Lucene search
K

4731 matches found

EUVD
EUVD
added 2026/06/12 8:0 p.m.11 views

EUVD-2026-36555

Kitty is a cross-platform GPU based terminal. In versions prior to 0.47.0, a program able to write bytes to a kitty terminal — a remote SSH peer, a downloaded file viewed with cat, a log line, an email body rendered in less, an issue body in a TUI, etc. — can cause kitty to execute...

7.8CVSS5.6AI score0.00164EPSS
Exploits1References1
Debian CVE
Debian CVE
added 2026/06/12 7:59 p.m.8 views

CVE-2026-42850

Kitty is a cross-platform GPU based terminal. In versions prior to 0.47.0, it is possible to inject commands within the subshell through kitty error. A special escape code will make kitty return an error, this error is not escaped and will be correctly echoed back to the terminal with CRLF, as su...

8.8CVSS5.5AI score0.00287EPSS
Exploits1
AlpineLinux
AlpineLinux
added 2026/06/12 7:59 p.m.6 views

CVE-2026-42850

Kitty is a cross-platform GPU based terminal. In versions prior to 0.47.0, it is possible to inject commands within the subshell through kitty error. A special escape code will make kitty return an error, this error is not escaped and will be correctly echoed back to the terminal with CRLF, as su...

7.4CVSS5.6AI score0.00287EPSS
Exploits1References1
EUVD
EUVD
added 2026/06/12 7:59 p.m.9 views

EUVD-2026-36553

Kitty is a cross-platform GPU based terminal. In versions prior to 0.47.0, it is possible to inject commands within the subshell through kitty error. A special escape code will make kitty return an error, this error is not escaped and will be correctly echoed back to the terminal with CRLF, as su...

7.4CVSS5.5AI score0.00287EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/06/12 7:59 p.m.11 views

CVE-2026-42850 Kitty has a shell command injection

Kitty is a cross-platform GPU based terminal. In versions prior to 0.47.0, it is possible to inject commands within the subshell through kitty error. A special escape code will make kitty return an error, this error is not escaped and will be correctly echoed back to the terminal with CRLF, as su...

7.4CVSS5.5AI score0.00287EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/06/12 8:48 a.m.13 views

CVE-2026-52859

A flaw was found in Vim, an open-source command-line text editor. This vulnerability allows a program displaying output in a Vim terminal window to trigger an out-of-bounds write by sending a specific byte sequence. This can lead to a crash of the Vim application, resulting in a Denial of Service...

8.2CVSS5.2AI score0.00303EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/06/12 12:0 a.m.9 views

EulerOS Virtualization 2.13.0 : vim (EulerOS-SA-2026-2421)

According to the versions of the vim packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Vim is an open source, command line text editor. Prior to version 9.2.0202, a command injection vulnerability exists in Vim's glob...

8.2CVSS6.3AI score0.01162EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.13 views

PT-2026-48993

Name of the Vulnerable Software and Affected Versions kitty versions prior to 0.47.3 Description In the kitty GPU-based terminal, the OSC 21 color-control query reply reflects attacker-controlled bytes, including newlines, into the shell input without proper sanitization. Recommendations Update t...

7.3CVSS5.2AI score0.00166EPSS
Exploits1References6
Tenable Nessus
Tenable Nessus
added 2026/06/12 12:0 a.m.14 views

EulerOS Virtualization 2.13.1 : vim (EulerOS-SA-2026-2392)

According to the versions of the vim packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Vim is an open source, command line text editor. Prior to version 9.2.0202, a command injection vulnerability exists in Vim's glob...

8.2CVSS7.8AI score0.01162EPSS
Exploits0References11
OSV
OSV
added 2026/06/11 7:16 p.m.6 views

ALPINE-CVE-2026-52859

Vim is an open source, command line text editor. Prior to version 9.2.0565, the updatesnapshot function in src/terminal.c copies the visible terminal screen into the scrollback buffer when a snapshot is taken. For each screen cell it walks the cell's chars array with no upper bound, stopping only...

