Lucene search
K

441 matches found

RedHat Linux
RedHat Linux
added 2026/05/19 6:37 p.m.13 views

vim: arbitrary command execution via modeline sandbox bypass

A flaw was found in Vim. A modeline is used to set specific editor options directly from a text file. However, the complete, guitabtooltip, printheader options and the mapset function lack proper security checks, allowing an attacker to bypass restrictions and cause arbitrary OS command execution...

8.2CVSS6.3AI score0.0047EPSS
Exploits0References8
OSV
OSV
added 2026/05/19 12:0 a.m.20 views

ALSA-2026:19073 Important: vim security update

Vim Vi IMproved is an updated and improved version of the vi editor. Security Fixes: vim: arbitrary command execution via modeline sandbox bypass CVE-2026-34982 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information, refer to...

8.2CVSS6.5AI score0.0047EPSS
Exploits0References4
NVD
NVD
added 2026/05/15 3:16 p.m.16 views

CVE-2026-46483

Vim is an open source, command line text editor. Prior to 9.2.0479, a command injection vulnerability exists in tarVimuntar in runtime/autoload/tar.vim when decompressing .tgz archives on Unix-like systems. The function builds :!gunzip and :!gzip -d commands using shellescapetartail without the...

7CVSS0.00552EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2026/05/15 3:16 p.m.10 views

CVE-2026-46483

Vim is an open source, command line text editor. Prior to 9.2.0479, a command injection vulnerability exists in tarVimuntar in runtime/autoload/tar.vim when decompressing .tgz archives on Unix-like systems. The function builds :!gunzip and :!gzip -d commands using shellescapetartail without the...

7CVSS5.9AI score0.00552EPSS
Exploits0References5
Debian CVE
Debian CVE
added 2026/05/15 2:57 p.m.12 views

CVE-2026-46483

Vim is an open source, command line text editor. Prior to 9.2.0479, a command injection vulnerability exists in tarVimuntar in runtime/autoload/tar.vim when decompressing .tgz archives on Unix-like systems. The function builds :!gunzip and :!gzip -d commands using shellescapetartail without the...

7CVSS5.9AI score0.00552EPSS
Exploits0
OSV
OSV
added 2026/05/15 2:0 p.m.8 views

OESA-2026-2297 vim security update

Vim is an advanced text editor that seeks to provide the power of the de-facto Unix editor 'Vi', with a more complete feature set. Vim is a highly configurable text editor built to enable efficient text editing. It is an improved version of the vi editor distributed with most UNIX systems. Securi...

6.6CVSS5.8AI score0.00501EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2026/05/11 2:14 p.m.16 views

SUSE CVE-2026-42307

Vim is an open source, command line text editor. Prior to version 9.2.0383, an OS command injection vulnerability exists in the netrw standard plugin bundled with Vim. By inducing a user to open a crafted URL e.g., using the sftp:// or file:// protocol handlers, an attacker can execute arbitrary...

7.8CVSS6AI score0.00774EPSS
Exploits0References13
OSV
OSV
added 2026/05/09 12:30 p.m.7 views

OESA-2026-2204 vim security update

Vim is an advanced text editor that seeks to provide the power of the de-facto Unix editor 'Vi', with a more complete feature set. Vim is a highly configurable text editor built to enable efficient text editing. It is an improved version of the vi editor distributed with most UNIX systems. Securi...

6.6CVSS5.8AI score0.00501EPSS
Exploits0References2
OSV
OSV
added 2026/05/09 12:30 p.m.7 views

OESA-2026-2203 vim security update

Vim is an advanced text editor that seeks to provide the power of the de-facto Unix editor 'Vi', with a more complete feature set. Vim is a highly configurable text editor built to enable efficient text editing. It is an improved version of the vi editor distributed with most UNIX systems. Securi...

6.6CVSS5.8AI score0.00501EPSS
Exploits0References2
OSV
OSV
added 2026/05/09 12:30 p.m.5 views

OESA-2026-2202 vim security update

Vim is an advanced text editor that seeks to provide the power of the de-facto Unix editor 'Vi', with a more complete feature set. Vim is a highly configurable text editor built to enable efficient text editing. It is an improved version of the vi editor distributed with most UNIX systems. Securi...

6.6CVSS5.8AI score0.00501EPSS
Exploits0References2
NVD
NVD
added 2026/05/08 11:16 p.m.16 views

CVE-2026-45130

Vim is an open source, command line text editor. Prior to version 9.2.0450, a heap buffer overflow exists in readcompound in src/spellfile.c when loading a crafted spell file .spl with UTF-8 encoding active. An attacker-controlled length field in the spell file's compound section overflows a 32-b...

6.6CVSS0.00248EPSS
Exploits1References4
OSV
OSV
added 2026/05/08 11:16 p.m.12 views

ALPINE-CVE-2026-42307

Vim is an open source, command line text editor. Prior to version 9.2.0383, an OS command injection vulnerability exists in the netrw standard plugin bundled with Vim. By inducing a user to open a crafted URL e.g., using the sftp:// or file:// protocol handlers, an attacker can execute arbitrary...

4.4CVSS6AI score0.00774EPSS
Exploits0References1
OSV
OSV
added 2026/05/08 11:16 p.m.7 views

DEBIAN-CVE-2026-42307

Vim is an open source, command line text editor. Prior to version 9.2.0383, an OS command injection vulnerability exists in the netrw standard plugin bundled with Vim. By inducing a user to open a crafted URL e.g., using the sftp:// or file:// protocol handlers, an attacker can execute arbitrary...

4.4CVSS6AI score0.00774EPSS
Exploits0References1
OSV
OSV
added 2026/05/08 11:16 p.m.9 views

UBUNTU-CVE-2026-44656

Vim is an open source, command line text editor. Prior to version 9.2.0435, an OS command injection vulnerability exists in Vim's :find command-line completion. When the path option contains backtick-enclosed shell commands, those commands are executed during file name completion. Because the pat...

5.3CVSS6AI score0.00917EPSS
Exploits0References6
UbuntuCve
UbuntuCve
added 2026/05/08 11:16 p.m.15 views

CVE-2026-42307

Vim is an open source, command line text editor. Prior to version 9.2.0383, an OS command injection vulnerability exists in the netrw standard plugin bundled with Vim. By inducing a user to open a crafted URL e.g., using the sftp:// or file:// protocol handlers, an attacker can execute arbitrary...

4.4CVSS5.9AI score0.00774EPSS
Exploits0References5
Debian CVE
Debian CVE
added 2026/05/08 10:42 p.m.10 views

CVE-2026-45130

Vim is an open source, command line text editor. Prior to version 9.2.0450, a heap buffer overflow exists in readcompound in src/spellfile.c when loading a crafted spell file .spl with UTF-8 encoding active. An attacker-controlled length field in the spell file's compound section overflows a 32-b...

6.6CVSS5.9AI score0.00248EPSS
Exploits1
Cvelist
Cvelist
added 2026/05/08 10:42 p.m.38 views

CVE-2026-45130 Vim: Heap Buffer Overflow in spell file loading

Vim is an open source, command line text editor. Prior to version 9.2.0450, a heap buffer overflow exists in readcompound in src/spellfile.c when loading a crafted spell file .spl with UTF-8 encoding active. An attacker-controlled length field in the spell file's compound section overflows a 32-b...

6.6CVSS0.00248EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/05/08 10:40 p.m.11 views

CVE-2026-44656 Vim: OS Command Injection via 'path' completion

Vim is an open source, command line text editor. Prior to version 9.2.0435, an OS command injection vulnerability exists in Vim's :find command-line completion. When the path option contains backtick-enclosed shell commands, those commands are executed during file name completion. Because the pat...

4.6CVSS6AI score0.00917EPSS
Exploits0References3
AlpineLinux
AlpineLinux
added 2026/05/08 10:40 p.m.12 views

CVE-2026-44656

Vim is an open source, command line text editor. Prior to version 9.2.0435, an OS command injection vulnerability exists in Vim's :find command-line completion. When the path option contains backtick-enclosed shell commands, those commands are executed during file name completion. Because the pat...

5.3CVSS6AI score0.00917EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2026/05/08 10:38 p.m.7 views

CVE-2026-42307

Vim is an open source, command line text editor. Prior to version 9.2.0383, an OS command injection vulnerability exists in the netrw standard plugin bundled with Vim. By inducing a user to open a crafted URL e.g., using the sftp:// or file:// protocol handlers, an attacker can execute arbitrary...

4.4CVSS6AI score0.00774EPSS
Exploits0
Rows per page
Query Builder