EUVD-2026-32968

SandboxJS is a JavaScript sandboxing library. Prior to 0.9.6, sandbox-defined functions expose Function.caller, allowing sandboxed code to recover the internal LispType.Call runtime callback. That callback can then be invoked with attacker-controlled fake context and obj values to extract blocked...

CLSA-2026-1779356802 vim: Fix of 21 CVEs

CVE-2022-0572: heap overflow on vcol-overflow in :retab upstream vim 8.2.4359 - CVE-2022-0368: illegal memory access when undo makes Visual area invalid upstream vim 8.2.4217 - CVE-2022-0685: crash on multi-byte char in unixexpandpath upstream vim 8.2.4418 - CVE-2022-2125: heap overflow in...

Malicious code in @atlisp/mcp (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c5f4a9667f0a13220de9b838fde4fc16bd5aaa7f79d91f1122725e4799582515 The package's MCP server auto-injects a LISP bootstrap into every CAD command sent through cadSend/cadSendWithResult, plus connectcad's initAtlisp an...

MAL-2026-4365 Malicious code in @atlisp/mcp (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c5f4a9667f0a13220de9b838fde4fc16bd5aaa7f79d91f1122725e4799582515 The package's MCP server auto-injects a LISP bootstrap into every CAD command sent through cadSend/cadSendWithResult, plus connectcad's initAtlisp an...

SandboxJS has a sandbox escape via Function.caller leakage of internal call op

Summary Sandbox-defined functions expose Function.caller, allowing sandboxed code to recover the internal LispType.Call runtime callback. That callback can then be invoked with attacker-controlled fake context and obj values to extract blocked host statics, recover the real host Function...

Astra Linux - уязвимость в wireshark

The LISP dissector’s large loop in Wireshark versions 4.0.0 to 4.0.4, and 3.6.0 to 3.6.12 allows for denial of service through packet injection or malicious capture files...

Astra Linux - уязвимость в emacs

In elisp-mode.el of GNU Emacs prior to version 30.1, a user who chooses to invoke elisp-completion-at-point for code completion on untrusted Emacs Lisp source code can trigger unsafe Lisp macro expansion, allowing attackers to execute arbitrary code. This unsafe expansion also occurs if a user...

CLSA-2026-1777662046 vim: Fix of CVE-2022-2183

CVE-2022-2183: fix out-of-bounds read in getlispindent src/indent.c by guarding the that++; amount++; advance with if that != NUL so the lisp auto-indent pointer does not walk past the line's NUL terminator...

CLSA-2026-1777460138 vim: Fix of CVE-2022-2183

CVE-2022-2183: fix out-of-bounds read in getlispindent src/indent.c by guarding the that++; amount++; advance with if that != NUL so the lisp auto-indent pointer does not walk past the line's NUL terminator...

CLSA-2026-1777444367 vim: Fix of 9 CVEs

CVE-2021-3903: do not set VALIDBOTLINE in wvalid when the screen is not valid, preventing invalid memory access while scrolling. - CVE-2021-4069: copy the current line before regexec in exopen so the match is not using freed memory when searching for a mark flushes it. - CVE-2022-0351: limit...

CLSA-2026-1777389760 vim: Fix of 9 CVEs

CVE-2021-3903: do not set VALIDBOTLINE in wvalid when the screen is not valid, preventing invalid memory access while scrolling. - CVE-2021-4069: copy the current line before regexec in exopen so the match is not using freed memory when searching for a mark flushes it. - CVE-2022-0351: limit...

Emacs Extension Persistence

This module adds a lisp based malicious extension to the emacs configuration file. When emacs is opened, the extension will be loaded and the payload will be executed. Tested against emacs 29.3 build 1 on Ubuntu Desktop 24.04. Module Options msf use exploit/linux/persistence/emacsextension msf...

Ubuntu: Security Advisory (USN-8011-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-8011-1 emacs vulnerabilities

It was discovered that Emacs could trigger unsafe Lisp macro expansion, when a user invoked elisp-completion-at-point on untrusted Emacs Lisp source code. An attacker could possibly use this issue to execute arbitrary code. CVE-2024-53920 It was discovered that Emacs did not properly sanitize inp...

MiracleLinux 9 : emacs-27.2-14.el9_6.2 (AXSA:2025-10583:05)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-10583:05 advisory. emacs: arbitrary code execution via Lisp macro expansion CVE-2024-53920 Tenable has extracted the preceding description block directly from the MiracleLinux...

MiracleLinux 9 : emacs-27.2-11.el9_5.2 (AXSA:2025-9922:03)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-9922:03 advisory. emacs: arbitrary code execution via Lisp macro expansion CVE-2024-53920 Tenable has extracted the preceding description block directly from the MiracleLinux...

MiracleLinux 8 : emacs-26.1-15.el8_10 (AXSA:2025-10587:06)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-10587:06 advisory. emacs: arbitrary code execution via Lisp macro expansion CVE-2024-53920 Tenable has extracted the preceding description block directly from the MiracleLinux...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: emacs (UTSA-2025-991095)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-991095 advisory. In elisp-mode.el in GNU Emacs before 30.1, a user who chooses to invoke elisp-completion-at-point for code completion on untrusted Emacs Lisp source code can trigger...

OESA-2025-2760 emacs security update

Emacs is the extensible, customizable, self-documenting real-time display editor. At its core is an interpreter for Emacs Lisp, a dialect of the Lisp programming language with extensions to support text editing. And it is an entire ecosystem of functionality beyond text editing, including a proje...

TencentOS Server 4: emacs (TSSA-2024:0619)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2024:0619 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...