vim: Vim: Arbitrary code execution via 'helpfile' option processing

A flaw was found in Vim, an open source, command line text editor. This heap buffer overflow vulnerability exists in the tag file resolution logic when processing the 'helpfile' option. A local user could exploit this by providing a specially crafted 'helpfile' option value, leading to a heap...

freerdp: FreeRDP: Arbitrary code execution via heap buffer overflow in GDI surface pipeline

A flaw was found in FreeRDP, a free implementation of the Remote Desktop Protocol RDP. A malicious RDP server can exploit a heap buffer overflow vulnerability by sending a specially crafted graphics command to a FreeRDP client. This allows the server to write data outside of its intended memory...

freerdp: FreeRDP: Arbitrary code execution via heap out-of-bounds write in RLE planar decode path

A flaw was found in FreeRDP, a free implementation of the Remote Desktop Protocol RDP. A malicious RDP server can exploit a heap out-of-bounds write vulnerability in the planardecompressplanerle function. This vulnerability allows the server to write past the end of a temporary buffer, potentiall...

Important: Red Hat Security Advisory: freerdp security update

An update for freerdp is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support and Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerabili...

vim: Vim: Arbitrary code execution via 'helpfile' option processing

A flaw was found in Vim, an open source, command line text editor. This heap buffer overflow vulnerability exists in the tag file resolution logic when processing the 'helpfile' option. A local user could exploit this by providing a specially crafted 'helpfile' option value, leading to a heap...

vim: Vim: Arbitrary code execution via command injection in glob() function

A flaw was found in Vim. By including a newline character in a pattern passed to Vim's glob function, an attacker may be able to execute arbitrary shell commands. This command injection vulnerability allows for arbitrary code execution, depending on the user's shell settings...

dye 代码注入漏洞

Dye is a portable library developed by Mattie’s personal developer, designed for adding colors and styles to shell script outputs. Versions of dye prior to 1.1.1 contained a code injection vulnerability; this vulnerability stemmed from certain template expressions that could allow arbitrary code ...

Ubuntu: Security Advisory (USN-8146-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

RHEL 8 : freerdp (RHSA-2026:6616)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:6616 advisory. FreeRDP is a free implementation of the Remote Desktop Protocol RDP, released under the Apache license. The xfreerdp client can connect to R...

RHEL 7 : vim (RHSA-2026:6617)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:6617 advisory. Vim Vi IMproved is an updated and improved version of the vi editor. Security Fixes: vim: Vim: Arbitrary code execution via 'helpfile' optio...

Text Generation Web UI 路径遍历漏洞

Text Generation Web UI is a local AI UI interface developed by oobabooga’s individual developer. Versions of Text Generation Web UI prior to 4.1.1 contained a path traversal vulnerability. This vulnerability stems from allowing extended settings to be saved in the py format, which can overwrite...

PT-2026-30661

Name of the Vulnerable Software and Affected Versions Lupa versions 2.6 and earlier Description Lupa integrates the runtimes of Lua or LuaJIT2 into CPython. In versions 2.6 and earlier, the attribute filter is not consistently applied when attributes are accessed through built-in functions like...

RHEL 9 : vim (RHSA-2026:6619)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:6619 advisory. Vim Vi IMproved is an updated and improved version of the vi editor. Security Fixes: vim: Vim: Arbitrary code execution via 'helpfile' optio...

BentoML 安全漏洞

BentoML is an open-source model service library developed by BentoML. It is used to build high-performance and scalable artificial intelligence applications using Python. Versions of BentoML prior to 1.4.38 contained a security vulnerability. This vulnerability stemmed from the Dockerfile...

RHEL 8 : freerdp (RHSA-2026:6712)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:6712 advisory. FreeRDP is a free implementation of the Remote Desktop Protocol RDP, released under the Apache license. The xfreerdp client can connect to R...

RHEL 9 : vim (RHSA-2026:6620)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:6620 advisory. Vim Vi IMproved is an updated and improved version of the vi editor. Security Fixes: vim: Vim: Arbitrary code execution via 'helpfile' optio...

CVE-2019-25685

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

Incomplete Filtering of Special Elements

Overview PyBlade is a PyBlade is a lightweight template engine for Python, initially designed for Django. Inspired by Laravel's Blade and Livewire, it simplifies dynamic template creation with developer-friendly @-based directives and component support, all while prioritizing security. Affected...

Linux Distros Unpatched Vulnerability : CVE-2026-33641

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.3, Glances supports dynamic configuration values in which substrings...

SUSE CVE-2026-3308

An integer overflow vulnerability in 'pdf-image.c' in Artifex's MuPDF version 1.27.0 allows an attacker to maliciously craft a PDF that can trigger an integer overflow within the 'pdfloadimageimp' function. This allows a heap out-of-bounds write that could be exploited for arbitrary code executio...