CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

243 matches found

CVE-2026-55895

Vim is an open source, command line text editor. Prior to 9.2.0663, a Vimscript code injection vulnerability exists in s:NetrwLocalRmFile in the netrw plugin runtime/pack/dist/opt/netrw/autoload/netrw.vim when deleting a local file from the browser. A filename derived from the buffer's directory...

8.4CVSS0.00154EPSS

Exploits0References3

Cvelist•added 2 days ago•31 views

CVE-2026-55895 Vim: Vimscript Code Injection in netrw NetrwLocalRmFile() via crafted filename

8.4CVSS0.00154EPSS

Exploits0References3

CVE•added 2 days ago•8 views

CVE-2026-55895

Summary: CVE-2026-55895 affects Vim prior to 9.2.0663 due to a Vimscript code injection in the netrw plugin (s:NetrwLocalRmFile()) when deleting a local file from the browser. A filename derived from the buffer’s directory listing is interpolated into an Ex command line, with only backslashes esc...

8.4CVSS6.2AI score0.00154EPSS

Exploits0References3Affected Software1

AlpineLinux•added 2 days ago•4 views

CVE-2026-55895

8.4CVSS6.2AI score0.00154EPSS

Exploits0References3

Tenable Nessus•added 5 days ago•4 views

Amazon Linux 2023 : vim-common, vim-data, vim-default-editor (ALAS2023-2026-1862)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1862 advisory. Vim is an open source, command line text editor. Prior to 9.2.0280, a path traversal bypass in Vim's zip.vim plugin allows overwriting of arbitrary files when opening specially crafted zip...

8.8CVSS7.8AI score0.00917EPSS

Exploits1References26

Tenable Nessus•added 5 days ago•3 views

Amazon Linux 2 : vim, --advisory ALAS2-2026-3368 (ALAS-2026-3368)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3368 advisory. Vim is an open source, command line text editor. Prior to version 9.2.0495, a Vimscript code injection vulnerability exists in s:NetrwBookHistSave in the netrw plugin...

8.8CVSS6.3AI score0.00269EPSS

Exploits0References10

OSV•added 2026/06/18 4:5 p.m.•8 views

USN-8451-1 vim vulnerabilities

Srinivas Piskala Ganesh Babu discovered that Vim incorrectly handled directory names when serializing browsed paths to the netrw history file. An attacker could possibly use this issue to execute arbitrary code. CVE-2026-47162 It was discovered that Vim incorrectly handled step-definition pattern...

8.8CVSS6AI score0.00303EPSS

Exploits0References6

SUSE CVE•added 2026/06/16 2:20 a.m.•7 views

SUSE CVE-2026-47162

Vim is an open source, command line text editor. Prior to version 9.2.0495, a Vimscript code injection vulnerability exists in s:NetrwBookHistSave in the netrw plugin runtime/pack/dist/opt/netrw/autoload/netrw.vim when serializing browsed directory paths to the history file /.vim/.netrwhist. A...

8.8CVSS5.8AI score0.00269EPSS

Exploits0References3

Tenable Nessus•added 2026/06/14 12:0 a.m.•6 views

SUSE SLES15 Security Update : vim (SUSE-SU-2026:2313-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2313-1 advisory. This update for vim fixes the following issues - CVE-2026-39881: command injection in NetBeans interface can lead to arbitrary file...

7.8CVSS6.3AI score0.00917EPSS

Exploits1References20

Microsoft CVE•added 2026/06/13 8:1 a.m.•14 views

Vim: Vimscript Code Injection in netrw NetrwBookHistSave() via crafted directory name

...

8.8CVSS5.3AI score0.00269EPSS

Exploits0

Tenable Nessus•added 2026/06/12 12:0 a.m.•13 views

EulerOS Virtualization 2.13.1 : vim (EulerOS-SA-2026-2392)

According to the versions of the vim packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Vim is an open source, command line text editor. Prior to version 9.2.0202, a command injection vulnerability exists in Vim's glob...

8.2CVSS7.8AI score0.01162EPSS

Exploits0References11

Tenable Nessus•added 2026/06/12 12:0 a.m.•8 views

EulerOS Virtualization 2.13.0 : vim (EulerOS-SA-2026-2421)

8.2CVSS6.3AI score0.01162EPSS

Exploits0References11

NVD•added 2026/06/11 7:16 p.m.•31 views

CVE-2026-47162

8.8CVSS0.00269EPSS

Exploits0References3

OSV•added 2026/06/11 7:16 p.m.•7 views

UBUNTU-CVE-2026-47162

8.8CVSS5.8AI score0.00269EPSS

Exploits0References6

EUVD•added 2026/06/11 6:32 p.m.•8 views

EUVD-2026-36281

7.3CVSS5.9AI score0.00269EPSS

Exploits0References3

Vulnrichment•added 2026/06/11 6:32 p.m.•7 views

CVE-2026-47162 Vim: Vimscript Code Injection in netrw NetrwBookHistSave() via crafted directory name

7.3CVSS5.8AI score0.00269EPSS

Exploits0References3

Cvelist•added 2026/06/11 6:32 p.m.•32 views

CVE-2026-47162 Vim: Vimscript Code Injection in netrw NetrwBookHistSave() via crafted directory name

7.3CVSS0.00269EPSS

Exploits0References3

CVE•added 2026/06/11 6:32 p.m.•34 views

CVE-2026-47162

Vim (with the netrw plugin) is affected by CVE-2026-47162 due to a Vimscript code injection in s:NetrwBookHistSave() when serializing directory paths to the history file ~/.vim/.netrwhist. A directory name from the filesystem can be interpolated into a single-quoted Vimscript string literal witho...

8.8CVSS5.9AI score0.00269EPSS

Exploits0References3Affected Software1

AlpineLinux•added 2026/06/11 6:32 p.m.•6 views

CVE-2026-47162

8.8CVSS5.8AI score0.00269EPSS

Exploits0References3

CNNVD•added 2026/06/11 12:0 a.m.•17 views

Vim 注入漏洞

Vim is an open-source, cross-platform text editor developed by Vim developers. Versions of Vim prior to 9.2.0495 contained a vulnerability due to the netrw plugin. This vulnerability stemmed from the s:NetrwBookHistSave function in the netrw plugin, which inserted directory names derived from the...

8.8CVSS5.7AI score0.00269EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by