CVE Vulnerability Catalog
Translated CVE descriptions from NVD NIST — in English
CISA KEV catalog updated: (v2026.07.01)
In Vim prior to version 9.2.0699, the Python omni-completion function executes reconstructed function and class definitions from the current buffer using exec(). During source reconstruction, each scope's docstring is inserted verbatim between triple quotes without escaping, allowing a malicious buffer to break out of the triple-quoted literal and execute attacker-controlled Python code during omni-completion.
In Vim before version 9.2.0698, the spell_soundfold_sofo() function in src/spell.c has a stack out-of-bounds write vulnerability. The copy loop does not check the bounds of the result buffer, allowing data to be written past the allocated stack memory when processing a word longer than MAXWLEN. This corrupts the call frame and crashes the editor.
In Vim prior to version 9.2.0663, a Vimscript code injection vulnerability exists in s:NetrwLocalRmFile() in the netrw plugin. A filename derived from the buffer's directory listing is interpolated into an Ex command line passed to :execute with only the backslash character escaped, allowing a crafted filename containing a bar (|) to terminate the intended command and execute arbitrary Vimscript, including shell commands via :call system() and :!.
In Vim prior to version 9.2.0653, the tree_count_words() function in src/spellfile.c writes out-of-bounds on the stack when processing crafted .spl/.sug files. An attacker can exploit this vulnerability to crash the editor via stack buffer overflow.
3X-UI is a control panel for managing Xray-core servers. Prior to version 3.3.1, an authenticated administrator could abuse the database import functionality to achieve arbitrary file write on the host by modifying Xray configuration values stored in the database.
List::SomeUtils::XS versions before 0.59 for Perl have a heap buffer overflow in the pairwise function. The issue arises from improper memory management, which can lead to memory corruption.
Malicious HTML content contained in the layout specification of a PDF could be executed when the PDF editor is opened in the browser. This allows one backend user to inject JavaScript into the browser context of another backend user.
A vulnerability in the Nokogiri library (versions prior to 1.19.4) for the Ruby programming language allows a Ruby wrapper to point to freed memory when replacing the value of an XML attribute. This can lead to an invalid read and a possible segfault.
Vulnerability in the Nokogiri library for Ruby causes a NULL pointer dereference when calling certain methods on allocated-but-uninitialized native wrapper classes inheriting from Nokogiri::XML::Node. The issue is fixed in version 1.19.4.
Vulnerability in the Nokogiri library (versions prior to 1.19.4) for Ruby. Calling Document#encoding= with an invalid encoding (e.g., non-string or containing a null byte) frees the current encoding string without replacing it. Subsequent calls to Document#encoding read freed memory, potentially causing a segfault or leaking freed bytes into a Ruby String. Affects only the CRuby (libxml2) implementation; JRuby is not affected.
Vulnerability in the Nokogiri library for Ruby allows out-of-bounds memory read via the Nokogiri::XML::NodeSet#[] method (and its alias #slice). The issue stems from incorrect bounds checking where the index is truncated to 32 bits before validation, allowing a very large negative index to pass the check and read outside allocated memory. On CRuby this causes process crashes, on JRuby it returns an incorrect node.
Dell Display and Peripheral Manager (DDPM Mac) versions prior to 2.3 contain an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability, allowing a low privileged attacker with local access to potentially execute commands.
Winstone Servlet Engine through 0.9.10 contains a path traversal vulnerability that allows unauthenticated attackers to read arbitrary files by sending HTTP GET requests with dot-dot-slash sequences. Attackers can traverse outside the webroot directory, potentially exposing sensitive data.
Versions of Forminator up to 1.53.1 are vulnerable to unauthenticated Cross Site Scripting (XSS). An attacker can exploit this vulnerability to inject malicious JavaScript code.
In JS Help Desk versions <= 3.1.1, there is a vulnerability that allows subscribers to delete arbitrary files.
PHP Object Injection vulnerability in EventPrime plugin versions up to 4.3.4.1 allows subscribers to inject malicious PHP objects. This can lead to remote code execution or other unauthorized actions on the server.
The TablePress plugin for WordPress versions 3.3.1 and earlier contains an unauthenticated Cross Site Scripting (XSS) vulnerability. An attacker can inject malicious JavaScript code without requiring authentication.
Post Snippets versions up to 4.0.19 contain a remote code execution (RCE) vulnerability, allowing attackers to execute unauthorized code on the server.
There is a Cross Site Scripting (XSS) vulnerability in Advanced Order Export For WooCommerce versions <= 4.0.9 that can be exploited by attackers to inject malicious code.
The Master Slider plugin versions up to 3.11.2 contain an unauthenticated Cross Site Scripting (XSS) vulnerability. An attacker can inject malicious JavaScript code without authentication.

