Vim >= 9.1.0011 < 9.2.0137 NULL Pointer Dereference (GHSA-9phh-423r-778r)

The version of Vim installed on the remote host is between 9.1.0011 inclusive and 9.2.0137 exclusive. It is, therefore, affected by a vulnerability as referenced in the GHSA-9phh-423r-778r advisory. - Vim is an open source, command line text editor. From 9.1.0011 to before 9.2.0137, Vim's NFA reg...

SUSE CVE-2026-32249

Vim is an open source, command line text editor. From 9.1.0011 to before 9.2.0137, Vim's NFA regex compiler, when encountering a collection containing a combining character as the endpoint of a character range e.g. 0-0\u05bb, incorrectly emits the composing bytes of that character as separate NFA...

Linux Distros Unpatched Vulnerability : CVE-2026-32249

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vim is an open source, command line text editor. From 9.1.0011 to before 9.2.0137, Vim's NFA regex compiler, when encountering a collection containing a combini...

CVE-2026-32249

Vim is an open source, command line text editor. From 9.1.0011 to before 9.2.0137, Vim's NFA regex compiler, when encountering a collection containing a combining character as the endpoint of a character range e.g. 0-0\u05bb, incorrectly emits the composing bytes of that character as separate NFA...

CVE-2026-32249

Vim vulnerability CVE-2026-32249 affects versions 9.1.0011 up to before 9.2.0137, in the NFA regex compiler. When a collection contains a combining character as the endpoint of a character range (e.g., [0-0\u05bb]), the compiler emits the composing bytes as separate NFA states, corrupting the NFA...

CVE-2026-32249

Vim is an open source, command line text editor. From 9.1.0011 to before 9.2.0137, Vim's NFA regex compiler, when encountering a collection containing a combining character as the endpoint of a character range e.g. 0-0\u05bb, incorrectly emits the composing bytes of that character as separate NFA...

Cisco Snort _bnfa_search_csparse_nfa Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Cisco Snort. Authentication is not required to exploit this vulnerability. The specific flaw exists within the bnfasearchcsparsenfa method. The issue results from the lack of proper validatio...

Cisco Snort _bnfa_search_csparse_nfa Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Cisco Snort. Authentication is not required to exploit this vulnerability. The specific flaw exists within the bnfasearchcsparsenfa method. The issue results from the lack of validating the existence...

PT-2026-25059

Name of the Vulnerable Software and Affected Versions Vim versions 9.1.0011 through 9.2.0136 Description Vim, a command line text editor, has an issue where its NFA regex compiler can experience a segmentation fault. This occurs when the compiler encounters a character range containing a combinin...

Malicious code in nuilva-dakdre-nfa (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 97dd5b0a7b3f08b3f91f7a4ee4c4eedbb8e69da5634f77deb72bbb51d9a480ba This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-139474

Malicious code in nuilva-dakdre-nfa npm...

EUVD-2025-144568

Malicious code in augis-pom9r-nfa npm...

EUVD-2023-25521

Malicious code in bioql PyPI...

MAL-2025-6639 Malicious code in nf-nfa-types (npm)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in nf-nfa-types (npm)

--- -= Per source details. Do not edit below this line.=-...

CVE-2023-21352

In NFA, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2019-2207

In nfahcihandleadmingatersp of nfahciact.cc, there is a possible out of bound write due to missing bounds checks. This could lead to local escalation of privilege with system execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0...

PT-2024-40644 · Oracle · Java

Name of the Vulnerable Software and Affected Versions: Java versions affected versions not specified Description: The issue is related to a security exception in the Java java.util.zip package. Specifically, the crash occurs in the jflex.core.NFA.insertNFA and...

PT-2024-40834 · Jflex · Jflex

Name of the Vulnerable Software and Affected Versions: jflex affected versions not specified Description: A security exception crash has been reported. The crash occurs in the jflex.core.NFA.insertNFA function, which is called by java.base/java.lang.ClassLoader.defineClass1 and...

OSV-2024-668 Security exception in jflex.core.NFA.insertNFA

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=70514 Crash type: Security exception Crash state: jflex.core.NFA.insertNFA java.base/java.lang.ClassLoader.defineClass1 java.base/java.lang.ClassLoader.defineClass...