Lucene search
+L

8456 matches found

RedhatCVE
RedhatCVE
added 2026/07/03 12:7 p.m.7 views

CVE-2026-57456

There is a security flaw in Vim. If you use Vim to open a malicious file written by a hacker, and you use the auto-complete feature while typing, the file can secretly force your computer to run unauthorized commands or malware. Mitigation To mitigate this vulnerability, users should avoid openin...

8.4CVSS6AI score0.00144EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/07/03 9:43 a.m.10 views

Important: Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update

An update for Red Hat Hardened Images RPMs is now available. This update includes the following RPMs: vim: vim-X11-9.2.780-1.hum1 aarch64, x8664 vim-common-9.2.780-1.hum1 aarch64, x8664 vim-data-9.2.780-1.hum1 noarch vim-default-editor-9.2.780-1.hum1 noarch vim-enhanced-9.2.780-1.hum1 aarch64,...

8.4CVSS5.9AI score0.00169EPSS
Exploits1References7
Ubuntu
Ubuntu
added 2026/07/02 4:46 p.m.16 views

USN-8500-1: Vim vulnerabilities

It was discovered that Vim incorrectly handled path traversal in the zip.vim plugin. An attacker could possibly use this issue to overwrite arbitrary files. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. CVE-2026-35177 It was...

8.4CVSS5.9AI score0.00154EPSS
Exploits0
OSV
OSV
added 2026/07/02 10:17 a.m.3 views

RHSA-2026:34477 Red Hat Security Advisory: vim security update

Bulletin has no description...

8.2CVSS6.5AI score0.00552EPSS
Exploits0References30
OSV
OSV
added 2026/07/02 10:17 a.m.5 views

RHSA-2026:34476 Red Hat Security Advisory: vim security update

Bulletin has no description...

8.2CVSS6.5AI score0.00552EPSS
Exploits0References30
Tenable Nessus
Tenable Nessus
added 2026/07/02 12:0 a.m.7 views

Vim < 9.2.0662 Stack Out-of-Bounds Write (GHSA-qm9w-fmpj-879h)

The version of Vim installed on the remote host is prior to 9.2.0662. It is, therefore, affected by a vulnerability. - The dumpprefixes function in src/spell.c walks a spell-file prefix trie iteratively with a depth counter while dumping the prefixes that apply to a word. The counter is bounded...

5.5CVSS6.1AI score0.00122EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/07/02 12:0 a.m.4 views

Vim 9.2.0320 < 9.2.0679 Out-of-Bounds Read (GHSA-ww8h-47xp-hp4w)

The version of Vim installed on the remote host is between 9.2.0320 and 9.2.0679 exclusive. It is, therefore, affected by a vulnerability. - A crafted undo or swap file can store a virtual-text property whose offset and length point outside the line's property data. When Vim restores or displays...

6.8CVSS5.9AI score0.00119EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/07/02 12:0 a.m.19 views

Vim < 9.2.0653 Stack Out-of-Bounds Write (GHSA-wgh4-64f7-q3jq)

The version of Vim installed on the remote host is prior to 9.2.0653. It is, therefore, affected by a vulnerability. - The treecountwords function in src/spellfile.c fills in the word-count fields of a spell-file word trie by walking it iteratively with a depth counter. The counter is bounded onl...

8.4CVSS6.1AI score0.00126EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/07/02 12:0 a.m.8 views

Vim 9.1.1784 < 9.2.0678 Command Injection (GHSA-x5fg-h5w9-9frf)

The version of Vim installed on the remote host is between 9.1.1784 and 9.2.0678 exclusive. It is, therefore, affected by a vulnerability. - When the bundled zip plugin autoload/zip.vim falls back to PowerShell to browse, read, extract, update or delete entries in a zip archive, it builds the...

7.3CVSS6.3AI score0.00137EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/07/02 12:0 a.m.8 views

Vim < 9.2.0663 Code Injection (GHSA-vhh8-v6wx-hjjh)

The version of Vim installed on the remote host is prior to 9.2.0663. It is, therefore, affected by a vulnerability. - A Vimscript code injection vulnerability exists in s:NetrwLocalRmFile in the netrw plugin runtime/pack/dist/opt/netrw/autoload/netrw.vim when deleting a local file from the...

