CVE-2026-52860 Vim: Arbitrary Code Execution via Python Omni-Completion

Vim is an open source, command line text editor. Prior to version 9.2.0597, Vim's Python omni-completion executes reconstructed function and class definitions from the current buffer with exec as part of populating the completion dictionary. Python evaluates function default values, parameter...

CVE-2026-52860 Vim: Arbitrary Code Execution via Python Omni-Completion

Vim is an open source, command line text editor. Prior to version 9.2.0597, Vim's Python omni-completion executes reconstructed function and class definitions from the current buffer with exec as part of populating the completion dictionary. Python evaluates function default values, parameter...

CVE-2026-52858 Vim: Arbitrary Code Execution via Python Omni-Completion

Vim is an open source, command line text editor. Prior to version 9.2.0561, the Python omni-completion script in python3complete.vim for Vim with the +python3 interpreter enabled and the legacy pythoncomplete.vim for builds with the +python interpreter executes the import and from statements foun...

CVE-2026-52858 Vim: Arbitrary Code Execution via Python Omni-Completion

Vim is an open source, command line text editor. Prior to version 9.2.0561, the Python omni-completion script in python3complete.vim for Vim with the +python3 interpreter enabled and the legacy pythoncomplete.vim for builds with the +python interpreter executes the import and from statements foun...

CVE-2026-52858

Vim before 9.2.0561 is vulnerable via Python omni-completion (python3complete.vim for +python3, and legacy pythoncomplete.vim for +python) where the current buffer’s sys.path allows importing and executing a sibling package’s top-level code when opening a hostile .py file. Root cause: omni-comple...

CVE-2026-48546

KanaDojo before 0.1.18 contains a sandbox escape vulnerability that allows an attacker to execute arbitrary code by exploiting the explicit passing of the global require function into a Node.js vm.runInNewContext sandbox context in the issue-auto-respond.yml workflow. Attackers can submit a pull...

EUVD-2026-36293

An integer overflow flaw was found in the SASL I/O layer of 389 Directory Server 389-ds-base. In sasliostartpacket, adding sizeofuint32t to a crafted SASL packet length prefix of 0xFFFFFFFC causes unsigned wraparound to zero, bypassing the nsslapd-maxsasliosize limit and leading to a heap buffer...

CVE-2026-11774 389-ds-base: 389-ds-base: integer overflow in sasl packet length bypasses size limit leading to heap buffer overflow

An integer overflow flaw was found in the SASL I/O layer of 389 Directory Server 389-ds-base. In sasliostartpacket, adding sizeofuint32t to a crafted SASL packet length prefix of 0xFFFFFFFC causes unsigned wraparound to zero, bypassing the nsslapd-maxsasliosize limit and leading to a heap buffer...

CVE-2026-11774 389-ds-base: 389-ds-base: integer overflow in sasl packet length bypasses size limit leading to heap buffer overflow

An integer overflow flaw was found in the SASL I/O layer of 389 Directory Server 389-ds-base. In sasliostartpacket, adding sizeofuint32t to a crafted SASL packet length prefix of 0xFFFFFFFC causes unsigned wraparound to zero, bypassing the nsslapd-maxsasliosize limit and leading to a heap buffer...

CVE-2026-11774

An integer overflow flaw was found in the SASL I/O layer of 389 Directory Server 389-ds-base. In sasliostartpacket, adding sizeofuint32t to a crafted SASL packet length prefix of 0xFFFFFFFC causes unsigned wraparound to zero, bypassing the nsslapd-maxsasliosize limit and leading to a heap buffer...

CVE-2026-11774

CVE-2026-11774 affects the SASL I/O layer in 389-ds-base (389 Directory Server). A crafted SASL packet with a length prefix of 0xFFFFFFFC triggers an unsigned wraparound when sasl_io_start_packet() adds sizeof(uint32_t), bypassing nsslapd-maxsasliosize and causing a heap buffer overflow of up to ...

CVE-2026-48546 KanaDojo < 0.1.18 Sandbox Escape RCE via messages.cjs

KanaDojo before 0.1.18 contains a sandbox escape vulnerability that allows an attacker to execute arbitrary code by exploiting the explicit passing of the global require function into a Node.js vm.runInNewContext sandbox context in the issue-auto-respond.yml workflow. Attackers can submit a pull...

EUVD-2026-36273

KanaDojo before 0.1.18 contains a sandbox escape vulnerability that allows an attacker to execute arbitrary code by exploiting the explicit passing of the global require function into a Node.js vm.runInNewContext sandbox context in the issue-auto-respond.yml workflow. Attackers can submit a pull...

CVE-2026-48546 KanaDojo < 0.1.18 Sandbox Escape RCE via messages.cjs

KanaDojo before 0.1.18 contains a sandbox escape vulnerability that allows an attacker to execute arbitrary code by exploiting the explicit passing of the global require function into a Node.js vm.runInNewContext sandbox context in the issue-auto-respond.yml workflow. Attackers can submit a pull...

CVE-2026-48546

KanaDojo before 0.1.18 contains a sandbox-escape RCE in the issue-auto-respond.yml workflow. The root cause is explicit passing of the global require into a Node.js vm.runInNewContext() sandbox, allowing an attacker to modify messages.cjs to import arbitrary Node.js modules and achieve remote cod...

CodeIgniter4 has a validation bypass when uploading file extensions via `ext_in` rule

Impact The extin upload validation rule checked the MIME-derived guessed extension instead of the client-provided filename extension. As a result, an uploaded file named shell.php containing GIF-like content could pass validation such as:...

CVE-2026-46529

A flaw was found in Atril, Evince and Xreader. A malicious link inside a specially crafted PDF document can cause arbitrary code execution when clicked due to improper quoting of attacker-controlled PDF link-destination fields during remote go-to /GoToR actions. This issue allows an attacker to...

SUSE-SU-2026:2378-1 Security update for webkit2gtk3

This update for webkit2gtk3 fixes the following issues Update to version 2.52.4: - CVE-2026-28847: processing maliciously crafted web content may lead to an unexpected process crash or arbitrary code execution due to a heap buffer overflow bsc1267506. - CVE-2026-28883: processing maliciously...

CVE-2026-8637

A potential uncontrolled search path vulnerability was reported in the LanSchool Classic client application that could allow a local authenticated user to execute arbitrary code with elevated privileges...

CVE-2026-52751

Ghidra before 12.1 contains an unsafe deserialization vulnerability in client-side Shared-Project RMI connection code that allows unauthenticated remote code execution. Attackers can craft a malicious project file with a ghidra:// URL that, when opened via File → Open Project, deserializes...