242 matches found
EUVD-2026-42271
A vulnerability was found in bentoml OpenLLM 0.6.30. This affects the function asyncruncommand of the file src/openllm/common.py of the component Model Repository Directory Name Handler. Performing a manipulation of the argument cmd results in command injection. Attacking locally is a requirement...
CVE-2026-47162
A flaw was found in Vim, an open-source text editor. This vulnerability, located in the netrw plugin, involves a code injection issue when the editor processes directory paths. A malicious directory name, if crafted by an attacker, could bypass security measures and allow for the execution of...
PT-2026-50410
Name of the Vulnerable Software and Affected Versions Apache Shiro versions prior to 2.2.1 Apache Shiro versions prior to 3.0.0-alpha-2 Description A remote attacker can inject LDAP special characters into the Distinguished Name DN construction within the DefaultLdapRealm class. User-supplied...
Vim: Vimscript Code Injection in netrw NetrwBookHistSave() via crafted directory name
...
CVE-2026-47162
Vim is an open source, command line text editor. Prior to version 9.2.0495, a Vimscript code injection vulnerability exists in s:NetrwBookHistSave in the netrw plugin runtime/pack/dist/opt/netrw/autoload/netrw.vim when serializing browsed directory paths to the history file /.vim/.netrwhist. A...
CVE-2026-47162
Vim (with the netrw plugin) is affected by CVE-2026-47162 due to a Vimscript code injection in s:NetrwBookHistSave() when serializing directory paths to the history file ~/.vim/.netrwhist. A directory name from the filesystem can be interpolated into a single-quoted Vimscript string literal witho...
CVE-2026-47162 Vim: Vimscript Code Injection in netrw NetrwBookHistSave() via crafted directory name
Vim is an open source, command line text editor. Prior to version 9.2.0495, a Vimscript code injection vulnerability exists in s:NetrwBookHistSave in the netrw plugin runtime/pack/dist/opt/netrw/autoload/netrw.vim when serializing browsed directory paths to the history file /.vim/.netrwhist. A...
EUVD-2026-36281
Vim is an open source, command line text editor. Prior to version 9.2.0495, a Vimscript code injection vulnerability exists in s:NetrwBookHistSave in the netrw plugin runtime/pack/dist/opt/netrw/autoload/netrw.vim when serializing browsed directory paths to the history file /.vim/.netrwhist. A...
CVE-2026-46746
Vulnerability summary (CVE-2026-46746): In Siemens SINEC INS, all versions prior to V1.0 SP2 Update 6 expose a flaw in the /api/sftp/uploadFiles endpoint. The app does not properly sanitize user input, enabling injection of shell command payloads via crafted directory names. These payloads are st...
CVE-2026-1951
Delta Electronics AS320T has no checking of the length of the buffer with the directory name vulnerability...
PT-2026-45548
A NULL pointer dereference in the ext4 dir en get name len function in include/ext4 dir.h of lwext4 1.0.0 allows attackers to cause a denial of service by supplying a specially crafted EXT4 filesystem image with malformed directory entries. During directory iteration, the code may fail to validat...
Astra Linux – Vulnerability in libgit2
libgit2 is a portable C implementation of the Git core methods, provided as a linkable library with a robust API. It allows for integrating Git functionality into your application. However, improper use of the gitindexadd function can lead to heap corruption, which may be exploited for arbitrary...
CVE-2026-1951
Delta Electronics AS320T has no checking of the length of the buffer with the directory name vulnerability...
CVE-2026-1951
Delta Electronics AS320T has no checking of the length of the buffer with the directory name vulnerability...
CVE-2026-1951 No checking of the length of the buffer with the directory name in AS320T
Delta Electronics AS320T has no checking of the length of the buffer with the directory name vulnerability...
EUVD-2026-25403
Delta Electronics AS320T has no checking of the length of the buffer with the directory name vulnerability...
CVE-2026-1951 No checking of the length of the buffer with the directory name in AS320T
Delta Electronics AS320T has no checking of the length of the buffer with the directory name vulnerability...
CVE-2026-1951
Technical details for CVE-2026-1951 are not publicly available in the provided documents. Monitor for updates.
SUSE CVE-2026-6843
A flaw was found in nano. A local user could exploit a format string vulnerability in the statusline function. By creating a directory with a name containing printf specifiers, the application attempts to display this name, leading to a segmentation fault SEGV. This results in a Denial of Service...
PT-2026-34859
CVE-2026-1951 Delta Electronics AS320T has no checking of the length of the buffer with the directory name vulnerability. https://t.co/KudN90cAFS...