Lucene search
K

8375 matches found

RedhatCVE
RedhatCVE
added 3 days ago9 views

CVE-2026-55693

Vim is an open source, command line text editor. Prior to 9.2.0653, the treecountwords function in src/spellfile.c fills in the word-count fields of a spell-file word trie by walking it iteratively with a depth counter. The counter is bounded only by the trie structure itself; it is never checked...

8.4CVSS6.1AI score0.00126EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 3 days ago7 views

Linux Distros Unpatched Vulnerability : CVE-2026-59858

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vim is an open source, command line text editor. Prior to 9.2.0735, the C omni-completion script in runtime/autoload/ccomplete.vim interpolates the typeref: or...

8.4CVSS6.2AI score0.00137EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 3 days ago6 views

Linux Distros Unpatched Vulnerability : CVE-2026-59857

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vim is an open source, command line text editor. Prior to 9.2.0725, the single-byte branch of spellsoundfoldsal in src/spell.c translates a word through a spell...

5.6CVSS6.1AI score0.00107EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 3 days ago7 views

Linux Distros Unpatched Vulnerability : CVE-2026-59856

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vim is an open source, command line text editor. Prior to 9.2.0736, the PHP omni-completion script in runtime/autoload/phpcomplete.vim interpolates a class or...

8.4CVSS6.2AI score0.00169EPSS
Exploits1References3
NVD
NVD
added 4 days ago6 views

CVE-2026-59856

Vim is an open source, command line text editor. Prior to 9.2.0736, the PHP omni-completion script in runtime/autoload/phpcomplete.vim interpolates a class or trait name, taken from the contents of the edited buffer, into a search pattern that is run via winexecute without escaping. A name...

8.4CVSS0.00169EPSS
Exploits1References2
NVD
NVD
added 4 days ago6 views

CVE-2026-59858

Vim is an open source, command line text editor. Prior to 9.2.0735, the C omni-completion script in runtime/autoload/ccomplete.vim interpolates the typeref: or typename: extension field of a tags entry, without escaping, into a :vimgrep pattern that is run through :execute. Because :vimgrep honor...

8.4CVSS0.00137EPSS
Exploits0References2
NVD
NVD
added 4 days ago12 views

CVE-2026-59857

Vim is an open source, command line text editor. Prior to 9.2.0725, the single-byte branch of spellsoundfoldsal in src/spell.c translates a word through a spell file's SAL sound-folding rules into a caller-owned result buffer, but its result writes are guarded with reslen MAXWLEN, allowing reslen...

5.6CVSS0.00107EPSS
Exploits0References2
Cvelist
Cvelist
added 4 days ago44 views

CVE-2026-59856 Vim: Arbitrary Code Execution via PHP Omni-Completion

Vim is an open source, command line text editor. Prior to 9.2.0736, the PHP omni-completion script in runtime/autoload/phpcomplete.vim interpolates a class or trait name, taken from the contents of the edited buffer, into a search pattern that is run via winexecute without escaping. A name...

8.4CVSS0.00169EPSS
Exploits1References2
Debian CVE
Debian CVE
added 4 days ago5 views

CVE-2026-59856

Vim is an open source, command line text editor. Prior to 9.2.0736, the PHP omni-completion script in runtime/autoload/phpcomplete.vim interpolates a class or trait name, taken from the contents of the edited buffer, into a search pattern that is run via winexecute without escaping. A name...

8.4CVSS6.3AI score0.00169EPSS
Exploits1
CVE
CVE
added 4 days ago11 views

CVE-2026-59856

Vim (opensource editor) vulnerability CVE-2026-59856 affects versions prior to 9.2.0736. The PHP omni-completion script in runtime/autoload/phpcomplete.vim interpolates a class/trait name from the edited buffer into a search() pattern executed by win_execute() without escaping. If the name contai...

8.4CVSS6.2AI score0.00169EPSS
Exploits1References2Affected Software1
AlpineLinux
AlpineLinux
added 4 days ago4 views

CVE-2026-59856

Vim is an open source, command line text editor. Prior to 9.2.0736, the PHP omni-completion script in runtime/autoload/phpcomplete.vim interpolates a class or trait name, taken from the contents of the edited buffer, into a search pattern that is run via winexecute without escaping. A name...

