4.4

CVSS3.1

CVE-2026-28420 - Vim has Heap-based Buffer Overflow and OOB Read in :terminal

Vim is an open source, command line text editor. Prior to version 9.2.0076, a heap-based buffer overflow WRITE and an out-of-bounds READ exist in Vim's terminal emulator when processing maximum combining characters from Unicode supplementary planes. Version 9.2.0076 fixes the issue.

πŸ“… Published: Feb. 27, 2026, 10:04 p.m. πŸ”„ Last Modified: Feb. 27, 2026, 10:04 p.m.

5.3

CVSS3.1

CVE-2026-28419 - Vim has Heap-based Buffer Underflow in Emacs tags parsing

Vim is an open source, command line text editor. Prior to version 9.2.0075, a heap-based buffer underflow exists in Vim's Emacs-style tags file parsing logic. When processing a malformed tags file where a delimiter appears at the start of a line, Vim attempts to read memory immediately preceding th…

πŸ“… Published: Feb. 27, 2026, 10:02 p.m. πŸ”„ Last Modified: Feb. 27, 2026, 10:02 p.m.

4.4

CVSS3.1

CVE-2026-28418 - Vim has Heap-based Buffer Overflow in Emacs tags parsing

Vim is an open source, command line text editor. Prior to version 9.2.0074, a heap-based buffer overflow out-of-bounds read exists in Vim's Emacs-style tags file parsing logic. When processing a malformed tags file, Vim can be tricked into reading up to 7 bytes beyond the allocated memory boundary.…

πŸ“… Published: Feb. 27, 2026, 9:58 p.m. πŸ”„ Last Modified: Feb. 27, 2026, 9:58 p.m.

4.4

CVSS3.1

CVE-2026-28417 - Vim has OS Command Injection in netrw

Vim is an open source, command line text editor. Prior to version 9.2.0073, an OS command injection vulnerability exists in the `netrw` standard plugin bundled with Vim. By inducing a user to open a crafted URL (e.g., using the `scp://` protocol handler), an attacker can execute arbitrary shell com…

πŸ“… Published: Feb. 27, 2026, 9:54 p.m. πŸ”„ Last Modified: Feb. 27, 2026, 9:54 p.m.

9.8

CVSS3.1

CVE-2026-28411 - WeGIA Vulnerable to Authentication Bypass via `extract($_REQUEST)`

WeGIA is a web manager for charitable institutions. Prior to version 3.6.5, an unsafe use of the `extract()` function on the `$_REQUEST` superglobal allows an unauthenticated attacker to overwrite local variables in multiple PHP scripts. This vulnerability can be leveraged to completely bypass auth…

πŸ“… Published: Feb. 27, 2026, 9:52 p.m. πŸ”„ Last Modified: Feb. 27, 2026, 9:52 p.m.

10

CVSS3.1

CVE-2026-28409 - WeGIA Vulnerable to Remote Code Execution (RCE) via OS Command Injection

WeGIA is a web manager for charitable institutions. Prior to version 3.6.5, a critical Remote Code Execution (RCE) vulnerability exists in the WeGIA application's database restoration functionality. An attacker with administrative access (which can be obtained via the previously reported Authentica…

πŸ“… Published: Feb. 27, 2026, 9:50 p.m. πŸ”„ Last Modified: Feb. 27, 2026, 9:50 p.m.

9.8

CVSS3.1

CVE-2026-28408 - WeGIA lacks authentication verification in adicionar_tipo_docs_atendido.php

WeGIA is a web manager for charitable institutions. Prior to version 3.6.5, the script in adicionar_tipo_docs_atendido.php does not go through the project's central controller and does not have its own authentication and permission checks. A malicious user could make a request through tools like Po…

πŸ“… Published: Feb. 27, 2026, 9:49 p.m. πŸ”„ Last Modified: Feb. 27, 2026, 9:49 p.m.

8.2

CVSS3.1

CVE-2026-28416 - Gradio has SSRF via Malicious `proxy_url` Injection in `gr.load()` Config Processing

Gradio is an open-source Python package designed for quick prototyping. Prior to version 6.6.0, a Server-Side Request Forgery (SSRF) vulnerability in Gradio allows an attacker to make arbitrary HTTP requests from a victim's server by hosting a malicious Gradio Space. When a victim application uses …

πŸ“… Published: Feb. 27, 2026, 9:47 p.m. πŸ”„ Last Modified: Feb. 27, 2026, 9:47 p.m.

4.3

CVSS3.1

CVE-2026-28415 - Gradio has Open Redirect in OAuth Flow

Gradio is an open-source Python package designed for quick prototyping. Prior to version 6.6.0, the _redirect_to_target() function in Gradio's OAuth flow accepts an unvalidated _target_url query parameter, allowing redirection to arbitrary external URLs. This affects the /logout and /login/callback…

πŸ“… Published: Feb. 27, 2026, 9:44 p.m. πŸ”„ Last Modified: Feb. 27, 2026, 9:44 p.m.

7.5

CVSS3.1

CVE-2026-28414 - Gradio has Absolute Path Traversal on Windows with Python 3.13+

Gradio is an open-source Python package designed for quick prototyping. Prior to version 6.7, Gradio apps running on Window with Python 3.13+ are vulnerable to an absolute path traversal issue that enables unauthenticated attackers to read arbitrary files from the file system. Python 3.13+ changed …

πŸ“… Published: Feb. 27, 2026, 9:43 p.m. πŸ”„ Last Modified: Feb. 27, 2026, 9:43 p.m.
Total resulsts: 335174
Page 2 of 33,518
Β« previous page Β» next page
Filters