CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

264 matches found

CVE-2026-57456

Vim is an open source, command line text editor. Prior to 9.2.0699, Vim's Python omni-completion runtime/autoload/python3complete.vim and the legacy pythoncomplete.vim executes reconstructed function and class definitions from the current buffer with exec as part of populating the completion...

8.4CVSS0.00144EPSS

Exploits0References3

Cvelist•added 4 days ago•31 views

CVE-2026-57456 Vim: Arbitrary Code Execution via Python Omni-Completion Docstrings

8.4CVSS0.00144EPSS

Exploits0References3

AlpineLinux•added 4 days ago•10 views

CVE-2026-57456

8.4CVSS6.1AI score0.00144EPSS

Exploits0References3

CVE•added 4 days ago•11 views

CVE-2026-57456

Vim (prior to 9.2.0699) is vulnerable in its Python omni-completion: during reconstruction of function/class definitions, docstrings are inlined between triple quotes without escaping, allowing a hostile buffer to break out of the literal and execute attacker-controlled Python during omni-complet...

8.4CVSS6.1AI score0.00144EPSS

Exploits0References3Affected Software1

EUVD•added 4 days ago•6 views

EUVD-2026-39436

8.4CVSS6.1AI score0.00144EPSS

Exploits0References3

AstraLinux•added 2026/06/19 11:10 a.m.•6 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: “IB/isert: Fix incorrect release of isert connection” The commit with the ID 699826f4e30a “IB/isert: Fix incorrect release of isert connection” is causing problems when DEVICEREMOVAL occurs in OPA. ------------ Cut here...

5.2AI score0.00195EPSS

Exploits0References2

OSV•added 2026/06/18 4:5 p.m.•8 views

USN-8451-1 vim vulnerabilities

Srinivas Piskala Ganesh Babu discovered that Vim incorrectly handled directory names when serializing browsed paths to the netrw history file. An attacker could possibly use this issue to execute arbitrary code. CVE-2026-47162 It was discovered that Vim incorrectly handled step-definition pattern...

8.8CVSS6AI score0.00303EPSS

Exploits0References6

RedhatCVE•added 2026/06/18 3:45 p.m.•6 views

CVE-2026-52860

A flaw was found in Vim, an open-source command-line text editor. The Python omni-completion feature executes reconstructed function and class definitions from the current buffer. A remote attacker can exploit this by crafting a hostile buffer, leading to the execution of attacker-controlled Pyth...

8CVSS5.8AI score0.00225EPSS

Exploits0References7

Tenable Nessus•added 2026/06/18 12:0 a.m.•6 views

Vim < 9.2.0561 Code Injection (GHSA-52mc-rq6p-rc7c)

The version of Vim installed on the remote host is prior to 9.2.0561. It is, therefore, affected by a vulnerability as referenced in the GHSA-52mc-rq6p-rc7c advisory. - The Python omni-completion script python3complete.vim for Vim with the +python3 interpreter enabled executes import and from...

7.8CVSS6.3AI score0.00201EPSS

Exploits0References2

Tenable Nessus•added 2026/06/18 12:0 a.m.•10 views

Vim < 9.2.0597 Code Execution (GHSA-65p9-mwwx-7468)

The version of Vim installed on the remote host is prior to 9.2.0597. It is, therefore, affected by a vulnerability as referenced in the GHSA-65p9-mwwx-7468 advisory. - Vim's Python omni-completion executes reconstructed function and class definitions from the current buffer with exec as part of...

7.8CVSS6.2AI score0.00225EPSS

Exploits0References2

Microsoft CVE•added 2026/06/13 8:1 a.m.•14 views

Vim: Arbitrary Code Execution via Python Omni-Completion

...

7.8CVSS5.3AI score0.00201EPSS

Exploits0

NVD•added 2026/06/11 7:16 p.m.•16 views

CVE-2026-52860

Vim is an open source, command line text editor. Prior to version 9.2.0597, Vim's Python omni-completion executes reconstructed function and class definitions from the current buffer with exec as part of populating the completion dictionary. Python evaluates function default values, parameter...

7.8CVSS0.00225EPSS

Exploits0References4

OSV•added 2026/06/11 7:16 p.m.•6 views

ALPINE-CVE-2026-52860

7.8CVSS5.6AI score0.00225EPSS

Exploits0References1

OSV•added 2026/06/11 7:16 p.m.•5 views

ALPINE-CVE-2026-52858

Vim is an open source, command line text editor. Prior to version 9.2.0561, the Python omni-completion script in python3complete.vim for Vim with the +python3 interpreter enabled and the legacy pythoncomplete.vim for builds with the +python interpreter executes the import and from statements foun...

7.8CVSS5.5AI score0.00201EPSS

Exploits0References1

OSV•added 2026/06/11 7:16 p.m.•6 views

UBUNTU-CVE-2026-52860

7.8CVSS5.6AI score0.00225EPSS

Exploits0References7

OSV•added 2026/06/11 7:16 p.m.•7 views

UBUNTU-CVE-2026-52858

7.8CVSS5.5AI score0.00201EPSS

Exploits0References6

AlpineLinux•added 2026/06/11 6:33 p.m.•7 views

CVE-2026-52860

7.8CVSS5.7AI score0.00225EPSS

Exploits0References4

CVE•added 2026/06/11 6:33 p.m.•38 views

CVE-2026-52860

Vim before version 9.2.0597 is affected by a Python omni-completion vulnerability: reconstructed function and class definitions from the current buffer are executed via exec(), allowing attacker-controlled Python expressions to run during completion. This can impact confidentiality, integrity, an...

7.8CVSS5.8AI score0.00225EPSS

Exploits0References4Affected Software1

EUVD•added 2026/06/11 6:33 p.m.•8 views

EUVD-2026-36285

7.5CVSS5.8AI score0.00225EPSS

Exploits0References4