8.4CVSS6.3AI score0.00154EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/07/02 12:0 a.m.6 views

Vim < 9.2.0671 Out-of-Bounds Read (GHSA-c4j9-wr9j-4486)

The version of Vim installed on the remote host is prior to 9.2.0671. It is, therefore, affected by a vulnerability. - When Vim opens a file encrypted with the VimCrypt04! or VimCrypt05! method xchacha20poly1305, requires the +sodium feature whose body is shorter than a single libsodium...

5.5CVSS6AI score0.0012EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/07/01 7:58 p.m.6 views

vim: command injection when decompressing .tgz archives

A flaw was found in Vim. When decompressing .tgz archives, the Vimuntar function builds shell commands using shellescape without the special flag. This allows a specially crafted archive filename to trigger Vim cmdline-special expansion and execute arbitrary commands in the context of the current...

7CVSS6AI score0.00552EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2026/07/01 7:58 p.m.7 views

vim: Vim: Command injection allows arbitrary code execution via malicious tag files

A flaw was found in Vim, an open-source command-line text editor. This command injection vulnerability occurs during tag file processing. A local user could craft a malicious tags file containing backtick syntax in the filename field. When Vim resolves a tag from this file, it executes the embedd...

6.6CVSS6.4AI score0.00501EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2026/07/01 7:58 p.m.9 views

Important: Red Hat Security Advisory: vim security update

An update for vim is now available for Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions and Red Hat Enterprise Linux 8.8 Telecommunications Update Service. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System...

8.2CVSS7.2AI score0.00552EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/07/01 7:58 p.m.7 views

vim: zip.vim: Vim zip.vim plugin: Arbitrary file overwrite via path traversal bypass

A flaw was found in Vim's zip.vim plugin. A local user could be tricked into opening a specially crafted zip archive, which would allow a path traversal bypass. This vulnerability enables an attacker to overwrite arbitrary files on the system, potentially leading to data integrity issues or furth...

7.1CVSS5.9AI score0.00126EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/07/01 7:58 p.m.7 views

vim: arbitrary command execution via modeline sandbox bypass

A flaw was found in Vim. A modeline is used to set specific editor options directly from a text file. However, the complete, guitabtooltip, printheader options and the mapset function lack proper security checks, allowing an attacker to bypass restrictions and cause arbitrary OS command execution...

8.2CVSS7AI score0.0047EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2026/07/01 7:34 p.m.7 views

vim: command injection when decompressing .tgz archives

A flaw was found in Vim. When decompressing .tgz archives, the Vimuntar function builds shell commands using shellescape without the special flag. This allows a specially crafted archive filename to trigger Vim cmdline-special expansion and execute arbitrary commands in the context of the current...

7CVSS6AI score0.00552EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2026/07/01 7:34 p.m.7 views

vim: zip.vim: Vim zip.vim plugin: Arbitrary file overwrite via path traversal bypass

A flaw was found in Vim's zip.vim plugin. A local user could be tricked into opening a specially crafted zip archive, which would allow a path traversal bypass. This vulnerability enables an attacker to overwrite arbitrary files on the system, potentially leading to data integrity issues or furth...

7.1CVSS5.9AI score0.00126EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/07/01 7:34 p.m.5 views

vim: Vim: Command injection allows arbitrary code execution via malicious tag files

A flaw was found in Vim, an open-source command-line text editor. This command injection vulnerability occurs during tag file processing. A local user could craft a malicious tags file containing backtick syntax in the filename field. When Vim resolves a tag from this file, it executes the embedd...

6.6CVSS6.4AI score0.00501EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2026/07/01 7:34 p.m.5 views

vim: arbitrary command execution via modeline sandbox bypass

A flaw was found in Vim. A modeline is used to set specific editor options directly from a text file. However, the complete, guitabtooltip, printheader options and the mapset function lack proper security checks, allowing an attacker to bypass restrictions and cause arbitrary OS command execution...

8.2CVSS7.5AI score0.0047EPSS
Exploits0References8
Rows per page
Query Builder