Lucene search
K

1588 matches found

Nuclei
Nuclei
added 7 hours ago78 views

Ametys CMS Information Disclosure

Ametys CMS before 4.5.0 allows a remote unauthenticated attacker to read documents such as plugins/web/service/search/auto-completion/domain/en.xml and similar pathnames for other languages via the auto-completion plugin, which contain all characters typed by all users, including the content of...

5.3CVSS6.2AI score0.13372EPSS
Exploits2References5
CVE
CVE
added yesterday7 views

CVE-2026-53365

CVE-2026-53365 concerns the Linux kernel patch for vsock/virtio zerocopy completion across multi-skb sends. The fix ensures zerocopy uarg is allocated before the send loop and attached to every skb via skb_zcopy_set(), so each skb carries a reference and completion decrements correctly. This prev...

6AI score
Exploits0References3
RedhatCVE
RedhatCVE
added yesterday6 views

CVE-2026-59858

A command injection vulnerability in Vim's C omni-completion script allows an attacker to execute arbitrary commands if a user is tricked into opening a maliciously crafted tags file and manually invoking the autocomplete feature. Mitigation Users are advised to avoid opening untrusted C source...

8.4CVSS6.3AI score0.00137EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added yesterday7 views

CVE-2026-59856

A flaw was found in Vim, an open-source command-line text editor. The PHP omni-completion script improperly handles specially crafted input. When a victim opens a malicious PHP file and invokes omni-completion, an unescaped class or trait name can be interpreted as Ex commands. This allows a remo...

8.4CVSS6.2AI score0.00169EPSS
Exploits1References5
EUVD
EUVD
added 3 days ago7 views

EUVD-2026-43162

The WCFM – Frontend Manager for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 6.7.27 via the wcfmproductarchive due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with...

4.3CVSS6.2AI score0.0025EPSS
Exploits0References12
CVE
CVE
added 4 days ago7 views

CVE-2026-12761

Summary (CVE-2026-12761) The miniOrange Social Login and Register plugin for WordPress is vulnerable through the Profile Completion OTP flow in versions up to and including 7.7.0. The flow accepts an arbitrary email via the email_field POST parameter and does not verify that the email belongs to ...

9.8CVSS6.2AI score0.00463EPSS
Exploits0References6
CVE
CVE
added 4 days ago7 views

CVE-2026-46388

CVE-2026-46388 affects osquery. Prior to version 5.23.1, unprivileged attackers could read contents of an osquery file carve before the carve completes, due to in-progress carve directories not being created with private permissions. If the carve targets a directory the attacker controls, arbitra...

4.4CVSS6.2AI score0.00094EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 4 days ago7 views

Linux Distros Unpatched Vulnerability : CVE-2026-59856

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vim is an open source, command line text editor. Prior to 9.2.0736, the PHP omni-completion script in runtime/autoload/phpcomplete.vim interpolates a class or...

8.4CVSS6.2AI score0.00169EPSS
Exploits1References4
NVD
NVD
added 5 days ago6 views

CVE-2026-59856

Vim is an open source, command line text editor. Prior to 9.2.0736, the PHP omni-completion script in runtime/autoload/phpcomplete.vim interpolates a class or trait name, taken from the contents of the edited buffer, into a search pattern that is run via winexecute without escaping. A name...

8.4CVSS0.00169EPSS
Exploits1References2
NVD
NVD
added 5 days ago6 views

CVE-2026-59858

Vim is an open source, command line text editor. Prior to 9.2.0735, the C omni-completion script in runtime/autoload/ccomplete.vim interpolates the typeref: or typename: extension field of a tags entry, without escaping, into a :vimgrep pattern that is run through :execute. Because :vimgrep honor...

8.4CVSS0.00137EPSS
Exploits0References2
Debian CVE
Debian CVE
added 5 days ago5 views

CVE-2026-59856

Vim is an open source, command line text editor. Prior to 9.2.0736, the PHP omni-completion script in runtime/autoload/phpcomplete.vim interpolates a class or trait name, taken from the contents of the edited buffer, into a search pattern that is run via winexecute without escaping. A name...

