of the vim packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : The UNIX editor Vim prior to version 9.1.0678 has a use-after-free error in argument list handling.When adding a new file to the argument list, this...
CVE-2024-51754 Unguarded calls to __toString() when nesting an object into an array in Twig
Twig is a template language for PHP. In a sandbox, an attacker can call toString on an object even if the toString method is not allowed by the security policy when the object is part of an array or an argument list arguments to a function or a filter for instance. This issue has been patched in...
OESA-2024-2026 vim security update
Vim is an advanced text editor that seeks to provide the power of the de-facto Unix editor 'Vi', with a more complete feature set. Vim is a highly configurable text editor built to enable efficient text editing. It is an improved version of the vi editor distributed with most UNIX systems. Securi...
SUSE CVE-2024-43374
The UNIX editor Vim prior to version 9.1.0678 has a use-after-free error in argument list handling. When adding a new file to the argument list, this triggers Buf autocommands. If in such an autocommand the buffer that was just opened is closed including the window where it is shown, this causes...
CVE-2024-43374
A heap use-after-free vulnerability was found in Vim's alistadd function. Adding a new file to the argument list triggers Buf autocommands. In an autocommand, if the buffer that was just opened is closed, including the window where it is shown, it causes the window structure to be freed, containi...
CVE-2024-43374
The UNIX editor Vim prior to version 9.1.0678 has a use-after-free error in argument list handling. When adding a new file to the argument list, this triggers Buf autocommands. If in such an autocommand the buffer that was just opened is closed including the window where it is shown, this causes...