Lucene search
K

15406 matches found

AlpineLinux
AlpineLinux
added 2026/06/25 3:22 p.m.5 views

CVE-2026-57455

Vim is an open source, command line text editor. Prior to 9.2.0698, the single-byte branch of spellsoundfoldsofo in src/spell.c translates a word through a spell file's SOFO sound-folding byte map into a caller-owned result buffer. Its copy loop advances the output index ri with no upper bound an...

7.8CVSS6.1AI score0.0012EPSS
Exploits0References3
NVD
NVD
added 2026/06/25 3:16 p.m.8 views

CVE-2026-57532

Malicious HTML content contained in the layout specification of a PDF ticket or badge layout was executed when the PDF editor is opened in the browser. This could allow one backend user to inject JavaScript into the browser context of another backend user. Due to requirements of the PDF rendering...

8.8CVSS0.0033EPSS
Exploits0References1
CVE
CVE
added 2026/06/25 2:32 p.m.15 views

CVE-2026-57532

CVE-2026-57532 describes a vulnerability where malicious HTML content contained in the layout specification of a PDF ticket/badge layout is executed when the PDF editor is opened in a browser. This could allow one backend user to inject JavaScript into the browser context of another backend user....

8.8CVSS5.9AI score0.0033EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.6 views

PT-2026-52472

Name of the Vulnerable Software and Affected Versions Vim versions prior to 9.2.0653 Description The tree count words function in src/spellfile.c fails to validate a depth counter against the size of fixed MAXWLEN-element stack arrays, specifically arridx, curi, and wordcount. A specially crafted...

8.4CVSS5.7AI score0.00126EPSS
Exploits0References18
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.11 views

PT-2026-52606

Name of the Vulnerable Software and Affected Versions Grav versions prior to 1.6.30 Description A cross-site scripting issue exists in the default security configuration of the Admin plugin page editor. Privileged users with page editing capabilities can inject malicious scripts to execute...

5.4CVSS6AI score0.00167EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.11 views

PT-2026-52477

Name of the Vulnerable Software and Affected Versions Vim versions prior to 9.2.0671 Description When opening a file encrypted using the VimCrypt04! or VimCrypt05! methods which utilize xchacha20poly1305 and require the +sodium feature, an unsigned length calculation underflows if the file body i...

7.8CVSS5.7AI score0.00137EPSS
Exploits0References17
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.9 views

PT-2026-52481

Name of the Vulnerable Software and Affected Versions Vim versions prior to 9.2.0699 Description Python omni-completion in the text editor executes reconstructed function and class definitions from the current buffer using the exec function to populate the completion dictionary. Because docstring...

8.4CVSS6.6AI score0.00144EPSS
Exploits0References19
NVD
NVD
added 2026/06/24 6:17 p.m.7 views

CVE-2026-48731

Warp is an agentic development environment. From 0.2024.02.20.08.01.stable01 until 0.2026.05.06.15.42.stable01, Warp contains a command injection issue in the Linux external editor launcher. Warp expanded freedesktop .desktop Exec templates for affected editor integrations and executed the expand...

7.8CVSS0.00496EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/24 5:30 p.m.5 views

CVE-2026-48731

Warp is an agentic development environment. From 0.2024.02.20.08.01.stable01 until 0.2026.05.06.15.42.stable01, Warp contains a command injection issue in the Linux external editor launcher. Warp expanded freedesktop .desktop Exec templates for affected editor integrations and executed the expand...

7.8CVSS5.9AI score0.00496EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/24 5:30 p.m.8 views

EUVD-2026-39015

Warp is an agentic development environment. From 0.2024.02.20.08.01.stable01 until 0.2026.05.06.15.42.stable01, Warp contains a command injection issue in the Linux external editor launcher. Warp expanded freedesktop .desktop Exec templates for affected editor integrations and executed the expand...

7.8CVSS5.9AI score0.00496EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/24 5:30 p.m.29 views

CVE-2026-48731 Warp: Linux external editor command injection

Warp is an agentic development environment. From 0.2024.02.20.08.01.stable01 until 0.2026.05.06.15.42.stable01, Warp contains a command injection issue in the Linux external editor launcher. Warp expanded freedesktop .desktop Exec templates for affected editor integrations and executed the expand...

