CVE-2026-28420 Vim has Heap-based Buffer Overflow and OOB Read in :terminal

Vim is an open source, command line text editor. Prior to version 9.2.0076, a heap-based buffer overflow WRITE and an out-of-bounds READ exist in Vim's terminal emulator when processing maximum combining characters from Unicode supplementary planes. Version 9.2.0076 fixes the issue...

CVE-2026-28420 Vim has Heap-based Buffer Overflow and OOB Read in :terminal

Vim is an open source, command line text editor. Prior to version 9.2.0076, a heap-based buffer overflow WRITE and an out-of-bounds READ exist in Vim's terminal emulator when processing maximum combining characters from Unicode supplementary planes. Version 9.2.0076 fixes the issue...

CVE-2026-28420 Vim has Heap-based Buffer Overflow and OOB Read in :terminal

Vim is an open source, command line text editor. Prior to version 9.2.0076, a heap-based buffer overflow WRITE and an out-of-bounds READ exist in Vim's terminal emulator when processing maximum combining characters from Unicode supplementary planes. Version 9.2.0076 fixes the issue...

CVE-2026-28420

Vim is an open source, command line text editor. Prior to version 9.2.0076, a heap-based buffer overflow WRITE and an out-of-bounds READ exist in Vim's terminal emulator when processing maximum combining characters from Unicode supplementary planes. Version 9.2.0076 fixes the issue...

EUVD-2026-9088

Vim is an open source, command line text editor. Prior to version 9.2.0076, a heap-based buffer overflow WRITE and an out-of-bounds READ exist in Vim's terminal emulator when processing maximum combining characters from Unicode supplementary planes. Version 9.2.0076 fixes the issue...

CVE-2026-28420

Vim has a heap-based buffer overflow (WRITE) and an out-of-bounds read (READ) in its terminal emulator when processing maximum Unicode supplementary plane combining characters. This affects Vim versions prior to 9.2.0076. The issue is resolved in 9.2.0076, per the advisories and CVE records. Down...

CVE-2026-28420

Vim is an open source, command line text editor. Prior to version 9.2.0076, a heap-based buffer overflow WRITE and an out-of-bounds READ exist in Vim's terminal emulator when processing maximum combining characters from Unicode supplementary planes. Version 9.2.0076 fixes the issue...

CVE-2026-28420

Vim is an open source, command line text editor. Prior to version 9.2.0076, a heap-based buffer overflow WRITE and an out-of-bounds READ exist in Vim's terminal emulator when processing maximum combining characters from Unicode supplementary planes. Version 9.2.0076 fixes the issue...

PT-2026-22419

Name of the Vulnerable Software and Affected Versions Vim versions prior to 9.2.0076 Description Vim is an open source, command line text editor. A heap-based buffer overflow WRITE and an out-of-bounds READ exist in Vim's terminal emulator when processing maximum combining characters from Unicode...

MiracleLinux 4 : screen-4.0.3-19.0.1.AXS4 (AXSA:2021-1631:02)

The remote MiracleLinux 4 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2021-1631:02 advisory. screen: crash when processing combining chars CVE-2021-26937 Tenable has extracted the preceding description block directly from the MiracleLinux security...

MiracleLinux 7 : screen-4.1.0-0.27.20120314git3c2946.el7 (AXSA:2021-1601:01)

The remote MiracleLinux 7 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2021-1601:01 advisory. screen: crash when processing combining chars CVE-2021-26937 Tenable has extracted the preceding description block directly from the MiracleLinux security...

MiracleLinux 4 : xterm-253-1.0.1.AXS4 (AXSA:2021-1537:02)

The remote MiracleLinux 4 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2021-1537:02 advisory. xterm: crash when processing combining characters CVE-2021-27135 CVEs: CVE-2021-27135 Tenable has extracted the preceding description block directly from the...

MiracleLinux 7 : xterm-295-3.el7.1 (AXSA:2021-1554:03)

The remote MiracleLinux 7 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2021-1554:03 advisory. xterm: crash when processing combining characters CVE-2021-27135 Tenable has extracted the preceding description block directly from the MiracleLinux securit...

PT-2026-25059

Name of the Vulnerable Software and Affected Versions Vim versions 9.1.0011 through 9.2.0136 Description Vim, a command line text editor, has an issue where its NFA regex compiler can experience a segmentation fault. This occurs when the compiler encounters a character range containing a combinin...

EUVD-2025-35736

The ComboServlet in Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.2, 2023.Q3.1 through 2023.Q3.5, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions does not limit the number or size of the files i...

URI Credential Leakage Bypass

A vulnerability in the URI library bundled with Ruby allows sensitive user credentials such as usernames or passwords in a URI to be unintentionally leaked when combining URIs using the + operator. This issue bypasses the previous fix for CVE-2025-27221. The issue affects Ruby's built-in URI...

SUSE CVE-2024-46689

In the Linux kernel, the following vulnerability has been resolved: soc: qcom: cmd-db: Map shared memory as WC, not WB Linux does not write into cmd-db region. This region of memory is write protected by XPU. XPU may sometime falsely detect clean cache eviction as "write" into the write protected...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from mapping shared memory as WC instead of WB, which could lead to a security outage and an infinite loop in the...

CVE-2017-20190

Some Microsoft technologies as used in Windows 8 through 11 allow a temporary client-side performance degradation during processing of multiple Unicode combining characters, aka a "Zalgo text" attack. NOTE: third parties dispute whether the computational cost of interpreting Unicode data should b...

CVE-2017-20190

Some Microsoft technologies as used in Windows 8 through 11 allow a temporary client-side performance degradation during processing of multiple Unicode combining characters, aka a "Zalgo text" attack. NOTE: third parties dispute whether the computational cost of interpreting Unicode data should b...