Advisory ROSA-SA-2026-3240

software: vim 9.1.2128 WASP: ROSA-CHROME unaffected versions = vim-9.1.2128-1 affected versions vim-9.1.2128-1 CVE-ID: CVE-2025-66476 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: Vim for Windows before version 9.1.1947 implements an unreliable search order for external commands: when using cmd.exe, the...

Google Go 安全漏洞

Google Go is a static strongly typed, compiled, concatenated, and garbage-collected programming language from Google. A code execution vulnerability exists in Google Go due to an insecure construction of external VCS commands when handling untrusted module sources or malicious version strings in...

CVE-2025-66476

An uncontrolled search-path vulnerability in Vim for Microsoft Windows allows an attacker who can place a trojanized executable in a directory opened by the user to cause Vim to run that executable when Vim invokes external commands for example :grep, :!, filters !, :make, or system in Vimscript...

CVE-2025-66476

Vim is an open source, command line text editor. Prior to version 9.1.1947, an uncontrolled search path vulnerability on Windows allows Vim to execute malicious executables placed in the current working directory for the current edited file. On Windows, when using cmd.exe as a shell, Vim resolves...

UBUNTU-CVE-2025-66476

Vim is an open source, command line text editor. Prior to version 9.1.1947, an uncontrolled search path vulnerability on Windows allows Vim to execute malicious executables placed in the current working directory for the current edited file. On Windows, when using cmd.exe as a shell, Vim resolves...

CVE-2025-66476

Vim for Windows before 9.1.1947 is affected by CVE-2025-66476, an uncontrolled search-path vulnerability that allows launching a malicious executable in the current working directory when Vim resolves external commands (eg. :grep, :!, compiler/make) while using cmd.exe. Affected product: Vim for ...

EUVD-2025-200373

Vim is an open source, command line text editor. Prior to version 9.1.1947, an uncontrolled search path vulnerability on Windows allows Vim to execute malicious executables placed in the current working directory for the current edited file. On Windows, when using cmd.exe as a shell, Vim resolves...

CVE-2025-66476 Vim for Windows Uncontrolled Search Path Element Remote Code Execution Vulnerability

Vim is an open source, command line text editor. Prior to version 9.1.1947, an uncontrolled search path vulnerability on Windows allows Vim to execute malicious executables placed in the current working directory for the current edited file. On Windows, when using cmd.exe as a shell, Vim resolves...

CVE-2025-66476 Vim for Windows Uncontrolled Search Path Element Remote Code Execution Vulnerability

Vim is an open source, command line text editor. Prior to version 9.1.1947, an uncontrolled search path vulnerability on Windows allows Vim to execute malicious executables placed in the current working directory for the current edited file. On Windows, when using cmd.exe as a shell, Vim resolves...

CVE-2025-66476

Vim is an open source, command line text editor. Prior to version 9.1.1947, an uncontrolled search path vulnerability on Windows allows Vim to execute malicious executables placed in the current working directory for the current edited file. On Windows, when using cmd.exe as a shell, Vim resolves...

EUVD-2008-6343

Malware in sbrugna...

EUVD-2017-15939

Malware in sbrugna...

EUVD-2021-17262

Malware in sbrugna...

Arbitrary Code Injection

Overview pycel is an A library for compiling excel spreadsheets to python code & visualizing them as a graph Affected versions of this package are vulnerable to Arbitrary Code Injection through the code generation from a crafted formula in an Excel spreadsheet cell. An attacker can execute...

Malicious code in sd-template-main (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b1d800f01a52aafc7bee8ab45032560696e9e36ca3c902a4adc7d1245294fc0e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

[SECURITY] Fedora 39 Update: golang-github-tdewolff-minify-2.20.18-1.fc39

Minify is a minifier package written in Go. It provides HTML5, CSS3, JS, JSON, SVG and XML minifiers and an interface to implement any other minifier. Minification is the process of removing bytes from a file such as whitespace without changing its output and therefore shrinking its size and...

CVE-2023-3314

A vulnerability arises out of a failure to comprehensively sanitize the processing of a zip files. Incomplete neutralization of external commands used to control the process execution of the .zip application allows an authorized user to obtain control of the .zip application to execute arbitrary...

PT-2023-24189 · Igor Pavlov · 7-Zip

Name of the Vulnerable Software and Affected Versions: 7-Zip versions prior to 23.01 Description: A vulnerability arises out of a failure to comprehensively sanitize the processing of a zip files. Incomplete neutralization of external commands used to control the process execution of the .zip...

SUSE CVE-2008-6373

Unspecified vulnerability in Nagios before 3.0.6 has unspecified impact and remote attack vectors related to CGI programs, "adaptive external commands," and "writing newlines and submitting service comments."...

CVE-2021-30331

Possible buffer overflow due to improper data validation of external commands sent via DIAG interface in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables...