441 matches found
CVE-2026-57455
Vim is an open source, command line text editor. Prior to 9.2.0698, the single-byte branch of spellsoundfoldsofo in src/spell.c translates a word through a spell file's SOFO sound-folding byte map into a caller-owned result buffer. Its copy loop advances the output index ri with no upper bound an...
PT-2026-52472
Name of the Vulnerable Software and Affected Versions Vim versions prior to 9.2.0653 Description The tree count words function in src/spellfile.c fails to validate a depth counter against the size of fixed MAXWLEN-element stack arrays, specifically arridx, curi, and wordcount. A specially crafted...
PT-2026-52481
Name of the Vulnerable Software and Affected Versions Vim versions prior to 9.2.0699 Description Python omni-completion in the text editor executes reconstructed function and class definitions from the current buffer using the exec function to populate the completion dictionary. Because docstring...
PT-2026-52477
Name of the Vulnerable Software and Affected Versions Vim versions prior to 9.2.0671 Description When opening a file encrypted using the VimCrypt04! or VimCrypt05! methods which utilize xchacha20poly1305 and require the +sodium feature, an unsigned length calculation underflows if the file body i...
RLSA-2026:28210 Moderate: vim security update
Vim Vi IMproved is an updated and improved version of the vi editor. Security Fixes: vim: Vim: Command injection allows arbitrary code execution via malicious tag files CVE-2026-41411 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other relate...
vim security update
An update is available for vim. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Vim Vi IMproved is an updated and improved version of the vi editor. Security...
vim: Vim: Command injection allows arbitrary code execution via malicious tag files
A flaw was found in Vim, an open-source command-line text editor. This command injection vulnerability occurs during tag file processing. A local user could craft a malicious tags file containing backtick syntax in the filename field. When Vim resolves a tag from this file, it executes the embedd...
Important: Red Hat Security Advisory: vim security update
An update for vim is now available for Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is availab...
vim: command injection when decompressing .tgz archives
A flaw was found in Vim. When decompressing .tgz archives, the Vimuntar function builds shell commands using shellescape without the special flag. This allows a specially crafted archive filename to trigger Vim cmdline-special expansion and execute arbitrary commands in the context of the current...
PT-2026-52473
Name of the Vulnerable Software and Affected Versions Vim versions prior to 9.2.0662 Description The dump prefixes function in src/spell.c iteratively walks a spell-file prefix trie using a depth counter to dump prefixes applying to a word. Because the counter is not checked against the size of t...
Astra Linux – Vulnerability in Vim
Improper validation of specified quantities in the input in the GitHub repository’s Vim/Vim version prior to 9.0.0218...
Astra Linux – Vulnerability in Vim
Buffer over-reading in the GitHub repository vim/vim before version 8.2.4974...
CVE-2026-52858
Vim is an open source, command line text editor. Prior to version 9.2.0561, the Python omni-completion script in python3complete.vim for Vim with the +python3 interpreter enabled and the legacy pythoncomplete.vim for builds with the +python interpreter executes the import and from statements foun...
ALPINE-CVE-2026-52858
Vim is an open source, command line text editor. Prior to version 9.2.0561, the Python omni-completion script in python3complete.vim for Vim with the +python3 interpreter enabled and the legacy pythoncomplete.vim for builds with the +python interpreter executes the import and from statements foun...
CVE-2026-47167
Vim is an open source, command line text editor. Prior to version 9.2.0496, a code injection vulnerability exists in s:stepmatch in the cucumber filetype plugin runtime/ftplugin/cucumber.vim on Vim builds with +ruby support. Step-definition patterns read from .rb files under the repository's...
UBUNTU-CVE-2026-52859
Vim is an open source, command line text editor. Prior to version 9.2.0565, the updatesnapshot function in src/terminal.c copies the visible terminal screen into the scrollback buffer when a snapshot is taken. For each screen cell it walks the cell's chars array with no upper bound, stopping only...
UBUNTU-CVE-2026-52858
Vim is an open source, command line text editor. Prior to version 9.2.0561, the Python omni-completion script in python3complete.vim for Vim with the +python3 interpreter enabled and the legacy pythoncomplete.vim for builds with the +python interpreter executes the import and from statements foun...
CVE-2026-52860 Vim: Arbitrary Code Execution via Python Omni-Completion
Vim is an open source, command line text editor. Prior to version 9.2.0597, Vim's Python omni-completion executes reconstructed function and class definitions from the current buffer with exec as part of populating the completion dictionary. Python evaluates function default values, parameter...
CVE-2026-52860
Vim is an open source, command line text editor. Prior to version 9.2.0597, Vim's Python omni-completion executes reconstructed function and class definitions from the current buffer with exec as part of populating the completion dictionary. Python evaluates function default values, parameter...
EUVD-2026-36283
Vim is an open source, command line text editor. Prior to version 9.2.0565, the updatesnapshot function in src/terminal.c copies the visible terminal screen into the scrollback buffer when a snapshot is taken. For each screen cell it walks the cell's chars array with no upper bound, stopping only...