7 matches found
CVE-2026-11487 Neovim View Branch secure.lua M.read command injection
A flaw has been found in Neovim up to 0.12.2. Affected by this issue is the function M.read of the file runtime/lua/vim/secure.lua of the component View Branch. Executing a manipulation of the argument path can lead to command injection. It is possible to launch the attack on the local host. The...
NewStart CGSL MAIN 6.06 (SP) : vim Vulnerability (NS-SA-2026-0010)
The remote NewStart CGSL host, running version MAIN 6.06 SP, has vim packages installed that are affected by a vulnerability: - getchar.c in Vim before 8.1.1365 and Neovim before 0.3.6 allows remote attackers to execute arbitrary OS commands via the :source! command in a modeline, as demonstrated...
SUSE CVE-2019-12735
getchar.c in Vim before 8.1.1365 and Neovim before 0.3.6 allows remote attackers to execute arbitrary OS commands via the :source! command in a modeline, as demonstrated by execute in Vim, and assertfails or nviminput in Neovim...
Your Linux Can Get Hacked Just by Opening a File in Vim or Neovim Editor
Linux users, beware! If you haven't recently updated your Linux operating system, especially the command-line text editor utility, do not even try to view the content of a file using Vim or Neovim. Security researcher Armin Razmjou recently discovered a high-severity arbitrary OS command executio...
Vim and Neovim Arbitrary Code Execution Vulnerability
Vim is an editor for the UNIX platform.Neovim is a refactored version of Vim. An arbitrary code execution vulnerability exists in the Vim and Neovim getchar.c file, which allows remote attackers to exploit the vulnerability by submitting a special file request that induces the user to parse it,...
Vim&Neovim Arbitrary Code Execution Vulnerability
Vim is a text editor developed from vi. Neovim is a refactoring project based on the vim source code. An arbitrary code execution vulnerability exists in Vim and Neovim, which can be exploited to execute arbitrary commands on a target machine by tricking a user into opening a crafted file using v...
UBUNTU-CVE-2019-12735
getchar.c in Vim before 8.1.1365 and Neovim before 0.3.6 allows remote attackers to execute arbitrary OS commands via the :source! command in a modeline, as demonstrated by execute in Vim, and assertfails or nviminput in Neovim...