CVE-2026-52860 Vim: Arbitrary Code Execution via Python Omni-Completion

Vim is an open source, command line text editor. Prior to version 9.2.0597, Vim's Python omni-completion executes reconstructed function and class definitions from the current buffer with exec as part of populating the completion dictionary. Python evaluates function default values, parameter...

CVE-2026-52860

Vim before version 9.2.0597 is affected by a Python omni-completion vulnerability: reconstructed function and class definitions from the current buffer are executed via exec(), allowing attacker-controlled Python expressions to run during completion. This can impact confidentiality, integrity, an...

CVE-2026-52860

Vim is an open source, command line text editor. Prior to version 9.2.0597, Vim's Python omni-completion executes reconstructed function and class definitions from the current buffer with exec as part of populating the completion dictionary. Python evaluates function default values, parameter...

CVE-2026-52860

Vim is an open source, command line text editor. Prior to version 9.2.0597, Vim's Python omni-completion executes reconstructed function and class definitions from the current buffer with exec as part of populating the completion dictionary. Python evaluates function default values, parameter...

CVE-2026-52859 Vim: Out-of-bounds Read in Terminal Screen Snapshot

Vim is an open source, command line text editor. Prior to version 9.2.0565, the updatesnapshot function in src/terminal.c copies the visible terminal screen into the scrollback buffer when a snapshot is taken. For each screen cell it walks the cell's chars array with no upper bound, stopping only...

EUVD-2026-36283

Vim is an open source, command line text editor. Prior to version 9.2.0565, the updatesnapshot function in src/terminal.c copies the visible terminal screen into the scrollback buffer when a snapshot is taken. For each screen cell it walks the cell's chars array with no upper bound, stopping only...

CVE-2026-52859 Vim: Out-of-bounds Read in Terminal Screen Snapshot

Vim is an open source, command line text editor. Prior to version 9.2.0565, the updatesnapshot function in src/terminal.c copies the visible terminal screen into the scrollback buffer when a snapshot is taken. For each screen cell it walks the cell's chars array with no upper bound, stopping only...

CVE-2026-52859

CVE-2026-52859 : Vim contains an out-of-bounds read in update_snapshot() (src/terminal.c) when taking a terminal snapshot. For cells that fill all 6 slots, libvterm can omit a terminating NUL, causing the loop to read past the six-element chars[] and append extra data to the scrollback buffer. Af...

CVE-2026-52859

Vim is an open source, command line text editor. Prior to version 9.2.0565, the updatesnapshot function in src/terminal.c copies the visible terminal screen into the scrollback buffer when a snapshot is taken. For each screen cell it walks the cell's chars array with no upper bound, stopping only...

CVE-2026-52859

Vim is an open source, command line text editor. Prior to version 9.2.0565, the updatesnapshot function in src/terminal.c copies the visible terminal screen into the scrollback buffer when a snapshot is taken. For each screen cell it walks the cell's chars array with no upper bound, stopping only...

CVE-2026-48546

KanaDojo before 0.1.18 contains a sandbox escape vulnerability that allows an attacker to execute arbitrary code by exploiting the explicit passing of the global require function into a Node.js vm.runInNewContext sandbox context in the issue-auto-respond.yml workflow. Attackers can submit a pull...

A tale of two eras

Welcome to this week's edition of the Threat Source newsletter. To the surprise of absolutely no one who has seen my face, I'm one of the younger employees at Talos. As my industry veteran colleagues were buying the first iPods, navigating the switch from dial-up to broadband, saying goodbye to...

CVE-2026-48546 KanaDojo < 0.1.18 Sandbox Escape RCE via messages.cjs

KanaDojo before 0.1.18 contains a sandbox escape vulnerability that allows an attacker to execute arbitrary code by exploiting the explicit passing of the global require function into a Node.js vm.runInNewContext sandbox context in the issue-auto-respond.yml workflow. Attackers can submit a pull...

CVE-2026-48546 KanaDojo < 0.1.18 Sandbox Escape RCE via messages.cjs

KanaDojo before 0.1.18 contains a sandbox escape vulnerability that allows an attacker to execute arbitrary code by exploiting the explicit passing of the global require function into a Node.js vm.runInNewContext sandbox context in the issue-auto-respond.yml workflow. Attackers can submit a pull...

EUVD-2026-36273

KanaDojo before 0.1.18 contains a sandbox escape vulnerability that allows an attacker to execute arbitrary code by exploiting the explicit passing of the global require function into a Node.js vm.runInNewContext sandbox context in the issue-auto-respond.yml workflow. Attackers can submit a pull...

CVE-2026-48546

KanaDojo before 0.1.18 contains a sandbox-escape RCE in the issue-auto-respond.yml workflow. The root cause is explicit passing of the global require into a Node.js vm.runInNewContext() sandbox, allowing an attacker to modify messages.cjs to import arbitrary Node.js modules and achieve remote cod...

DEBIAN-CVE-2026-44489

Axios is a promise based HTTP client for the browser and Node.js. From 1.15.2 to before 1.16.0, nested objects created by utils.merge e.g., config.proxy are still constructed as plain with Object.prototype in their chain. The setProxy function at lib/adapters/http.js:209-223 reads proxy.username,...

CVE-2026-44489

Axios is a promise based HTTP client for the browser and Node.js. From 1.15.2 to before 1.16.0, nested objects created by utils.merge e.g., config.proxy are still constructed as plain with Object.prototype in their chain. The setProxy function at lib/adapters/http.js:209-223 reads proxy.username,...

UBUNTU-CVE-2026-44489

Axios is a promise based HTTP client for the browser and Node.js. From 1.15.2 to before 1.16.0, nested objects created by utils.merge e.g., config.proxy are still constructed as plain with Object.prototype in their chain. The setProxy function at lib/adapters/http.js:209-223 reads proxy.username,...

Wordfence Intelligence Weekly WordPress Vulnerability Report (June 1, 2026 to June 7, 2026)

Last week, there were 159 vulnerabilities disclosed in 142 WordPress Plugins and 2 WordPress Themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 96 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities...