1. Neovim Lua `package.path` Security Flaw: `./?.lua` Path Enables Arbitrary Code Execution
A critical security vulnerability in Neovim's default Lua configuration allows for arbitrary code execution when the editor is launched from an untrusted directory. The flaw stems from the default `package.path` search order, which prioritizes `./?.lua`—meaning `require()` will load modules from the current working dir...