Lucene search
K

249 matches found

Cvelist
Cvelist
added 2026/05/08 10:38 p.m.38 views

CVE-2026-42307 Vim: OS Command Injection in netrw

Vim is an open source, command line text editor. Prior to version 9.2.0383, an OS command injection vulnerability exists in the netrw standard plugin bundled with Vim. By inducing a user to open a crafted URL e.g., using the sftp:// or file:// protocol handlers, an attacker can execute arbitrary...

4.4CVSS0.00774EPSS
Exploits0References3
AlpineLinux
AlpineLinux
added 2026/05/08 10:38 p.m.12 views

CVE-2026-42307

Vim is an open source, command line text editor. Prior to version 9.2.0383, an OS command injection vulnerability exists in the netrw standard plugin bundled with Vim. By inducing a user to open a crafted URL e.g., using the sftp:// or file:// protocol handlers, an attacker can execute arbitrary...

4.4CVSS6AI score0.00774EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/08 12:0 a.m.13 views

Vim 操作系统命令注入漏洞

Vim is an open-source, cross-platform text editor developed by Vim developers. Versions of Vim prior to 9.2.0383 contained a vulnerability related to operating system command injection. This vulnerability stemmed from the netrw standard plugin, which allowed for OS command injection. This could...

4.4CVSS6.1AI score0.00774EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/05/04 12:0 a.m.8 views

Oracle Linux 9 : vim (ELSA-2026-11510)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-11510 advisory. - RHEL-155437 CVE-2026-28417 vim: Vim: Arbitrary code execution via OS command injection in the netrw plugin - RHEL-155422 CVE-2026-28421 vim: Vim: Denial of...

8.2CVSS6.4AI score0.01162EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/05/04 12:0 a.m.8 views

Oracle Linux 10 : vim (ELSA-2026-11389)

The remote Oracle Linux 10 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-11389 advisory. - RHEL-159615 CVE-2026-33412 vim: Vim: Arbitrary code execution via command injection in glob function - RHEL-155409 CVE-2026-28421 vim: Vim: Denial of servic...

8.2CVSS6.4AI score0.01162EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/04/30 12:0 a.m.17 views

Oracle Linux 8 : vim (ELSA-2026-11509)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-11509 advisory. - RHEL-159620 CVE-2026-33412 vim: Vim: Arbitrary code execution via command injection in glob function - RHEL-155428 CVE-2026-28417 vim: Vim: Arbitrary code...

8.2CVSS6.4AI score0.01162EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/04/29 12:0 a.m.10 views

PT-2026-39213

Name of the Vulnerable Software and Affected Versions Vim versions prior to 9.2.0383 Description An OS command injection issue exists in the netrw standard plugin. An attacker can execute arbitrary shell commands with the privileges of the Vim process by inducing a user to open a crafted URL,...

6.6CVSS6AI score0.00917EPSS
Exploits1References51
Oracle linux
Oracle linux
added 2026/04/29 12:0 a.m.11 views

vim security update

8.0.1763-22.0.1.el810.3 - Remove upstream references Orabug: 31197557 - Added glibc-gconv-extra to common requires to provide ISO-8859-2 Orabug: 34114984 2:8.0.1763-22.3 - Relates: RHEL-164956 vim: arbitrary command execution via modeline sandbox bypass 2:8.0.1763-22.2 - Resolves: RHEL-164956 vim...

8.2CVSS6.6AI score0.01162EPSS
Exploits0
Oracle linux
Oracle linux
added 2026/04/29 12:0 a.m.13 views

vim security update

8.2.2637-23.0.1.el97.3 - Remove upstream references Orabug: 31197557 2:8.2.2637-23.3 - Resolves: RHEL-164965 vim: arbitrary command execution via modeline sandbox bypass 2:8.2.2637-23.2 - RHEL-155437 CVE-2026-28417 vim: Vim: Arbitrary code execution via OS command injection in the netrw plugin -...