7.8CVSS0.00496EPSS
Exploits0References2
CVE
CVE
added 2026/06/24 5:30 p.m.11 views

CVE-2026-48731

Warp, a developer environment, contains a Linux external editor launcher vulnerability. From 0.2024.02.20.08.01.stable_01 to 0.2026.05.06.15.42.stable_01, Warp expanded freedesktop .desktop Exec templates for affected editor integrations and executed the expanded command through a shell. A user w...

7.8CVSS5.9AI score0.00496EPSS
Exploits0References2
NVD
NVD
added 2026/06/24 7:16 a.m.9 views

CVE-2026-9183

The 24liveblog - live blog tool plugin for WordPress is vulnerable to Exposure of Sensitive Information in versions up to, and including, 2.2. This is due to the lb24blockenqueuescripts function being hooked to enqueueblockeditorassets and, for any non-administrator user, falling back to loading...

4.3CVSS0.0021EPSS
Exploits0References3
NVD
NVD
added 2026/06/24 7:16 a.m.7 views

CVE-2026-10753

The Site Kit by Google WordPress plugin before 1.176.0 does not properly restrict a REST API write endpoint to administrators, allowing lower-privileged users who have been granted dashboard sharing access such as Editors to modify a site-wide Site Kit by Google WordPress plugin before 1.176.0...

2.7CVSS0.00168EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/24 6:0 a.m.35 views

CVE-2026-10753 Site Kit by Google < 1.176.0 - Editor+ Email Reporting Settings Update

The Site Kit by Google WordPress plugin before 1.176.0 does not properly restrict a REST API write endpoint to administrators, allowing lower-privileged users who have been granted dashboard sharing access such as Editors to modify a site-wide Site Kit by Google WordPress plugin before 1.176.0...

0.00168EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/24 5:33 a.m.31 views

CVE-2026-9183 24liveblog <= 2.2 - Authenticated (Contributor+) Exposure of Sensitive Information via Block Editor Script Localization

The 24liveblog - live blog tool plugin for WordPress is vulnerable to Exposure of Sensitive Information in versions up to, and including, 2.2. This is due to the lb24blockenqueuescripts function being hooked to enqueueblockeditorassets and, for any non-administrator user, falling back to loading...

4.3CVSS0.0021EPSS
Exploits0References3
CVE
CVE
added 2026/06/24 5:33 a.m.8 views

CVE-2026-9183

The CVE concerns the WordPress plugin 24liveblog (versions up to and including 2.2). The root cause is lb24_block_enqueue_scripts() hooked to enqueue_block_editor_assets, which for non-administrator users loads site-wide integration secrets (lb24_token, lb24_refresh_token, lb24_uid, lb24_uname) f...

4.3CVSS5.8AI score0.0021EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.9 views

PT-2026-51694

Name of the Vulnerable Software and Affected Versions 24liveblog versions prior to 2.3 Description The 24liveblog plugin for WordPress allows authenticated users with contributor-level access or higher to extract sensitive third-party account credentials. The issue occurs because the lb24 block...

4.3CVSS5.8AI score0.0021EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2026/06/23 11:12 p.m.5 views

vim: Vim: Command injection allows arbitrary code execution via malicious tag files

A flaw was found in Vim, an open-source command-line text editor. This command injection vulnerability occurs during tag file processing. A local user could craft a malicious tags file containing backtick syntax in the filename field. When Vim resolves a tag from this file, it executes the embedd...

6.6CVSS6.4AI score0.00501EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/06/23 8:11 p.m.28 views

CVE-2026-47387 NocoDB: Stored Cross-Site Scripting via Form View Redirect URL

NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, the shared form-view submit handler packages/nc-gui/composables/useSharedFormViewStore.ts in NocoDB writes the form's redirecturl to window.location.href after a same-host check that does not validate the URL scheme. A...

8.4CVSS0.00234EPSS
Exploits0References1
Rows per page
Query Builder