Updated vim packages fix security vulnerabilities

Heap Buffer Overflow in spell file loading affects Vim 9.2.0450. CVE-2026-45130 Vimscript Code Injection in netrw NetrwMarkFile via crafted filename affects Vim 9.2.0480. CVE-2026-43961 Command Injection in tar.vim affects Vim 9.2.0479. CVE-2026-46483 Vimscript Code Injection in netrw...

CLSA-2026-1779912818 Fix CVE(s): CVE-2026-42307

SECURITY UPDATE: OS command injection in the netrw plugin via crafted sftp:// or file:// URLs - debian/patches/CVE-2026-42307.patch: OS command injection in the netrw plugin via crafted sftp:// or file:// URLs - CVE-2026-42307...

CLSA-2026-1777548877 spamassassin: Fix of CVE-2018-11805

CVE-2018-11805: require --reallyallowplugins for sa-update --allowplugins to mitigate plugin injection from updates...

spamassassin: Fix of CVE-2018-11805

CVE-2018-11805: require --reallyallowplugins for sa-update --allowplugins to mitigate plugin injection from updates...

CLSA-2026-1777548876 spamassassin: Fix of CVE-2018-11805

CVE-2018-11805: require --reallyallowplugins for sa-update --allowplugins to mitigate plugin injection from updates...

Oracle Linux 8 : vim (ELSA-2026-11509)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-11509 advisory. - RHEL-159620 CVE-2026-33412 vim: Vim: Arbitrary code execution via command injection in glob function - RHEL-155428 CVE-2026-28417 vim: Vim: Arbitrary code...

EUVD-2021-1385

Malware in sbrugna...

CVE-2024-28236

Vela is a Pipeline Automation CI/CD framework built on Linux container technology written in Golang. Vela pipelines can use variable substitution combined with insensitive fields like parameters, image and entrypoint to inject secrets into a plugin/image and — by using common substitution string...

URL Shortify < 1.7.6 - Unauthenticated Stored XSS via referer header

Description The plugin does not properly escape the value of the referer header, thus allowing an unauthenticated attacker to inject malicious javascript that will trigger in the plugins admin panel with statistics of the created short link. PoC 1. Add a new shortened link in the interface...

WordPress wpgform plugin injection vulnerability

WordPress is the WordPress Foundation's set of blogging platform developed using the PHP language. The platform supports PHP and MySQL servers to set up a personal blog site. wpgform is used in one of the Google form to add plug-ins . WordPress wpgform plugin has an injection vulnerability, no...

Discuz7. 2 of my vest plug-injection vulnerability-a vulnerability warning-the black bar safety net

Discuz! A common set of community forums software system, the user can not require any programming on the basis of, through the simple setup and installation, on the Internet build up with perfect function, strong load capacity, and highly customizable Forum service Vulnerability plug-in:...