8.2CVSS5.5AI score0.00303EPSS
Exploits0References1
NVD
NVD
added 2026/06/11 7:16 p.m.17 views

CVE-2026-52859

Vim is an open source, command line text editor. Prior to version 9.2.0565, the updatesnapshot function in src/terminal.c copies the visible terminal screen into the scrollback buffer when a snapshot is taken. For each screen cell it walks the cell's chars array with no upper bound, stopping only...

8.2CVSS0.00303EPSS
Exploits0References3
OSV
OSV
added 2026/06/11 7:16 p.m.4 views

UBUNTU-CVE-2026-52859

Vim is an open source, command line text editor. Prior to version 9.2.0565, the updatesnapshot function in src/terminal.c copies the visible terminal screen into the scrollback buffer when a snapshot is taken. For each screen cell it walks the cell's chars array with no upper bound, stopping only...

8.2CVSS5.5AI score0.00303EPSS
Exploits0References6
CVE
CVE
added 2026/06/11 6:33 p.m.19 views

CVE-2026-52859

CVE-2026-52859 : Vim contains an out-of-bounds read in update_snapshot() (src/terminal.c) when taking a terminal snapshot. For cells that fill all 6 slots, libvterm can omit a terminating NUL, causing the loop to read past the six-element chars[] and append extra data to the scrollback buffer. Af...

8.2CVSS5.7AI score0.00303EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/06/11 6:33 p.m.8 views

CVE-2026-52859 Vim: Out-of-bounds Read in Terminal Screen Snapshot

Vim is an open source, command line text editor. Prior to version 9.2.0565, the updatesnapshot function in src/terminal.c copies the visible terminal screen into the scrollback buffer when a snapshot is taken. For each screen cell it walks the cell's chars array with no upper bound, stopping only...

6.9CVSS5.7AI score0.00303EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/11 6:33 p.m.35 views

CVE-2026-52859 Vim: Out-of-bounds Read in Terminal Screen Snapshot

Vim is an open source, command line text editor. Prior to version 9.2.0565, the updatesnapshot function in src/terminal.c copies the visible terminal screen into the scrollback buffer when a snapshot is taken. For each screen cell it walks the cell's chars array with no upper bound, stopping only...

6.9CVSS0.00303EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/11 6:33 p.m.10 views

EUVD-2026-36283

Vim is an open source, command line text editor. Prior to version 9.2.0565, the updatesnapshot function in src/terminal.c copies the visible terminal screen into the scrollback buffer when a snapshot is taken. For each screen cell it walks the cell's chars array with no upper bound, stopping only...

6.9CVSS5.7AI score0.00303EPSS
Exploits0References3
AlpineLinux
AlpineLinux
added 2026/06/11 6:33 p.m.7 views

CVE-2026-52859

Vim is an open source, command line text editor. Prior to version 9.2.0565, the updatesnapshot function in src/terminal.c copies the visible terminal screen into the scrollback buffer when a snapshot is taken. For each screen cell it walks the cell's chars array with no upper bound, stopping only...

8.2CVSS5.6AI score0.00303EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/11 12:0 a.m.11 views

PT-2026-48722

Name of the Vulnerable Software and Affected Versions Vim versions prior to 9.2.0565 Description The update snapshot function in src/terminal.c copies the visible terminal screen into the scrollback buffer during a snapshot. The process involves iterating through the chars array of each screen ce...

8.2CVSS5.5AI score0.00303EPSS
Exploits0References14
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.14 views

Vim 缓冲区错误漏洞

Vim is an open-source, cross-platform text editor developed by Vim. Versions of Vim prior to 9.2.0565 contained a buffer error vulnerability. This vulnerability stemmed from the updatesnapshot function, which performed a copy of the visible terminal screen into the scroll buffer. During this...

8.2CVSS5.6AI score0.00303EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/06/11 12:0 a.m.12 views

Linux Distros Unpatched Vulnerability : CVE-2026-52859

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vim is an open source, command line text editor. Prior to version 9.2.0565, the updatesnapshot function in src/terminal.c copies the visible terminal screen int...

8.2CVSS6AI score0.00303EPSS
Exploits0References3
Rows per page
Query Builder