Lucene search
K

21 matches found

NVD
NVD
added last week9 views

CVE-2026-57456

Vim is an open source, command line text editor. Prior to 9.2.0699, Vim's Python omni-completion runtime/autoload/python3complete.vim and the legacy pythoncomplete.vim executes reconstructed function and class definitions from the current buffer with exec as part of populating the completion...

8.4CVSS0.00144EPSS
Exploits0References3
CVE
CVE
added last week14 views

CVE-2026-57456

Vim (prior to 9.2.0699) is vulnerable in its Python omni-completion: during reconstruction of function/class definitions, docstrings are inlined between triple quotes without escaping, allowing a hostile buffer to break out of the literal and execute attacker-controlled Python during omni-complet...

8.4CVSS6.1AI score0.00144EPSS
Exploits0References3Affected Software1
EUVD
EUVD
added last week7 views

EUVD-2026-39436

Vim is an open source, command line text editor. Prior to 9.2.0699, Vim's Python omni-completion runtime/autoload/python3complete.vim and the legacy pythoncomplete.vim executes reconstructed function and class definitions from the current buffer with exec as part of populating the completion...

8.4CVSS6.1AI score0.00144EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/06/20 12:0 a.m.8 views

Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS : Vim vulnerabilities (USN-8451-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8451-1 advisory. Srinivas Piskala Ganesh Babu discovered that Vim incorrectly handled...

8.8CVSS6.2AI score0.00303EPSS
Exploits0References6
OSV
OSV
added 2026/06/18 4:5 p.m.8 views

USN-8451-1 vim vulnerabilities

Srinivas Piskala Ganesh Babu discovered that Vim incorrectly handled directory names when serializing browsed paths to the netrw history file. An attacker could possibly use this issue to execute arbitrary code. CVE-2026-47162 It was discovered that Vim incorrectly handled step-definition pattern...

8.8CVSS6AI score0.00303EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/06/18 3:45 p.m.6 views

CVE-2026-52860

A flaw was found in Vim, an open-source command-line text editor. The Python omni-completion feature executes reconstructed function and class definitions from the current buffer. A remote attacker can exploit this by crafting a hostile buffer, leading to the execution of attacker-controlled Pyth...

8CVSS5.8AI score0.00224EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2026/06/18 12:0 a.m.6 views

Vim < 9.2.0561 Code Injection (GHSA-52mc-rq6p-rc7c)

The version of Vim installed on the remote host is prior to 9.2.0561. It is, therefore, affected by a vulnerability as referenced in the GHSA-52mc-rq6p-rc7c advisory. - The Python omni-completion script python3complete.vim for Vim with the +python3 interpreter enabled executes import and from...

7.8CVSS6.3AI score0.00201EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/18 12:0 a.m.10 views

Vim < 9.2.0597 Code Execution (GHSA-65p9-mwwx-7468)

The version of Vim installed on the remote host is prior to 9.2.0597. It is, therefore, affected by a vulnerability as referenced in the GHSA-65p9-mwwx-7468 advisory. - Vim's Python omni-completion executes reconstructed function and class definitions from the current buffer with exec as part of...

8CVSS6.2AI score0.00224EPSS
Exploits0References2
Microsoft CVE
Microsoft CVE
added 2026/06/13 8:1 a.m.15 views

Vim: Arbitrary Code Execution via Python Omni-Completion

...

7.8CVSS5.3AI score0.00201EPSS
Exploits0
OSV
OSV
added 2026/06/11 7:16 p.m.6 views

ALPINE-CVE-2026-52860

Vim is an open source, command line text editor. Prior to version 9.2.0597, Vim's Python omni-completion executes reconstructed function and class definitions from the current buffer with exec as part of populating the completion dictionary. Python evaluates function default values, parameter...

