CVE-2026-52858 Vim: Arbitrary Code Execution via Python Omni-Completion

Vim is an open source, command line text editor. Prior to version 9.2.0561, the Python omni-completion script in python3complete.vim for Vim with the +python3 interpreter enabled and the legacy pythoncomplete.vim for builds with the +python interpreter executes the import and from statements foun...

CVE-2026-52858

Vim before 9.2.0561 is vulnerable via Python omni-completion (python3complete.vim for +python3, and legacy pythoncomplete.vim for +python) where the current buffer’s sys.path allows importing and executing a sibling package’s top-level code when opening a hostile .py file. Root cause: omni-comple...

SUSE CVE-2026-34444

Lupa integrates the runtimes of Lua or LuaJIT2 into CPython. In 2.6 and earlier, attributefilter is not consistently applied when attributes are accessed through built-in functions like getattr and setattr. This allows an attacker to bypass the intended restrictions and eventually achieve arbitra...

CVE-2026-34444

Lupa integrates the runtimes of Lua or LuaJIT2 into CPython. In 2.6 and earlier, attributefilter is not consistently applied when attributes are accessed through built-in functions like getattr and setattr. This allows an attacker to bypass the intended restrictions and eventually achieve arbitra...

PT-2026-30661

Name of the Vulnerable Software and Affected Versions Lupa versions 2.6 and earlier Description Lupa integrates the runtimes of Lua or LuaJIT2 into CPython. In versions 2.6 and earlier, the attribute filter is not consistently applied when attributes are accessed through built-in functions like...

UBUNTU-CVE-2025-64183

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In versions 3.2.0 through 3.2.4, 3.3.0 through 3.3.5, and 3.4.0 through 3.4.2, there is a use-after-free in PyObjectStealAttrString of pyOpenEXRold.cpp...

PT-2025-14539 · Crates.Io · Pyo3

PyString::from object took &str arguments and forwarded them directly to the Python C API without checking for terminating nul bytes. This could lead the Python interpreter to read beyond the end of the &str data and potentially leak contents of the out-of-bounds read by raising a Python exceptio...

CVE-2021-41168

Summary. Snudown (reddit‑specific fork of Sundown) contains a vulnerability in the reference table hash implementation. The reference hashes use a weak hash function, enabling an attacker to generate many hash collisions, leading to a hash‑collision DoS attack and long retrieval times due to dupl...

Snudown 加密问题漏洞

Snudown is an open source package. It is a reddit-specific branch of the Sundown Markdown parser used by GitHub, with added Python integration. Snudown has a cryptographic problem vulnerability that can be exploited by attackers to conduct DoS attacks...

Modular File Scanning Analysis Framework: MultiScanner

MultiScanner is a file analysis framework that allows the user to evaluate a set of files with a set of tools. Tools can be custom built python scripts, web APIs, software running on another machine, etc. Tools are incorporated by creating modules that run in the MultiScanner framework. Modules a...

Btproxy - Man In The Middle Analysis Tool For Bluetooth

Tested Devices Pebble Steel smart watch Moto 360 smart watch OBDLink OBD-II Bluetooth Dongle Withings Smart Baby Monitor If you have tried anything else, please let me know at conorpp at vt dot edu. Dependencies Need at least 1 Bluetooth card either USB or internal. Need to be running Linux,...

Gnupg2 Memory Misreference Denial of Service Vulnerability

GnuPG is a Python module that allows, from a Python program, to conveniently use the key management, encryption and signing features of GnuPG. GnuPG suffers from a memory misreference denial of service vulnerability that allows an attacker to submit a special request to crash the application...