19 matches found
CVE-2026-44656
A flaw was found in Vim, an open-source command-line text editor. An attacker who controls the contents of a file can exploit an OS command injection vulnerability in Vim's :find command-line completion. This occurs when the path option, which can be set from a modeline, contains backtick-enclose...
Vim < 9.2.0357 Command Injection via Tag Filenames (GHSA-cwgx-gcj7-6qh8)
The version of Vim installed on the remote host is prior to 9.2.0357. It is, therefore, affected by a vulnerability as referenced in the GHSA-cwgx-gcj7-6qh8 advisory. - A command injection vulnerability exists in Vim's tag file processing. A malicious tags file containing backtick-enclosed shell...
Vim < 9.2.0435 OS Command Injection (GHSA-hwg5-3cxw-wvvg)
The version of Vim installed on the remote host is prior to 9.2.0435. It is, therefore, affected by a vulnerability as referenced in the GHSA-hwg5-3cxw-wvvg advisory. - Vim's :find command-line completion feature is affected by an OS command injection vulnerability. When the path option contains...
Linux Distros Unpatched Vulnerability : CVE-2026-44656
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vim is an open source, command line text editor. Prior to version 9.2.0435, an OS command injection vulnerability exists in Vim's :find command-line completion...
CVE-2026-44656
Vim is an open source, command line text editor. Prior to version 9.2.0435, an OS command injection vulnerability exists in Vim's :find command-line completion. When the path option contains backtick-enclosed shell commands, those commands are executed during file name completion. Because the pat...
CVE-2026-44656
Vim is an open source, command line text editor. Prior to version 9.2.0435, an OS command injection vulnerability exists in Vim's :find command-line completion. When the path option contains backtick-enclosed shell commands, those commands are executed during file name completion. Because the pat...
UBUNTU-CVE-2026-44656
Vim is an open source, command line text editor. Prior to version 9.2.0435, an OS command injection vulnerability exists in Vim's :find command-line completion. When the path option contains backtick-enclosed shell commands, those commands are executed during file name completion. Because the pat...
CVE-2026-44656 Vim: OS Command Injection via 'path' completion
Vim is an open source, command line text editor. Prior to version 9.2.0435, an OS command injection vulnerability exists in Vim's :find command-line completion. When the path option contains backtick-enclosed shell commands, those commands are executed during file name completion. Because the pat...
CVE-2026-44656
Vim is an open source, command line text editor. Prior to version 9.2.0435, an OS command injection vulnerability exists in Vim's :find command-line completion. When the path option contains backtick-enclosed shell commands, those commands are executed during file name completion. Because the pat...
CVE-2026-44656
Vim is an open source, command line text editor. Prior to version 9.2.0435, an OS command injection vulnerability exists in Vim's :find command-line completion. When the path option contains backtick-enclosed shell commands, those commands are executed during file name completion. Because the pat...
EUVD-2026-24086
FreePBX api module version 17.0.8 and prior contain a command injection vulnerability in the initiateGqlAPIProcess function where GraphQL mutation input fields are passed directly to shellexec without sanitization or escaping. An authenticated user with a valid bearer token can send a GraphQL...
PT-2026-33931
FreePBX api module version 17.0.8 and prior contain a command injection vulnerability in the initiateGqlAPIProcess function where GraphQL mutation input fields are passed directly to shell exec without sanitization or escaping. An authenticated user with a valid bearer token can send a GraphQL...
Linux Distros Unpatched Vulnerability : CVE-2026-33641
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.3, Glances supports dynamic configuration values in which substrings...
SUSE CVE-2026-33641
Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.3, Glances supports dynamic configuration values in which substrings enclosed in backticks are executed as system commands during configuration parsing. This behavior occurs in Config.getvalue and is implemented...
DEBIAN-CVE-2026-33641
Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.3, Glances supports dynamic configuration values in which substrings enclosed in backticks are executed as system commands during configuration parsing. This behavior occurs in Config.getvalue and is implemented...
UBUNTU-CVE-2026-33641
Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.3, Glances supports dynamic configuration values in which substrings enclosed in backticks are executed as system commands during configuration parsing. This behavior occurs in Config.getvalue and is implemented...
CVE-2026-33641
Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.3, Glances supports dynamic configuration values in which substrings enclosed in backticks are executed as system commands during configuration parsing. This behavior occurs in Config.getvalue and is implemented...
CVE-2026-33641
Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.3, Glances supports dynamic configuration values in which substrings enclosed in backticks are executed as system commands during configuration parsing. This behavior occurs in Config.getvalue and is implemented...
SUSE CVE-2015-8327
Incomplete blacklist vulnerability in util.c in foomatic-rip in cups-filters 1.0.42 before 1.2.0 and in foomatic-filters in Foomatic 4.0.x allows remote attackers to execute arbitrary commands via backtick characters in a print job...