CVE-2026-5525

A stack-based buffer overflow vulnerability exists in Notepad++ version 8.9.3 in the file drop handler component. When a user drags and drops a directory path of exactly 259 characters without a trailing backslash, the application appends a backslash and null terminator without proper bounds...

Dasel: Index-out-of-range panic in dasel selector lexer on trailing backslash in quoted string

Summary dasel's selector lexer panics with an index-out-of-range error when tokenizing a quoted string that ends with a trailing backslash e.g., "\ or '. A 2-byte input causes an immediate process crash via Go runtime panic. I confirmed the issue on v3.3.1 fba653c7f248aff10f2b89fca93929b64707dfc8...

PT-2026-42044

Summary dasel's selector lexer panics with an index-out-of-range error when tokenizing a quoted string that ends with a trailing backslash e.g., " or '. A 2-byte input causes an immediate process crash via Go runtime panic. I confirmed the issue on v3.3.1 fba653c7f248aff10f2b89fca93929b64707dfc8...

CLSA-2026-1777545655 vim: Fix of 10 CVEs

CVE-2021-3928: in suggesttriewalk only credit a non-word-char boundary with SCORENONWORD when preword is non-empty, so spell suggestions do not read uninitialized memory behind preword. - CVE-2021-3974: in nfaregmatch NFAMARK / NFAMARKGT / NFAMARKLT, save reginput - regline and re-fetch regline...

CLSA-2026-1777540724 cups: Fix of CVE-2023-4504

CVE-2023-4504: fix heap-based buffer overflow in cups raster-interpret PPD PostScript scanner; scanps in filter/interpret.c now returns NULL on a lone trailing backslash escape sequence rather than reading past the buffer terminator...

Notepad++ <= 8.9.3 Stack-based Buffer Overflow (CVE-2026-5525)

The version of Notepad++ installed on the remote host is 8.9.3 or earlier. It is, therefore, affected by a stack-based buffer overflow vulnerability: - A stack-based buffer overflow exists in the file drop handler component WMDROPFILES. When a user drags and drops a directory path of exactly 259...

CVE-2026-5525

CVE-2026-5525 affects Notepad++ up to version 8.9.3. The issue is a stack-based buffer overflow in the file drop handler (WM_DROPFILES) when dropping a directory path of exactly 259 characters without a trailing backslash. The handler appends a backslash and a null terminator without proper bound...

GHSA-93M4-6634-74Q7 vite allows server.fs.deny bypass via backslash on Windows

Summary Files denied by server.fs.deny were sent if the URL ended with \ when the dev server is running on Windows. Impact Only apps that match the following conditions are affected: - explicitly exposes the Vite dev server to the network using --host or server.host config option - running the de...

PT-2025-42804

Name of the Vulnerable Software and Affected Versions Vite versions 2.9.18 through 3.0.0 Vite versions 3.2.9 through 4.0.0 Vite versions 4.5.3 through 5.0.0 Vite versions 5.2.6 through 5.4.21 Vite versions 6.0.0 through 6.4.1 Vite versions 7.0.0 through 7.0.8 Vite versions 7.1.0 through 7.1.11...

VulnCheck KEV: CVE-2019-15846

Exim before 4.92.2 allows remote attackers to execute arbitrary code as root via a trailing backslash...

SUSE CVE-2004-1316

Heap-based buffer overflow in MSGUnEscapeSearchUrl in nsNNTPProtocol.cpp for Mozilla 1.7.3 and earlier allows remote attackers to cause a denial of service application crash via an NNTP URL news: with a trailing '' backslash character, which prevents a string from being NULL terminated...

SUSE CVE-2019-15846

Exim before 4.92.2 allows remote attackers to execute arbitrary code as root via a trailing backslash...

CLSA-2022-1653329020 Fix CVE(s): CVE-2022-1629, CVE-2022-1616, CVE-2022-1620, CVE-2022-1621, CVE-2022-1619

SECURITY UPDATE: Going before the start of the command line - debian/patches/CVE-2022-1619.patch: Check already being at the start of the command line - CVE-2022-1619 SECURITY UPDATE: NULL pointer access when using invalid pattern - debian/patches/CVE-2022-1620.patch: Check for failed regexp...

CLSA-2022-1653328424 Fixed CVEs in vim: CVE-2022-1616, CVE-2022-1621, CVE-2022-1620, CVE-2022-1629, CVE-2022-1619

CVE-2022-1619: fix going before the command line start with latin1 encoding - CVE-2022-1620: fix NULL pointer dereference when using invalig regexp - CVE-2022-1621: fix to avoid adding invalid bytes with :spellgood - CVE-2022-1629: fix reading past end of line if ended with trailing backslash -...

Fixed CVEs in vim: CVE-2022-1620, CVE-2022-1616, CVE-2022-1629, CVE-2022-1621, CVE-2022-1619

CVE-2022-1619: fix going before the command line start with latin1 encoding - CVE-2022-1620: fix NULL pointer dereference when using invalig regexp - CVE-2022-1621: fix to avoid adding invalid bytes with :spellgood - CVE-2022-1629: fix reading past end of line if ended with trailing backslash -...

CLSA-2022-1653006752 Fixed CVEs in vim: CVE-2022-1620, CVE-2022-1616, CVE-2022-1629, CVE-2022-1621, CVE-2022-1619

CVE-2022-1619: fix going before the command line start with latin1 encoding - CVE-2022-1620: fix NULL pointer dereference when using invalig regexp - CVE-2022-1621: fix to avoid adding invalid bytes with :spellgood - CVE-2022-1629: fix reading past end of line if ended with trailing backslash -...

UBUNTU-CVE-2021-3156

Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via "sudoedit -s" and a command-line argument that ends with a single backslash character...

Amazon Linux AMI : exim (ALAS-2019-1277)

Exim before 4.92.2 allows remote attackers to execute arbitrary code as root via a trailing backslash.CVE-2019-15846 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Amazon Linux AMI Security Advisory ALAS-2019-1277. include'compat.inc'; ...

DEBIAN-CVE-2019-15846

Exim before 4.92.2 allows remote attackers to execute arbitrary code as root via a trailing backslash...

CVE-2019-15846

Exim before 4.92.2 allows remote attackers to execute arbitrary code as root via a trailing backslash...