Lucene search
K

257 matches found

OSV
OSV
added 2026/07/06 6:29 a.m.4 views

OESA-2026-2863 vim security update

Vim is an advanced text editor that seeks to provide the power of the de-facto Unix editor 'Vi', with a more complete feature set. Vim is a highly configurable text editor built to enable efficient text editing. It is an improved version of the vi editor distributed with most UNIX systems. Securi...

8.8CVSS6.3AI score0.00303EPSS
Exploits0References6
OSV
OSV
added 2026/07/06 6:29 a.m.5 views

OESA-2026-2862 vim security update

Vim is an advanced text editor that seeks to provide the power of the de-facto Unix editor 'Vi', with a more complete feature set. Vim is a highly configurable text editor built to enable efficient text editing. It is an improved version of the vi editor distributed with most UNIX systems. Securi...

8.4CVSS6.2AI score0.00154EPSS
Exploits0References4
Ubuntu
Ubuntu
added 2026/07/02 4:46 p.m.16 views

USN-8500-1: Vim vulnerabilities

It was discovered that Vim incorrectly handled path traversal in the zip.vim plugin. An attacker could possibly use this issue to overwrite arbitrary files. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. CVE-2026-35177 It was...

8.4CVSS5.9AI score0.00154EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/07/02 12:0 a.m.8 views

Vim < 9.2.0663 Code Injection (GHSA-vhh8-v6wx-hjjh)

The version of Vim installed on the remote host is prior to 9.2.0663. It is, therefore, affected by a vulnerability. - A Vimscript code injection vulnerability exists in s:NetrwLocalRmFile in the netrw plugin runtime/pack/dist/opt/netrw/autoload/netrw.vim when deleting a local file from the...

8.4CVSS6.3AI score0.00154EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/07/01 5:42 a.m.9 views

CVE-2026-55895

A flaw was found in Vim, specifically within the netrw plugin. A local user could exploit a Vimscript code injection vulnerability by attempting to delete a specially crafted local file from the browser. This crafted filename, containing a bar character, could be interpolated into an Ex command,...

8.4CVSS6.5AI score0.00154EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/06/30 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2026-55895

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vim is an open source, command line text editor. Prior to 9.2.0663, a Vimscript code injection vulnerability exists in s:NetrwLocalRmFile in the netrw plugin...

8.4CVSS6.3AI score0.00154EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/29 11:48 a.m.7 views

CVE-2026-47162

A flaw was found in Vim, an open-source text editor. This vulnerability, located in the netrw plugin, involves a code injection issue when the editor processes directory paths. A malicious directory name, if crafted by an attacker, could bypass security measures and allow for the execution of...

8.8CVSS6.4AI score0.00219EPSS
Exploits0References6
NVD
NVD
added 2026/06/25 4:16 p.m.10 views

CVE-2026-55895

Vim is an open source, command line text editor. Prior to 9.2.0663, a Vimscript code injection vulnerability exists in s:NetrwLocalRmFile in the netrw plugin runtime/pack/dist/opt/netrw/autoload/netrw.vim when deleting a local file from the browser. A filename derived from the buffer's directory...

8.4CVSS0.00154EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/25 3:31 p.m.50 views

CVE-2026-55895 Vim: Vimscript Code Injection in netrw NetrwLocalRmFile() via crafted filename

Vim is an open source, command line text editor. Prior to 9.2.0663, a Vimscript code injection vulnerability exists in s:NetrwLocalRmFile in the netrw plugin runtime/pack/dist/opt/netrw/autoload/netrw.vim when deleting a local file from the browser. A filename derived from the buffer's directory...

8.4CVSS0.00154EPSS
Exploits0References3
OSV
OSV
added 2026/06/25 3:31 p.m.2 views

CVE-2026-55895 Vim: Vimscript Code Injection in netrw NetrwLocalRmFile() via crafted filename

Vim is an open source, command line text editor. Prior to 9.2.0663, a Vimscript code injection vulnerability exists in s:NetrwLocalRmFile in the netrw plugin runtime/pack/dist/opt/netrw/autoload/netrw.vim when deleting a local file from the browser. A filename derived from the buffer's directory...

