452 matches found
CVE-2026-52860 Vim: Arbitrary Code Execution via Python Omni-Completion
Vim is an open source, command line text editor. Prior to version 9.2.0597, Vim's Python omni-completion executes reconstructed function and class definitions from the current buffer with exec as part of populating the completion dictionary. Python evaluates function default values, parameter...
CVE-2026-52858 Vim: Arbitrary Code Execution via Python Omni-Completion
Vim is an open source, command line text editor. Prior to version 9.2.0561, the Python omni-completion script in python3complete.vim for Vim with the +python3 interpreter enabled and the legacy pythoncomplete.vim for builds with the +python interpreter executes the import and from statements foun...
CVE-2026-52858
Vim is an open source, command line text editor. Prior to version 9.2.0561, the Python omni-completion script in python3complete.vim for Vim with the +python3 interpreter enabled and the legacy pythoncomplete.vim for builds with the +python interpreter executes the import and from statements foun...
CVE-2026-42305 Dulwich has an arbitrary file write via NTFS-hostile tree entries on Windows
Dulwich is a pure-Python implementation of the Git file formats and protocols. Versions starting with 0.10.0 and prior to 1.2.5 have an arbitrary file write leading to remote code execution when cloning or checking out a malicious Git repository on Windows. Dulwich's path-element validator accept...
Linux Distros Unpatched Vulnerability : CVE-2026-42305
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Dulwich is a pure-Python implementation of the Git file formats and protocols. Versions starting with 0.10.0 and prior to 1.2.5 have an arbitrary file write...
Dulwich has an arbitrary file write via NTFS-hostile tree entries on Windows
Impact Arbitrary file write leading to remote code execution when cloning or checking out a malicious Git repository on Windows. Dulwich's path-element validator accepted tree entries whose filenames contained bytes that Windows interprets as structural path syntax: - \ — the Windows path...
freerdp: FreeRDP: Denial of Service via FastGlyph parsing buffer overflow
A flaw was found in FreeRDP. A malicious server can exploit a vulnerability in FastGlyph parsing, which improperly trusts data length without sufficient validation. This can lead to a client-side global buffer overflow, resulting in a denial of service DoS due to a crash. For this vulnerability t...
PT-2026-32008
Name of the Vulnerable Software and Affected Versions Chamilo LMS versions prior to 1.11.38 and 2.0.0-RC.3 Description Chamilo LMS contains an OS Command Injection vulnerability in the file move function. The move function in fileManage.lib.php passes user-controlled path values directly into exe...
Malicious code in merchservicingnodeserv (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1a4eacdccf8a177ac402bd5896b3033df07685cd3e951476d1e28e341e8e74b4 The package merchservicingnodeserv was found to contain malicious code. Source: ossf-package-analysis...
freerdp: FreeRDP: Heap buffer overflow leading to denial of service and potential code execution from a malicious server.
A flaw was found in FreeRDP, a free implementation of the Remote Desktop Protocol. This vulnerability occurs because the freerdpbitmapdecompressplanar function does not properly validate bitmap dimensions when decompressing planar bitmap data. A malicious server can exploit this by sending...
Malicious code in kiki-tomat22-riris (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 468eeb4b852162e6f4e6df9268a48ba6f99dfb47d7ebe03ec073c62790d3adf5 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-125162 Malicious code in bella-kue37-riris (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 71841c8fc2dd5d5fdb27d246a6cca1ef4dc72aa85f200b34ade10b8b36083caf This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-120785 Malicious code in indah-tongseng41-breki (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3acf8b6942b60e9b271ad352326e21f5066a510429c14ffbd3149213cf5d79d7 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2025-74564
Malicious code in hostileskinkviolet-16 npm...
EUVD-2025-76646
Malicious code in hostilebison-strongdev npm...
EUVD-2025-76645
Malicious code in hostilekingfisher-gooddev npm...
MAL-2025-103800 Malicious code in hostile_kingfisher-gooddev (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6f2b93839682402940f98efdc67bb0ab3bc800c104d2cded47297d3d626daf1e This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in hostile_butterfly_z3n (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 95ce966c01365976e483d2280cdda5ed7319abbc0d1eebc5cf9d3ff8368ec7cc This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in hostile_iguana_z3n (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 83a4c5fa28ca494fda5334131005d612b945d6c75f5d8d52ffd6c5ef8e3f3b33 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2025-79086
Malicious code in hostilebutterflyz3n npm...