CVE-2026-42850 Kitty has a shell command injection

Kitty is a cross-platform GPU based terminal. In versions prior to 0.47.0, it is possible to inject commands within the subshell through kitty error. A special escape code will make kitty return an error, this error is not escaped and will be correctly echoed back to the terminal with CRLF, as su...

CVE-2026-42850

Kitty is a cross-platform GPU based terminal. In versions prior to 0.47.0, it is possible to inject commands within the subshell through kitty error. A special escape code will make kitty return an error, this error is not escaped and will be correctly echoed back to the terminal with CRLF, as su...

CVE-2026-42850

Kitty is a cross-platform GPU based terminal. In versions prior to 0.47.0, it is possible to inject commands within the subshell through kitty error. A special escape code will make kitty return an error, this error is not escaped and will be correctly echoed back to the terminal with CRLF, as su...

CVE-2026-52859

A flaw was found in Vim, an open-source command-line text editor. This vulnerability allows a program displaying output in a Vim terminal window to trigger an out-of-bounds write by sending a specific byte sequence. This can lead to a crash of the Vim application, resulting in a Denial of Service...

PT-2026-48993

Name of the Vulnerable Software and Affected Versions kitty versions prior to 0.47.3 Description In the kitty GPU-based terminal, the OSC 21 color-control query reply reflects attacker-controlled bytes, including newlines, into the shell input without proper sanitization. Recommendations Update t...

EulerOS Virtualization 2.13.1 : vim (EulerOS-SA-2026-2392)

According to the versions of the vim packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Vim is an open source, command line text editor. Prior to version 9.2.0202, a command injection vulnerability exists in Vim's glob...

EulerOS Virtualization 2.13.0 : vim (EulerOS-SA-2026-2421)

According to the versions of the vim packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Vim is an open source, command line text editor. Prior to version 9.2.0202, a command injection vulnerability exists in Vim's glob...

ALPINE-CVE-2026-52859

Vim is an open source, command line text editor. Prior to version 9.2.0565, the updatesnapshot function in src/terminal.c copies the visible terminal screen into the scrollback buffer when a snapshot is taken. For each screen cell it walks the cell's chars array with no upper bound, stopping only...

CVE-2026-52859

Vim is an open source, command line text editor. Prior to version 9.2.0565, the updatesnapshot function in src/terminal.c copies the visible terminal screen into the scrollback buffer when a snapshot is taken. For each screen cell it walks the cell's chars array with no upper bound, stopping only...

UBUNTU-CVE-2026-52859

Vim is an open source, command line text editor. Prior to version 9.2.0565, the updatesnapshot function in src/terminal.c copies the visible terminal screen into the scrollback buffer when a snapshot is taken. For each screen cell it walks the cell's chars array with no upper bound, stopping only...

CVE-2026-52859 Vim: Out-of-bounds Read in Terminal Screen Snapshot

Vim is an open source, command line text editor. Prior to version 9.2.0565, the updatesnapshot function in src/terminal.c copies the visible terminal screen into the scrollback buffer when a snapshot is taken. For each screen cell it walks the cell's chars array with no upper bound, stopping only...

CVE-2026-52859 Vim: Out-of-bounds Read in Terminal Screen Snapshot

Vim is an open source, command line text editor. Prior to version 9.2.0565, the updatesnapshot function in src/terminal.c copies the visible terminal screen into the scrollback buffer when a snapshot is taken. For each screen cell it walks the cell's chars array with no upper bound, stopping only...

CVE-2026-52859

CVE-2026-52859 : Vim contains an out-of-bounds read in update_snapshot() (src/terminal.c) when taking a terminal snapshot. For cells that fill all 6 slots, libvterm can omit a terminating NUL, causing the loop to read past the six-element chars[] and append extra data to the scrollback buffer. Af...

CVE-2026-52859

Vim is an open source, command line text editor. Prior to version 9.2.0565, the updatesnapshot function in src/terminal.c copies the visible terminal screen into the scrollback buffer when a snapshot is taken. For each screen cell it walks the cell's chars array with no upper bound, stopping only...

EUVD-2026-36283

Vim is an open source, command line text editor. Prior to version 9.2.0565, the updatesnapshot function in src/terminal.c copies the visible terminal screen into the scrollback buffer when a snapshot is taken. For each screen cell it walks the cell's chars array with no upper bound, stopping only...

Ubuntu 20.04 LTS : Linux kernel (FIPS) vulnerabilities (USN-7701-2)

The remote Ubuntu 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-7701-2 advisory. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in...

FreeBSD : FreeBSD -- Integer overflow in vt(4) CONS_HISTORY ioctl (71036b90-6476-11f1-958d-bc241121aa0a)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 71036b90-6476-11f1-958d-bc241121aa0a advisory. The CONSHISTORY ioctl handler did not adequately validate the requested history size. A large value...

Vim 缓冲区错误漏洞

Vim is an open-source, cross-platform text editor developed by Vim. Versions of Vim prior to 9.2.0565 contained a buffer error vulnerability. This vulnerability stemmed from the updatesnapshot function, which performed a copy of the visible terminal screen into the scroll buffer. During this...

Linux Distros Unpatched Vulnerability : CVE-2026-52859

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vim is an open source, command line text editor. Prior to version 9.2.0565, the updatesnapshot function in src/terminal.c copies the visible terminal screen int...

PT-2026-48722

Name of the Vulnerable Software and Affected Versions Vim versions prior to 9.2.0565 Description The update snapshot function in src/terminal.c copies the visible terminal screen into the scrollback buffer during a snapshot. The process involves iterating through the chars array of each screen ce...