Lucene search
K

135 matches found

OSV
OSV
added 2026/07/06 6:29 a.m.5 views

OESA-2026-2862 vim security update

Vim is an advanced text editor that seeks to provide the power of the de-facto Unix editor 'Vi', with a more complete feature set. Vim is a highly configurable text editor built to enable efficient text editing. It is an improved version of the vi editor distributed with most UNIX systems. Securi...

8.4CVSS6.2AI score0.00154EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/07/02 12:0 a.m.8 views

Vim < 9.2.0663 Code Injection (GHSA-vhh8-v6wx-hjjh)

The version of Vim installed on the remote host is prior to 9.2.0663. It is, therefore, affected by a vulnerability. - A Vimscript code injection vulnerability exists in s:NetrwLocalRmFile in the netrw plugin runtime/pack/dist/opt/netrw/autoload/netrw.vim when deleting a local file from the...

8.4CVSS6.3AI score0.00154EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/29 11:48 a.m.6 views

CVE-2026-47162

A flaw was found in Vim, an open-source text editor. This vulnerability, located in the netrw plugin, involves a code injection issue when the editor processes directory paths. A malicious directory name, if crafted by an attacker, could bypass security measures and allow for the execution of...

8.8CVSS6.4AI score0.00219EPSS
Exploits0References6
NVD
NVD
added 2026/06/25 4:16 p.m.10 views

CVE-2026-55895

Vim is an open source, command line text editor. Prior to 9.2.0663, a Vimscript code injection vulnerability exists in s:NetrwLocalRmFile in the netrw plugin runtime/pack/dist/opt/netrw/autoload/netrw.vim when deleting a local file from the browser. A filename derived from the buffer's directory...

8.4CVSS0.00154EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/25 3:31 p.m.45 views

CVE-2026-55895 Vim: Vimscript Code Injection in netrw NetrwLocalRmFile() via crafted filename

Vim is an open source, command line text editor. Prior to 9.2.0663, a Vimscript code injection vulnerability exists in s:NetrwLocalRmFile in the netrw plugin runtime/pack/dist/opt/netrw/autoload/netrw.vim when deleting a local file from the browser. A filename derived from the buffer's directory...

8.4CVSS0.00154EPSS
Exploits0References3
AlpineLinux
AlpineLinux
added 2026/06/25 3:31 p.m.11 views

CVE-2026-55895

Vim is an open source, command line text editor. Prior to 9.2.0663, a Vimscript code injection vulnerability exists in s:NetrwLocalRmFile in the netrw plugin runtime/pack/dist/opt/netrw/autoload/netrw.vim when deleting a local file from the browser. A filename derived from the buffer's directory...

8.4CVSS6.2AI score0.00154EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.11 views

PT-2026-52474

Name of the Vulnerable Software and Affected Versions Vim versions prior to 9.2.0663 Description A Vimscript code injection issue exists in the s:NetrwLocalRmFile function within the netrw plugin runtime/pack/dist/opt/netrw/autoload/netrw.vim when deleting a local file from the browser. The probl...

8.4CVSS6.1AI score0.00154EPSS
Exploits0References21
Tenable Nessus
Tenable Nessus
added 2026/06/22 12:0 a.m.5 views

Amazon Linux 2 : vim, --advisory ALAS2-2026-3368 (ALAS-2026-3368)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3368 advisory. Vim is an open source, command line text editor. Prior to version 9.2.0495, a Vimscript code injection vulnerability exists in s:NetrwBookHistSave in the netrw plugin...

8.8CVSS6.3AI score0.00224EPSS
Exploits0References10
NVD
NVD
added 2026/06/11 7:16 p.m.40 views

CVE-2026-47162

Vim is an open source, command line text editor. Prior to version 9.2.0495, a Vimscript code injection vulnerability exists in s:NetrwBookHistSave in the netrw plugin runtime/pack/dist/opt/netrw/autoload/netrw.vim when serializing browsed directory paths to the history file /.vim/.netrwhist. A...

8.8CVSS0.00219EPSS
Exploits0References6
OSV
OSV
added 2026/06/11 7:16 p.m.12 views

UBUNTU-CVE-2026-47162

Vim is an open source, command line text editor. Prior to version 9.2.0495, a Vimscript code injection vulnerability exists in s:NetrwBookHistSave in the netrw plugin runtime/pack/dist/opt/netrw/autoload/netrw.vim when serializing browsed directory paths to the history file /.vim/.netrwhist. A...

