8676 matches found
RLSA-2026:11510 Important: vim security update
Vim Vi IMproved is an updated and improved version of the vi editor. Security Fixes: vim: arbitrary command execution via modeline sandbox bypass CVE-2026-34982 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information, refer to...
Arbitrary Command Injection
Overview mcp-server-semgrep is a MCP Server for Semgrep Integration - static code analysis with AI Affected versions of this package are vulnerable to Arbitrary Command Injection via the analyzeresults, filterresults, exportresults, compareresults, scandirectory, or createrule functions in the MC...
IBM Langflow Desktop 代码注入漏洞
IBM Langflow Desktop is a desktop application for AI process orchestration developed by IBM. Versions 1.0.0 to 1.8.4 of IBM Langflow Desktop contain a code injection vulnerability. This vulnerability allows attackers to execute arbitrary commands with privileges to run the Langflow process,...
RockyLinux 8 : vim (RLSA-2026:11509)
The remote RockyLinux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:11509 advisory. vim: arbitrary command execution via modeline sandbox bypass CVE-2026-34982 Tenable has extracted the preceding description block directly from the RockyLinux...
Amazon Linux 2 : vim, --advisory ALAS2-2026-3251 (ALAS-2026-3251)
It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3251 advisory. A modeline sandbox bypass in Vim allows arbitrary OS command execution when a user opens a crafted file. The complete, guitabtooltip and printheader options are missing the PMLE flag, allowing a modeline ...
AlmaLinux 9 : vim (ALSA-2026:11510)
The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2026:11510 advisory. vim: arbitrary command execution via modeline sandbox bypass CVE-2026-34982 Tenable has extracted the preceding description block directly from the AlmaLinux...
MiracleLinux 8 : vim-8.0.1763-22.el8_10.3.ML.1 (AXSA:2026-517:10)
The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2026-517:10 advisory. vim: arbitrary command execution via modeline sandbox bypass CVE-2026-34982 Tenable has extracted the preceding description block directly from the MiracleLin...
RHEL 10 : openssh (RHSA-2026:12389)
The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:12389 advisory. OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files...
Important: vim
Issue Overview: A modeline sandbox bypass in Vim allows arbitrary OS command execution when a user opens a crafted file. The complete, guitabtooltip and printheader options are missing the PMLE flag, allowing a modeline to be executed. Additionally, the mapset function lacks a checksecure call,...
Exploit for OS Command Injection in Kubeai
CVE-2026-34940 — OS Command Injection in KubeAI via Model URL...
vim: arbitrary command execution via modeline sandbox bypass
A flaw was found in Vim. A modeline is used to set specific editor options directly from a text file. However, the complete, guitabtooltip, printheader options and the mapset function lack proper security checks, allowing an attacker to bypass restrictions and cause arbitrary OS command execution...
vim: arbitrary command execution via modeline sandbox bypass
A flaw was found in Vim. A modeline is used to set specific editor options directly from a text file. However, the complete, guitabtooltip, printheader options and the mapset function lack proper security checks, allowing an attacker to bypass restrictions and cause arbitrary OS command execution...
RHEL 10 : vim (RHSA-2026:11389)
The remote Redhat Enterprise Linux 10 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:11389 advisory. Vim Vi IMproved is an updated and improved version of the vi editor. Security Fixes: vim: arbitrary command execution via modeline sandbox bypass...
ALSA-2026:11509 Important: vim security update
Vim Vi IMproved is an updated and improved version of the vi editor. Security Fixes: vim: arbitrary command execution via modeline sandbox bypass CVE-2026-34982 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information, refer to...
Important: vim security update
Vim Vi IMproved is an updated and improved version of the vi editor. Security Fixes: vim: arbitrary command execution via modeline sandbox bypass CVE-2026-34982 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information, refer to...
Security Bulletin: Authenticated Remote Code Execution Vulnerability in Langflow Code Validation Endpoint
Summary IBM Langflow Desktop contains a vulnerability in its code validation functionality where the /api/v1/validate/code endpoint uses Python's exec to process user-supplied input and fails to account for decorator execution during function definition parsing, allowing authenticated attackers t...
vim: arbitrary command execution via modeline sandbox bypass
A flaw was found in Vim. A modeline is used to set specific editor options directly from a text file. However, the complete, guitabtooltip, printheader options and the mapset function lack proper security checks, allowing an attacker to bypass restrictions and cause arbitrary OS command execution...
ALSA-2026:11389 Important: vim security update
Vim Vi IMproved is an updated and improved version of the vi editor. Security Fixes: vim: arbitrary command execution via modeline sandbox bypass CVE-2026-34982 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information, refer to...
CVE-2026-33453
Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Apache Camel Camel-Coap component. Apache Camel's camel-coap component is vulnerable to Camel message header injection, leading to remote code execution when routes forward CoAP requests to...
CVE-2026-33277
An OS command Injection issue exists in LogonTracer prior to v2.0.0. An arbitrary OS command may be executed by a logged-in user...