Vim has Heap-based Buffer Overflow and OOB Read in :terminal

Vim has Heap-based Buffer Underflow in Emacs tags parsing

Vim has Heap-based Buffer Overflow in Emacs tags parsing

Vim has OS Command Injection in netrw

In OCaml before 4.14.3 and 5.x before 5.4.1, a buffer over-read in Marshal deserialization (runtime/intern.c) enables remote code execution through a multi-phase attack chain. The vulnerability stems from missing bounds validation in the readblock() function, which performs unbounded memcpy() operations using attacker-controlled lengths from crafted Marshal data.

Vitess users with backup storage access can write to arbitrary file paths on restore

Vitess users with backup storage access can gain unauthorized access to production deployment environments

Valkey has Pre-Authentication DOS from malformed RESP request

Underscore.js has unlimited recursion in _.flatten and _.isEqual, potential for DoS attack

nats-server websockets are vulnerable to pre-auth memory DoS

pyOpenSSL DTLS cookie callback buffer overflow

pyOpenSSL allows TLS connection bypass via unhandled callback exception in set_tlsext_servername_callback

This affects versions of the package bn.js before 5.2.3. Calling maskn(0) on any BN instance corrupts the internal state, causing toString(), divmod(), and other methods to enter an infinite loop, hanging the process indefinitely.

Cloud Hypervisor: Host File Exfiltration via QCOW Backing File Abuse

Werkzeug safe_join() allows Windows special device names

zlib before 1.3.2 allows CPU consumption via crc32_combine64 and crc32_combine_gen64 because x2nmodp can do right shifts within a loop that has no termination condition.

URLs in meta content attribute actions are not escaped in html/template

Sending certain HTTP/2 frames can cause a server to panic in golang.org/x/net

FileInfo can escape from a Root in os

Panic in name constraint checking for malformed certificates in crypto/x509