8.4CVSS6.2AI score0.00154EPSS
Exploits0References5
CVE
CVE
added 2026/06/25 3:31 p.m.60 views

CVE-2026-55895

Summary: CVE-2026-55895 affects Vim prior to 9.2.0663 due to a Vimscript code injection in the netrw plugin (s:NetrwLocalRmFile()) when deleting a local file from the browser. A filename derived from the buffer’s directory listing is interpolated into an Ex command line, with only backslashes esc...

8.4CVSS6.2AI score0.00154EPSS
Exploits0References3Affected Software1
AlpineLinux
AlpineLinux
added 2026/06/25 3:31 p.m.11 views

CVE-2026-55895

Vim is an open source, command line text editor. Prior to 9.2.0663, a Vimscript code injection vulnerability exists in s:NetrwLocalRmFile in the netrw plugin runtime/pack/dist/opt/netrw/autoload/netrw.vim when deleting a local file from the browser. A filename derived from the buffer's directory...

8.4CVSS6.2AI score0.00154EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/06/23 12:0 a.m.4 views

Oracle Linux 9 : vim (ELSA-2026-19224)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-19224 advisory. - RHEL-159630 CVE-2026-33412 vim: Vim: Arbitrary code execution via command injection in glob function - RHEL-155438 CVE-2026-28417 vim: Vim: Arbitrary code...

8.2CVSS6.6AI score0.01162EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2026/06/22 12:0 a.m.5 views

Amazon Linux 2023 : vim-common, vim-data, vim-default-editor (ALAS2023-2026-1862)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1862 advisory. Vim is an open source, command line text editor. Prior to 9.2.0280, a path traversal bypass in Vim's zip.vim plugin allows overwriting of arbitrary files when opening specially crafted zip...

8.8CVSS7.8AI score0.00917EPSS
Exploits1References26
Tenable Nessus
Tenable Nessus
added 2026/06/22 12:0 a.m.6 views

Amazon Linux 2 : vim, --advisory ALAS2-2026-3368 (ALAS-2026-3368)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3368 advisory. Vim is an open source, command line text editor. Prior to version 9.2.0495, a Vimscript code injection vulnerability exists in s:NetrwBookHistSave in the netrw plugin...

8.8CVSS6.3AI score0.00224EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.12 views

PT-2026-52474

Name of the Vulnerable Software and Affected Versions Vim versions prior to 9.2.0663 Description A Vimscript code injection issue exists in the s:NetrwLocalRmFile function within the netrw plugin runtime/pack/dist/opt/netrw/autoload/netrw.vim when deleting a local file from the browser. The probl...

8.4CVSS6.1AI score0.00154EPSS
Exploits0References21
Tenable Nessus
Tenable Nessus
added 2026/06/20 12:0 a.m.8 views

Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS : Vim vulnerabilities (USN-8451-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8451-1 advisory. Srinivas Piskala Ganesh Babu discovered that Vim incorrectly handled...

8.8CVSS6.2AI score0.00303EPSS
Exploits0References6
OSV
OSV
added 2026/06/18 4:5 p.m.9 views

USN-8451-1 vim vulnerabilities

Srinivas Piskala Ganesh Babu discovered that Vim incorrectly handled directory names when serializing browsed paths to the netrw history file. An attacker could possibly use this issue to execute arbitrary code. CVE-2026-47162 It was discovered that Vim incorrectly handled step-definition pattern...

8.8CVSS6AI score0.00303EPSS
Exploits0References6
Ubuntu
Ubuntu
added 2026/06/18 4:5 p.m.14 views

USN-8451-1: Vim vulnerabilities

Srinivas Piskala Ganesh Babu discovered that Vim incorrectly handled directory names when serializing browsed paths to the netrw history file. An attacker could possibly use this issue to execute arbitrary code. CVE-2026-47162 It was discovered that Vim incorrectly handled step-definition pattern...

8.8CVSS5.9AI score0.00303EPSS
Exploits0
SUSE CVE
SUSE CVE
added 2026/06/16 2:20 a.m.11 views

SUSE CVE-2026-47162

Vim is an open source, command line text editor. Prior to version 9.2.0495, a Vimscript code injection vulnerability exists in s:NetrwBookHistSave in the netrw plugin runtime/pack/dist/opt/netrw/autoload/netrw.vim when serializing browsed directory paths to the history file /.vim/.netrwhist. A...

8.8CVSS5.8AI score0.00219EPSS
Exploits0References3
Rows per page
Query Builder