Lucene search
K

441 matches found

ATTACKERKB
ATTACKERKB
added 2026/06/25 3:22 p.m.7 views

CVE-2026-57455

Vim is an open source, command line text editor. Prior to 9.2.0698, the single-byte branch of spellsoundfoldsofo in src/spell.c translates a word through a spell file's SOFO sound-folding byte map into a caller-owned result buffer. Its copy loop advances the output index ri with no upper bound an...

7.1CVSS6.1AI score0.0012EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.7 views

PT-2026-52472

Name of the Vulnerable Software and Affected Versions Vim versions prior to 9.2.0653 Description The tree count words function in src/spellfile.c fails to validate a depth counter against the size of fixed MAXWLEN-element stack arrays, specifically arridx, curi, and wordcount. A specially crafted...

8.4CVSS5.7AI score0.00126EPSS
Exploits0References18
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.9 views

PT-2026-52481

Name of the Vulnerable Software and Affected Versions Vim versions prior to 9.2.0699 Description Python omni-completion in the text editor executes reconstructed function and class definitions from the current buffer using the exec function to populate the completion dictionary. Because docstring...

8.4CVSS6.6AI score0.00144EPSS
Exploits0References19
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.13 views

PT-2026-52477

Name of the Vulnerable Software and Affected Versions Vim versions prior to 9.2.0671 Description When opening a file encrypted using the VimCrypt04! or VimCrypt05! methods which utilize xchacha20poly1305 and require the +sodium feature, an unsigned length calculation underflows if the file body i...

7.8CVSS5.7AI score0.00137EPSS
Exploits0References17
OSV
OSV
added 2026/06/24 12:5 p.m.3 views

RLSA-2026:28210 Moderate: vim security update

Vim Vi IMproved is an updated and improved version of the vi editor. Security Fixes: vim: Vim: Command injection allows arbitrary code execution via malicious tag files CVE-2026-41411 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other relate...

7.3CVSS6.5AI score0.00501EPSS
Exploits0References2
Rockylinux
Rockylinux
added 2026/06/24 12:5 p.m.7 views

vim security update

An update is available for vim. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Vim Vi IMproved is an updated and improved version of the vi editor. Security...

6.6CVSS6.5AI score0.00501EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2026/06/23 11:12 p.m.6 views

vim: Vim: Command injection allows arbitrary code execution via malicious tag files

A flaw was found in Vim, an open-source command-line text editor. This command injection vulnerability occurs during tag file processing. A local user could craft a malicious tags file containing backtick syntax in the filename field. When Vim resolves a tag from this file, it executes the embedd...

6.6CVSS6.4AI score0.00501EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2026/06/23 6:43 a.m.5 views

Important: Red Hat Security Advisory: vim security update

An update for vim is now available for Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is availab...

8.2CVSS7AI score0.00552EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/06/22 10:23 p.m.11 views

vim: command injection when decompressing .tgz archives

A flaw was found in Vim. When decompressing .tgz archives, the Vimuntar function builds shell commands using shellescape without the special flag. This allows a specially crafted archive filename to trigger Vim cmdline-special expansion and execute arbitrary commands in the context of the current...

7CVSS6.1AI score0.00552EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.9 views

PT-2026-52473

Name of the Vulnerable Software and Affected Versions Vim versions prior to 9.2.0662 Description The dump prefixes function in src/spell.c iteratively walks a spell-file prefix trie using a depth counter to dump prefixes applying to a word. Because the counter is not checked against the size of t...

5.5CVSS5.8AI score0.00122EPSS
Exploits0References19
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerability in Vim

Improper validation of specified quantities in the input in the GitHub repository’s Vim/Vim version prior to 9.0.0218...

7.8CVSS6.7AI score0.00501EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.3 views

Astra Linux – Vulnerability in Vim

Buffer over-reading in the GitHub repository vim/vim before version 8.2.4974...

7.8CVSS6.8AI score0.00373EPSS
Exploits0References2
NVD
NVD
added 2026/06/11 7:16 p.m.12 views

CVE-2026-52858

Vim is an open source, command line text editor. Prior to version 9.2.0561, the Python omni-completion script in python3complete.vim for Vim with the +python3 interpreter enabled and the legacy pythoncomplete.vim for builds with the +python interpreter executes the import and from statements foun...

7.8CVSS0.00201EPSS
Exploits0References3
OSV
OSV
added 2026/06/11 7:16 p.m.5 views

ALPINE-CVE-2026-52858

Vim is an open source, command line text editor. Prior to version 9.2.0561, the Python omni-completion script in python3complete.vim for Vim with the +python3 interpreter enabled and the legacy pythoncomplete.vim for builds with the +python interpreter executes the import and from statements foun...

7.8CVSS5.5AI score0.00201EPSS
Exploits0References1
NVD
NVD
added 2026/06/11 7:16 p.m.11 views

CVE-2026-47167

Vim is an open source, command line text editor. Prior to version 9.2.0496, a code injection vulnerability exists in s:stepmatch in the cucumber filetype plugin runtime/ftplugin/cucumber.vim on Vim builds with +ruby support. Step-definition patterns read from .rb files under the repository's...

5.3CVSS0.00135EPSS
Exploits0References3
OSV
OSV
added 2026/06/11 7:16 p.m.6 views

UBUNTU-CVE-2026-52859

Vim is an open source, command line text editor. Prior to version 9.2.0565, the updatesnapshot function in src/terminal.c copies the visible terminal screen into the scrollback buffer when a snapshot is taken. For each screen cell it walks the cell's chars array with no upper bound, stopping only...

8.2CVSS5.5AI score0.00303EPSS
Exploits0References6
OSV
OSV
added 2026/06/11 7:16 p.m.10 views

UBUNTU-CVE-2026-52858

Vim is an open source, command line text editor. Prior to version 9.2.0561, the Python omni-completion script in python3complete.vim for Vim with the +python3 interpreter enabled and the legacy pythoncomplete.vim for builds with the +python interpreter executes the import and from statements foun...

7.8CVSS5.5AI score0.00201EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/06/11 6:33 p.m.37 views

CVE-2026-52860 Vim: Arbitrary Code Execution via Python Omni-Completion

Vim is an open source, command line text editor. Prior to version 9.2.0597, Vim's Python omni-completion executes reconstructed function and class definitions from the current buffer with exec as part of populating the completion dictionary. Python evaluates function default values, parameter...

7.5CVSS0.00224EPSS
Exploits0References4
AlpineLinux
AlpineLinux
added 2026/06/11 6:33 p.m.7 views

CVE-2026-52860

Vim is an open source, command line text editor. Prior to version 9.2.0597, Vim's Python omni-completion executes reconstructed function and class definitions from the current buffer with exec as part of populating the completion dictionary. Python evaluates function default values, parameter...

8CVSS5.7AI score0.00224EPSS
Exploits0References7
EUVD
EUVD
added 2026/06/11 6:33 p.m.10 views

EUVD-2026-36283

Vim is an open source, command line text editor. Prior to version 9.2.0565, the updatesnapshot function in src/terminal.c copies the visible terminal screen into the scrollback buffer when a snapshot is taken. For each screen cell it walks the cell's chars array with no upper bound, stopping only...

6.9CVSS5.7AI score0.00303EPSS
Exploits0References3
Rows per page
Query Builder