8.4CVSS6.3AI score0.00169EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 4 days ago5 views

CVE-2026-59856

Vim is an open source, command line text editor. Prior to 9.2.0736, the PHP omni-completion script in runtime/autoload/phpcomplete.vim interpolates a class or trait name, taken from the contents of the edited buffer, into a search pattern that is run via winexecute without escaping. A name...

8.4CVSS6.2AI score0.00169EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 4 days ago43 views

CVE-2026-59858 Vim: Arbitrary Code Execution via C Omni-Completion

Vim is an open source, command line text editor. Prior to 9.2.0735, the C omni-completion script in runtime/autoload/ccomplete.vim interpolates the typeref: or typename: extension field of a tags entry, without escaping, into a :vimgrep pattern that is run through :execute. Because :vimgrep honor...

8.4CVSS0.00137EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 4 days ago6 views

CVE-2026-59858

Vim is an open source, command line text editor. Prior to 9.2.0735, the C omni-completion script in runtime/autoload/ccomplete.vim interpolates the typeref: or typename: extension field of a tags entry, without escaping, into a :vimgrep pattern that is run through :execute. Because :vimgrep honor...

8.4CVSS6AI score0.00137EPSS
Exploits0References3Affected Software1
CVE
CVE
added 4 days ago10 views

CVE-2026-59858

Vim prior to 9.2.0735 is affected by CVE-2026-59858 where the C omni-completion script in runtime/autoload/ccomplete.vim interpolates the typeref: or typename: entry field into a :vimgrep pattern without escaping. This allows a crafted tag field to close the search pattern and append an arbitrary...

8.4CVSS6AI score0.00137EPSS
Exploits0References2Affected Software1
Debian CVE
Debian CVE
added 4 days ago4 views

CVE-2026-59858

Vim is an open source, command line text editor. Prior to 9.2.0735, the C omni-completion script in runtime/autoload/ccomplete.vim interpolates the typeref: or typename: extension field of a tags entry, without escaping, into a :vimgrep pattern that is run through :execute. Because :vimgrep honor...

8.4CVSS6.2AI score0.00137EPSS
Exploits0
Cvelist
Cvelist
added 4 days ago47 views

CVE-2026-59857 Vim: Out-of-bounds Write in SAL Soundfolding

Vim is an open source, command line text editor. Prior to 9.2.0725, the single-byte branch of spellsoundfoldsal in src/spell.c translates a word through a spell file's SAL sound-folding rules into a caller-owned result buffer, but its result writes are guarded with reslen MAXWLEN, allowing reslen...

5.6CVSS0.00107EPSS
Exploits0References2
Debian CVE
Debian CVE
added 4 days ago4 views

CVE-2026-59857

Vim is an open source, command line text editor. Prior to 9.2.0725, the single-byte branch of spellsoundfoldsal in src/spell.c translates a word through a spell file's SAL sound-folding rules into a caller-owned result buffer, but its result writes are guarded with reslen MAXWLEN, allowing reslen...

5.6CVSS6.1AI score0.00107EPSS
Exploits0
ATTACKERKB
ATTACKERKB
added 4 days ago5 views

CVE-2026-59857

Vim is an open source, command line text editor. Prior to 9.2.0725, the single-byte branch of spellsoundfoldsal in src/spell.c translates a word through a spell file's SAL sound-folding rules into a caller-owned result buffer, but its result writes are guarded with reslen MAXWLEN, allowing reslen...

5.6CVSS6AI score0.00107EPSS
Exploits0References3Affected Software1
CVE
CVE
added 4 days ago12 views

CVE-2026-59857

Vim (up to version 9.2.0724) is affected by an out-of-bounds write in spell_soundfold_sal() in src/spell.c. The single-byte branch translates words via a SAL sound-folding rule into a caller-owned buffer, but reslen

5.6CVSS6AI score0.00107EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder