EUVD-2026-39531

RTKLIB through 2.4.3 contains a heap buffer overflow vulnerability in the readrnxobsb function in src/rinex.c that allows attackers to trigger memory corruption by failing to clamp satellite count values from RINEX epoch headers. Attackers can craft malicious RINEX files declaring more than 64...

CVE-2026-56789

RTKLIB 2.4.3 is affected by a heap buffer overflow and out-of-bounds stack read in readrnxobsb (src/rinex.c). The issue arises when RINEX epoch headers declare more than 64 satellites per epoch, allowing memory corruption and potentially crashing applications such as rnx2rtkp and RTKPOST. Connect...

CVE-2026-57452

Vim is an open source, command line text editor. Prior to 9.2.0671, when Vim opens a file encrypted with the VimCrypt04! or VimCrypt05! method xchacha20poly1305, requires the +sodium feature whose body is shorter than a single libsodium secretstream header, an unsigned length calculation underflo...

CVE-2026-57451

Vim is an open source, command line text editor. Prior to 9.2.0670, gettextprops in src/textprop.c reads a uint16 property count stored inline after a line's text and returns it as the number of 32-byte textpropT entries that follow. The only check is a floor that guarantees room for a single...

CVE-2026-57454

Vim is an open source, command line text editor. From 9.2.0320 until 9.2.0679, a crafted undo or swap file can store a virtual-text property whose offset and length point outside the line's property data. When Vim restores or displays such a line it converts the offset into a pointer and reads th...

CVE-2026-55892

Vim is an open source, command line text editor. Prior to 9.2.0662, the dumpprefixes function in src/spell.c walks a spell-file prefix trie iteratively with a depth counter while dumping the prefixes that apply to a word. The counter is bounded only by the trie structure itself; it is never check...

CVE-2026-55693

Vim prior to 9.2.0653 is affected by a stack-out-of-bounds write in tree_count_words() (src/spellfile.c) when loading crafted .spl/.sug files for spell suggestions. The depth counter can exceed the fixed MAXWLEN-element stacks (arridx[], curi[], wordcount[]), causing writes past array bounds, cor...

CVE-2026-57451

Vim is an open source, command line text editor. Prior to 9.2.0670, gettextprops in src/textprop.c reads a uint16 property count stored inline after a line's text and returns it as the number of 32-byte textpropT entries that follow. The only check is a floor that guarantees room for a single...

EUVD-2026-39449

Vim is an open source, command line text editor. Prior to 9.2.0670, gettextprops in src/textprop.c reads a uint16 property count stored inline after a line's text and returns it as the number of 32-byte textpropT entries that follow. The only check is a floor that guarantees room for a single...

CVE-2026-57452 Vim: Out-of-bounds Read with libsodium-encrypted Files

Vim is an open source, command line text editor. Prior to 9.2.0671, when Vim opens a file encrypted with the VimCrypt04! or VimCrypt05! method xchacha20poly1305, requires the +sodium feature whose body is shorter than a single libsodium secretstream header, an unsigned length calculation underflo...

CVE-2026-57452

Vim (affected: Vim 9.2.x prior to 9.2.0671) is vulnerable when opening files encrypted with VimCrypt~04!/VimCrypt~05! using the libsodium secretstream path, where an unsigned length underflow for bodies shorter than a secretstream header causes a decryption call to read past the input buffer, cra...

EUVD-2026-39448

Vim is an open source, command line text editor. Prior to 9.2.0671, when Vim opens a file encrypted with the VimCrypt04! or VimCrypt05! method xchacha20poly1305, requires the +sodium feature whose body is shorter than a single libsodium secretstream header, an unsigned length calculation underflo...

CVE-2026-57455

Vim is an open source, command line text editor. Prior to 9.2.0698, the single-byte branch of spellsoundfoldsofo in src/spell.c translates a word through a spell file's SOFO sound-folding byte map into a caller-owned result buffer. Its copy loop advances the output index ri with no upper bound an...

CVE-2026-57434

Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, Nokogiri contains a bug when calling certain methods on allocated-but-uninitialized native wrapper classes that inherit from Nokogiri::XML::Node. This caused a NULL pointer dereference that could...

libxslt: use-after-free with key data stored cross-RVT

A use-after-free vulnerability was found in libxslt while parsing xsl nodes that may lead to the dereference of expired pointers and application crash...

CVE-2026-57236

Nokogiri (Ruby) vulnerability CVE-2026-57236 affects the CRuby/libxml2 backend. Before 1.19.4, Document#encoding= with an invalid encoding frees the current encoding string but does not replace it, leaving freed memory referenced. The next encoding call may read invalid memory, causing a segfault...

CVE-2026-47146

In EmberZNet v9.0.2 and earlier, malformed Color Control messages can lead to asserts that terminate the process. These messages must come from a device that has already joined the network. Only devices supporting the Color Control cluster may be impacted...

CVE-2026-47148

In EmberZNet v9.0.2 and earlier, malformed GetGroupMembership commands can trigger repeated reads past the end of the message payload and terminate the process. These messages must come from a device that has already joined the network, and no information leakage back to the sender was observed...

CVE-2026-42387

A malicious authoritative server can send a crafted zone via the ZoneToCache function that leads to a crash of the Recursor due to insuffcient input validation...

CVE-2026-42388

Incomplete validation of the SOA record present in a catalog zone might lead to a crash...