8.2CVSS6.6AI score0.01162EPSS
Exploits1
Oracle linux
Oracle linux
added 2026/04/28 12:0 a.m.10 views

vim security update

9.1.083-6.0.1.el101.4 - Remove upstream references Orabug: 31197557 2:9.1.083-6.4 - Resolves: RHEL-164951 vim: arbitrary command execution via modeline sandbox bypass 2:9.1.083-6.3 - RHEL-159615 CVE-2026-33412 vim: Vim: Arbitrary code execution via command injection in glob function 2:9.1.083-6.2...

8.2CVSS6.6AI score0.01162EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2026/04/17 12:0 a.m.8 views

MiracleLinux 9 : vim-8.2.2637-23.el9_7.2.ML.1 (AXSA:2026-447:08)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2026-447:08 advisory. vim: Vim: Arbitrary code execution via OS command injection in the netrw plugin CVE-2026-28417 vim: Vim: Denial of service and information disclosure...

7.8CVSS6.3AI score0.01162EPSS
Exploits0References4
OSV
OSV
added 2026/04/16 12:1 p.m.8 views

RLSA-2026:8259 Important: vim security update

Vim Vi IMproved is an updated and improved version of the vi editor. Security Fixes: vim: Vim: Arbitrary code execution via OS command injection in the netrw plugin CVE-2026-28417 vim: Vim: Denial of service and information disclosure via crafted swap file CVE-2026-28421 vim: Vim: Arbitrary code...

7.3CVSS6.4AI score0.01162EPSS
Exploits0References4
Rockylinux
Rockylinux
added 2026/04/16 12:1 p.m.4 views

vim security update

An update is available for vim. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Vim Vi IMproved is an updated and improved version of the vi editor. Security...

7.8CVSS6.5AI score0.01162EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/04/16 12:0 a.m.19 views

AlmaLinux 9 : vim (ALSA-2026:8259)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:8259 advisory. vim: Vim: Arbitrary code execution via OS command injection in the netrw plugin CVE-2026-28417 vim: Vim: Denial of service and information disclosure via...

7.8CVSS6.5AI score0.01162EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/04/16 12:0 a.m.19 views

RHEL 9 : vim (RHSA-2026:8259)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:8259 advisory. Vim Vi IMproved is an updated and improved version of the vi editor. Security Fixes: vim: Vim: Arbitrary code execution via OS command...

7.8CVSS6.3AI score0.01162EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2026/04/16 12:0 a.m.6 views

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: vim (UTSA-2026-007184)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007184 advisory. Vim is an open source, command line text editor. Prior to version 9.2.0073, an OS command injection vulnerability exists in the netrw standard plugin bundled with Vi...

7.8CVSS6.3AI score0.01162EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/04/16 12:0 a.m.11 views

RockyLinux 9 : vim (RLSA-2026:8259)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:8259 advisory. vim: Vim: Arbitrary code execution via OS command injection in the netrw plugin CVE-2026-28417 vim: Vim: Denial of service and information disclosure via...

7.8CVSS6.5AI score0.01162EPSS
Exploits0References7
Rockylinux
Rockylinux
added 2026/04/15 12:7 p.m.2 views

vim security update

An update is available for vim. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Vim Vi IMproved is an updated and improved version of the vi editor. Security...

7.8CVSS6.5AI score0.01162EPSS
Exploits0
OSV
OSV
added 2026/04/15 12:7 p.m.5 views

RLSA-2026:7711 Important: vim security update

Vim Vi IMproved is an updated and improved version of the vi editor. Security Fixes: vim: Vim: Arbitrary code execution via OS command injection in the netrw plugin CVE-2026-28417 vim: Vim: Denial of service and information disclosure via crafted swap file CVE-2026-28421 vim: Vim: Arbitrary code...

7.3CVSS6.4AI score0.01162EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/04/15 7:35 a.m.3 views

vim: Vim: Arbitrary code execution via OS command injection in the netrw plugin

A flaw was found in Vim, an open-source command-line text editor. Specifically, an operating system OS command injection vulnerability exists in the netrw standard plugin. A remote attacker could exploit this by tricking a user into opening a specially crafted URL, such as one using the scp://...

7.8CVSS6.3AI score0.01162EPSS
Exploits0References7
Rows per page
Query Builder