8.4CVSS6.3AI score0.00169EPSS
Exploits1
ATTACKERKB
ATTACKERKB
added 5 days ago6 views

CVE-2026-59856

Vim is an open source, command line text editor. Prior to 9.2.0736, the PHP omni-completion script in runtime/autoload/phpcomplete.vim interpolates a class or trait name, taken from the contents of the edited buffer, into a search pattern that is run via winexecute without escaping. A name...

8.4CVSS6.2AI score0.00169EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 5 days ago45 views

CVE-2026-59856 Vim: Arbitrary Code Execution via PHP Omni-Completion

Vim is an open source, command line text editor. Prior to 9.2.0736, the PHP omni-completion script in runtime/autoload/phpcomplete.vim interpolates a class or trait name, taken from the contents of the edited buffer, into a search pattern that is run via winexecute without escaping. A name...

8.4CVSS0.00169EPSS
Exploits1References2
CVE
CVE
added 5 days ago11 views

CVE-2026-59856

Vim (opensource editor) vulnerability CVE-2026-59856 affects versions prior to 9.2.0736. The PHP omni-completion script in runtime/autoload/phpcomplete.vim interpolates a class/trait name from the edited buffer into a search() pattern executed by win_execute() without escaping. If the name contai...

8.4CVSS6.2AI score0.00169EPSS
Exploits1References2Affected Software1
AlpineLinux
AlpineLinux
added 5 days ago4 views

CVE-2026-59856

Vim is an open source, command line text editor. Prior to 9.2.0736, the PHP omni-completion script in runtime/autoload/phpcomplete.vim interpolates a class or trait name, taken from the contents of the edited buffer, into a search pattern that is run via winexecute without escaping. A name...

8.4CVSS6.3AI score0.00169EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 5 days ago7 views

CVE-2026-59858

Vim is an open source, command line text editor. Prior to 9.2.0735, the C omni-completion script in runtime/autoload/ccomplete.vim interpolates the typeref: or typename: extension field of a tags entry, without escaping, into a :vimgrep pattern that is run through :execute. Because :vimgrep honor...

8.4CVSS6AI score0.00137EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 5 days ago44 views

CVE-2026-59858 Vim: Arbitrary Code Execution via C Omni-Completion

Vim is an open source, command line text editor. Prior to 9.2.0735, the C omni-completion script in runtime/autoload/ccomplete.vim interpolates the typeref: or typename: extension field of a tags entry, without escaping, into a :vimgrep pattern that is run through :execute. Because :vimgrep honor...

8.4CVSS0.00137EPSS
Exploits0References2
CVE
CVE
added 5 days ago11 views

CVE-2026-59858

Vim prior to 9.2.0735 is affected by CVE-2026-59858 where the C omni-completion script in runtime/autoload/ccomplete.vim interpolates the typeref: or typename: entry field into a :vimgrep pattern without escaping. This allows a crafted tag field to close the search pattern and append an arbitrary...

8.4CVSS6AI score0.00137EPSS
Exploits0References2Affected Software1
Debian CVE
Debian CVE
added 5 days ago5 views

CVE-2026-59858

Vim is an open source, command line text editor. Prior to 9.2.0735, the C omni-completion script in runtime/autoload/ccomplete.vim interpolates the typeref: or typename: extension field of a tags entry, without escaping, into a :vimgrep pattern that is run through :execute. Because :vimgrep honor...

8.4CVSS6.2AI score0.00137EPSS
Exploits0
AlpineLinux
AlpineLinux
added 5 days ago5 views

CVE-2026-59858

Vim is an open source, command line text editor. Prior to 9.2.0735, the C omni-completion script in runtime/autoload/ccomplete.vim interpolates the typeref: or typename: extension field of a tags entry, without escaping, into a :vimgrep pattern that is run through :execute. Because :vimgrep honor...

8.4CVSS6.2AI score0.00137EPSS
Exploits0References2
Rows per page
Query Builder