CVE-2026-39881

CVE-2026-39881 : Vim prior to 9.2.0316 is vulnerable to a command-injection in Vim's netbeans interface. The issue arises from unsanitized strings in the defineAnnoType and specialKeys protocol messages, allowing a malicious NetBeans server that Vim connects to to execute arbitrary Ex commands. T...

CVE-2026-39881

Vim is an open source, command line text editor. Prior to 9.2.0316, a command injection vulnerability in Vim's netbeans interface allows a malicious netbeans server to execute arbitrary Ex commands when Vim connects to it, via unsanitized strings in the defineAnnoType and specialKeys protocol...

CVE-2026-39881 Vim Ex command injection in Vims NetBeans integration

Vim is an open source, command line text editor. Prior to 9.2.0316, a command injection vulnerability in Vim's netbeans interface allows a malicious netbeans server to execute arbitrary Ex commands when Vim connects to it, via unsanitized strings in the defineAnnoType and specialKeys protocol...

Arbitrary Code Injection

Overview Affected versions of this package are vulnerable to Arbitrary Code Injection in the handling of table captions during the rendering process. An attacker can execute arbitrary code with the privileges of the desktop client by syncing a crafted note containing malicious HTML or JavaScript ...

EUVD-2026-19973

SiYuan: Remote Code Execution in the Electron desktop client via stored XSS in synced table captions...

CVE-2026-39713

Missing Authorization vulnerability in mailercloud Mailercloud – Integrate webforms and synchronize website contacts mailercloud-integrate-webforms-synchronize-contacts allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Mailercloud – Integrate webforms and...

CVE-2026-39713 WordPress Mailercloud – Integrate webforms and synchronize website contacts plugin <= 1.0.7 - Broken Access Control vulnerability

Missing Authorization vulnerability in mailercloud Mailercloud – Integrate webforms and synchronize website contacts mailercloud-integrate-webforms-synchronize-contacts allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Mailercloud – Integrate webforms and...

CVE-2026-39713 WordPress Mailercloud – Integrate webforms and synchronize website contacts plugin <= 1.0.7 - Broken Access Control vulnerability

Missing Authorization vulnerability in mailercloud Mailercloud – Integrate webforms and synchronize website contacts mailercloud-integrate-webforms-synchronize-contacts allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Mailercloud – Integrate webforms and...

CVE-2026-39662 WordPress Product Price by Formula for WooCommerce plugin <= 2.5.6 - Broken Access Control vulnerability

Missing Authorization vulnerability in ProWCPlugins Product Price by Formula for WooCommerce product-price-by-formula-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Product Price by Formula for WooCommerce: from n/a through = 2.5.6...

CVE-2026-39592 WordPress DEPART plugin <= 1.0.7 - Broken Access Control vulnerability

Missing Authorization vulnerability in Andy Ha DEPART depart-deposit-and-part-payment-for-woo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects DEPART: from n/a through = 1.0.7...

CVE-2026-39535 WordPress Display Eventbrite Events plugin <= 6.5.6 - Broken Access Control vulnerability

Missing Authorization vulnerability in fullworks Display Eventbrite Events widget-for-eventbrite-api allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Display Eventbrite Events: from n/a through = 6.5.6...

[SECURITY] Fedora 43 Update: goose-1.23.2-7.fc43

Goose is your on-machine AI agent, capable of automating complex development tasks from start to finish. More than just code suggestions, goose can build entire projects from scratch, write and execute code, debug failures, orchestrate workflows, and interact with external APIs - autonomously...

PT-2026-31611

Name of the Vulnerable Software and Affected Versions Palo Alto Cortex XSOAR and Cortex XSIAM versions prior to 1.5.52 Description A flaw in the Microsoft Teams integration for Cortex XSOAR and Cortex XSIAM allows attackers to access and modify sensitive data without authentication. The integrati...

WordPress plugin Mailercloud Integrate webforms and synchronize website contacts 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

CVE-2026-39881

Vim is an open source, command line text editor. Prior to 9.2.0316, a command injection vulnerability in Vim's netbeans interface allows a malicious netbeans server to execute arbitrary Ex commands when Vim connects to it, via unsanitized strings in the defineAnnoType and specialKeys protocol...

SUSE CVE-2026-34444

Lupa integrates the runtimes of Lua or LuaJIT2 into CPython. In 2.6 and earlier, attributefilter is not consistently applied when attributes are accessed through built-in functions like getattr and setattr. This allows an attacker to bypass the intended restrictions and eventually achieve arbitra...

CVE-2026-39846

CVE-2026-39846 – SiYuan Electron desktop client is affected prior to 3.6.4. A crafted note with table caption content that is stored without safe escaping can be unescaped in rendered HTML, creating a stored XSS sink. Since the desktop renderer runs with nodeIntegration enabled and contextIsolati...

GHSA-69V7-XPR6-6GJM Lupa has a Sandbox escape and RCE due to incomplete attribute_filter enforcement in getattr / setattr

Summary The attributefilter in the Lupa library is intended to restrict access to sensitive Python attributes when exposing objects to Lua. However, the filter is not consistently applied when attributes are accessed through built-in functions like getattr and setattr. This allows an attacker to...

PT-2026-31031

Name of the Vulnerable Software and Affected Versions SiYuan versions prior to 3.6.4 Description SiYuan, a personal knowledge management system, is susceptible to remote code execution in the Electron desktop client prior to version 3.6.4. This occurs because table caption content is stored and...

PT-2026-31315

Name of the Vulnerable Software and Affected Versions Nix versions prior to 2.34.5 Nix versions prior to 2.33.4 Nix versions prior to 2.32.7 Nix versions prior to 2.31.4 Nix versions prior to 2.30.4 Nix versions prior to 2.29.3 Nix versions prior to 2.28.6 Description A flaw exists in the fix for...