7.8CVSS5.6AI score0.00224EPSS
Exploits0References1
NVD
NVD
added 2026/06/11 7:16 p.m.17 views

CVE-2026-52860

Vim is an open source, command line text editor. Prior to version 9.2.0597, Vim's Python omni-completion executes reconstructed function and class definitions from the current buffer with exec as part of populating the completion dictionary. Python evaluates function default values, parameter...

8CVSS0.00224EPSS
Exploits0References7
OSV
OSV
added 2026/06/11 7:16 p.m.8 views

UBUNTU-CVE-2026-52858

Vim is an open source, command line text editor. Prior to version 9.2.0561, the Python omni-completion script in python3complete.vim for Vim with the +python3 interpreter enabled and the legacy pythoncomplete.vim for builds with the +python interpreter executes the import and from statements foun...

7.8CVSS5.5AI score0.00201EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/06/11 6:33 p.m.35 views

CVE-2026-52860 Vim: Arbitrary Code Execution via Python Omni-Completion

Vim is an open source, command line text editor. Prior to version 9.2.0597, Vim's Python omni-completion executes reconstructed function and class definitions from the current buffer with exec as part of populating the completion dictionary. Python evaluates function default values, parameter...

7.5CVSS0.00224EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/06/11 6:33 p.m.8 views

CVE-2026-52860 Vim: Arbitrary Code Execution via Python Omni-Completion

Vim is an open source, command line text editor. Prior to version 9.2.0597, Vim's Python omni-completion executes reconstructed function and class definitions from the current buffer with exec as part of populating the completion dictionary. Python evaluates function default values, parameter...

7.5CVSS5.6AI score0.00224EPSS
Exploits0References4
AlpineLinux
AlpineLinux
added 2026/06/11 6:33 p.m.7 views

CVE-2026-52860

Vim is an open source, command line text editor. Prior to version 9.2.0597, Vim's Python omni-completion executes reconstructed function and class definitions from the current buffer with exec as part of populating the completion dictionary. Python evaluates function default values, parameter...

8CVSS5.7AI score0.00224EPSS
Exploits0References7
CVE
CVE
added 2026/06/11 6:33 p.m.49 views

CVE-2026-52860

Vim before version 9.2.0597 is affected by a Python omni-completion vulnerability: reconstructed function and class definitions from the current buffer are executed via exec(), allowing attacker-controlled Python expressions to run during completion. This can impact confidentiality, integrity, an...

8CVSS5.8AI score0.00224EPSS
Exploits0References7Affected Software1
Cvelist
Cvelist
added 2026/06/11 6:32 p.m.35 views

CVE-2026-52858 Vim: Arbitrary Code Execution via Python Omni-Completion

Vim is an open source, command line text editor. Prior to version 9.2.0561, the Python omni-completion script in python3complete.vim for Vim with the +python3 interpreter enabled and the legacy pythoncomplete.vim for builds with the +python interpreter executes the import and from statements foun...

7.3CVSS0.00201EPSS
Exploits0References3
AlpineLinux
AlpineLinux
added 2026/06/11 6:32 p.m.8 views

CVE-2026-52858

Vim is an open source, command line text editor. Prior to version 9.2.0561, the Python omni-completion script in python3complete.vim for Vim with the +python3 interpreter enabled and the legacy pythoncomplete.vim for builds with the +python interpreter executes the import and from statements foun...

7.8CVSS5.5AI score0.00201EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.15 views

Vim 代码注入漏洞

Vim is an open-source, cross-platform text editor developed by Vim developers. Prior to Vim 9.2.0597, there was a code injection vulnerability. This vulnerability stemmed from Python’s omni-completion feature, which used exec to execute function and class definitions reconstructed from the curren...

8CVSS5.8AI score0.00224EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.13 views

Vim 代码注入漏洞

Vim is an open-source, cross-platform text editor developed by Vim developers. Prior to Vim 9.2.0561, there was a code injection vulnerability. This vulnerability stemmed from the Python omni-completion script, which executed import and from statements in the current buffer through the Python...

7.8CVSS5.6AI score0.00201EPSS
Exploits0References1
Rows per page
Query Builder