CLSA-2026-1779130193 vim: Fix of CVE-2022-3520

CVE-2022-3520: clamp bopend.col = 0 in doput to prevent Visual block put underflow...

CLSA-2026-1777455188 vim: Fix of CVE-2022-3520

CVE-2022-3520: fix heap buffer overflow in doput when Visual-block put causes the end-column to underflow to a negative value...

CLSA-2026-1777391151 vim: Fix of CVE-2022-3520

CVE-2022-3520: fix heap buffer overflow in doput when Visual-block put causes the end-column to underflow to a negative value...

CVE-2025-62515 Remote Code Execution by Pickle Deserialization via FlightServer in pyquokka

pyquokka is a framework for making data lakes work for time series. In versions 0.3.1 and prior, the FlightServer class directly uses pickle.loads to deserialize action bodies received from Flight clients without any sanitization or validation in the doaction method. The vulnerable code is locate...

GHSA-F74J-GFFQ-VM9P pyquokka is Vulnerable to Remote Code Execution by Pickle Deserialization via FlightServer

Description In the FlightServer class of the pyquokka framework, the doaction method directly uses pickle.loads to deserialize action bodies received from Flight clients without any sanitization or validation, which results in a remote code execution vulnerability. The vulnerable code is located...

Heap-based Buffer Overflow

vim is vulnerable to heap-based buffer overflow. The vulnerability exists in doput function of register.c due to become negative of command column which allows an attacker to do a buffer overflow...