CVE-2026-0488 Code Injection vulnerability in SAP CRM and SAP S/4HANA (Scripting Editor)

An authenticated attacker in SAP CRM and SAP S/4HANA Scripting Editor could exploit a flaw in a generic function module call and execute unauthorized critical functionalities, which includes the ability to execute an arbitrary SQL statement. This leads to a full database compromise with high impa...

CVE-2026-0488

CVE-2026-0488 affects SAP CRM and SAP S/4HANA (Scripting Editor) via a flaw in a generic function module call that an authenticated attacker can abuse to execute an arbitrary SQL statement. This can lead to full database compromise with high impact to confidentiality, integrity, and availability....

[SECURITY] Fedora 43 Update: sad-0.4.32-4.fc43

Space Age seD - Batch File Edit tool. It will show you a really nice diff of proposed changes before you commit them...

[SECURITY] Fedora 43 Update: rust-git-interactive-rebase-tool-2.4.1-15.fc43

Full-featured terminal-based sequence editor for Git interactive rebase...

[SECURITY] Fedora 43 Update: helix-25.07.1-7.fc43

A Kakoune / Neovim inspired editor, written in Rust...

Zed 安全漏洞

Zed is a code editor developed by Zed Industries. Versions of Zed prior to 0.219.4 contained security vulnerabilities. These vulnerabilities stemmed from insufficient display of tool invocation parameters, allowing malicious values to be used without being detected by users...

GIMP 安全漏洞

GIMP is an open-source bitmap image editor developed by the GIMP team. GIMP has a security vulnerability that can lead to a denial-of-service attack due to specially crafted PSP image files...

PT-2026-7326

Zed is a multiplayer code editor. Prior to 0.219.4, Zed does not show with which parameters a tool is being invoked, when asking for allowance. Further it does not show after the tool was being invoked, which parameters were used. Thus, maybe unwanted or even malicious values could be used withou...

CVE-2026-25931

vscode-spell-checker is a basic spell checker that works well with code and documents. Prior to v4.5.4, DocumentSettings.determineIsTrusted treats the configuration value cSpell.trustedWorkspace as the authoritative trust flag. The value defaults to true package.json and is read from workspace...

WordPress WooCommerce Bulk Product Editor plugin <= 3.0 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin WooCommerce Bulk Product Editor versions = 3.0...

PT-2026-7203

Name of the Vulnerable Software and Affected Versions SAP CRM and SAP S/4HANA affected versions not specified Description An authenticated attacker in SAP CRM and SAP S/4HANA Scripting Editor can exploit a flaw in a generic function module call and execute unauthorized critical functionalities...

GIMP 安全漏洞

GIMP is an open-source bitmap image editor developed by the GIMP team. GIMP has a security vulnerability that stems from a heap buffer overflow issue when processing specially crafted PSD files, which may lead to the application crashing...

CVE-2026-25723

Claude Code is an agentic coding tool. Prior to version 2.0.55, Claude Code failed to properly validate commands using piped sed operations with the echo command, allowing attackers to bypass file write restrictions. This vulnerability enabled writing to sensitive directories like the .claude...

CVE-2026-25749

Vim is an open source, command line text editor. Prior to version 9.1.2132, a heap buffer overflow vulnerability exists in Vim's tag file resolution logic when processing the 'helpfile' option. The vulnerability is located in the gettagfname function in src/tag.c. When processing help file tags,...

CVE-2026-25749

Vim (editor) is affected by CVE-2026-25749 prior to version 9.1.2132, where the tag file resolution logic mishandles the helpfile option. In get_tagfname() (src/tag.c) the user-controlled helpfile value is copied into a fixed-size heap buffer (MAXPATHL+1, ~4097 bytes) via an unsafe STRCPY without...

Cross-site Scripting (XSS)

Overview org.webjars.npm:sceditor is a lightweight WYSIWYG BBCode and XHTML editor. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the sceditor.create process. An attacker can execute arbitrary scripts in the context of the user's browser by injecting malicious...

CVE-2026-1246

The ShortPixel Image Optimizer plugin for WordPress is vulnerable to Arbitrary File Read via path traversal in the 'loadFile' parameter in all versions up to, and including, 6.4.2 due to insufficient path validation and sanitization in the 'loadLogFile' AJAX action. This makes it possible for...

CVE-2025-69619

A path traversal in My Text Editor v1.6.2 allows attackers to cause a Denial of Service DoS via writing files to the internal storage...

📄 WordPress Wux Blog Editor 3.0.0 Vulnerability Scanner

This Metasploit auxiliary module scans WordPress sites for the External Post Editor plugin and checks for the unauthenticated file upload vulnerability that exists in version 3.0.0...

CVE-2025-69619

A path traversal in My Text Editor v1.6.2 allows attackers to cause a Denial of Service DoS via writing files to the internal storage...