8.8CVSS5.8AI score0.00219EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/06/11 6:32 p.m.40 views

CVE-2026-47162 Vim: Vimscript Code Injection in netrw NetrwBookHistSave() via crafted directory name

Vim is an open source, command line text editor. Prior to version 9.2.0495, a Vimscript code injection vulnerability exists in s:NetrwBookHistSave in the netrw plugin runtime/pack/dist/opt/netrw/autoload/netrw.vim when serializing browsed directory paths to the history file /.vim/.netrwhist. A...

7.3CVSS0.00219EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.22 views

Vim 注入漏洞

Vim is an open-source, cross-platform text editor developed by Vim developers. Versions of Vim prior to 9.2.0495 contained a vulnerability due to the netrw plugin. This vulnerability stemmed from the s:NetrwBookHistSave function in the netrw plugin, which inserted directory names derived from the...

8.8CVSS5.7AI score0.00219EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/11 12:0 a.m.16 views

PT-2026-48705

Name of the Vulnerable Software and Affected Versions Vim versions prior to 9.2.0495 Description A Vimscript code injection exists in the s:NetrwBookHistSave function within the netrw plugin. The issue occurs when serializing browsed directory paths to the history file /.vim/.netrwhist. A directo...

8.8CVSS5.7AI score0.00219EPSS
Exploits0References17
OSV
OSV
added 2026/06/09 5:28 p.m.11 views

USN-8415-1 vim vulnerabilities

It was discovered that Vim incorrectly handled marked filenames in the netrw plugin. An attacker could possibly use this issue to execute arbitrary code. CVE-2026-43961 It was discovered that Vim incorrectly handled filenames when decompressing certain archives. An attacker could possibly use thi...

7CVSS5.8AI score0.00552EPSS
Exploits0References3
Ubuntu
Ubuntu
added 2026/06/09 5:28 p.m.18 views

USN-8415-1: Vim vulnerabilities

It was discovered that Vim incorrectly handled marked filenames in the netrw plugin. An attacker could possibly use this issue to execute arbitrary code. CVE-2026-43961 It was discovered that Vim incorrectly handled filenames when decompressing certain archives. An attacker could possibly use thi...

7CVSS5.8AI score0.00552EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/06/08 12:0 a.m.10 views

TencentOS Server 4: vim (TSSA-2026:0317)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2026:0317 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...

5.3CVSS6.1AI score0.00917EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/06/02 12:0 a.m.13 views

SUSE SLES16 Security Update : vim (SUSE-SU-2026:21859-1)

The remote SUSE Linux SLES16 / SLESSAP16 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:21859-1 advisory. This update for vim fixes the following issues - CVE-2026-39881: command injection in NetBeans interface can lead to arbitrary fil...

7.8CVSS6.2AI score0.00917EPSS
Exploits1References20
OSV
OSV
added 2026/05/28 12:13 p.m.6 views

SUSE-SU-2026:21859-1 Security update for vim

This update for vim fixes the following issues - CVE-2026-39881: command injection in NetBeans interface can lead to arbitrary file reads and writes bsc1261833. - CVE-2026-42307: Prior to version 9.2.0383, an OS command injection vulnerability exists in the netrw standard plugin bundled with Vim...

7.8CVSS7.5AI score0.00917EPSS
Exploits1References14
OSV
OSV
added 2026/05/28 12:13 p.m.7 views

SUSE-SU-2026:21840-1 Security update for vim

This update for vim fixes the following issues - CVE-2026-39881: command injection in NetBeans interface can lead to arbitrary file reads and writes bsc1261833. - CVE-2026-42307: Prior to version 9.2.0383, an OS command injection vulnerability exists in the netrw standard plugin bundled with Vim...

7.8CVSS7.5AI score0.00917EPSS
Exploits1References14
OSV
OSV
added 2026/05/27 8:13 p.m.7 views

CLSA-2026-1779912818 Fix CVE(s): CVE-2026-42307

SECURITY UPDATE: OS command injection in the netrw plugin via crafted sftp:// or file:// URLs - debian/patches/CVE-2026-42307.patch: OS command injection in the netrw plugin via crafted sftp:// or file:// URLs - CVE-2026-42307...

4.4CVSS5.8AI score0.00774EPSS
Exploits0References1
Rows per page
Query Builder