Vim

Vim

232 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
3.6

CVE-2026-46483

  • EPSS 0.24%
  • Veröffentlicht 15.05.2026 14:57:31
  • Zuletzt bearbeitet 15.05.2026 15:16:54

Vim is an open source, command line text editor. Prior to 9.2.0479, a command injection vulnerability exists in tar#Vimuntar() in runtime/autoload/tar.vim when decompressing .tgz archives on Unix-like systems. The function builds :!gunzip and :!gzip ...

6.6

CVE-2026-45130

  • EPSS 0%
  • Veröffentlicht 08.05.2026 22:42:35
  • Zuletzt bearbeitet 14.05.2026 06:16:23

Vim is an open source, command line text editor. Prior to version 9.2.0450, a heap buffer overflow exists in read_compound() in src/spellfile.c when loading a crafted spell file (.spl) with UTF-8 encoding active. An attacker-controlled length field i...

5.3

CVE-2026-44656

  • EPSS 0.07%
  • Veröffentlicht 08.05.2026 22:40:49
  • Zuletzt bearbeitet 14.05.2026 13:59:30

Vim is an open source, command line text editor. Prior to version 9.2.0435, an OS command injection vulnerability exists in Vim's :find command-line completion. When the path option contains backtick-enclosed shell commands, those commands are execut...

4.4

CVE-2026-42307

  • EPSS 0.23%
  • Veröffentlicht 08.05.2026 22:38:53
  • Zuletzt bearbeitet 14.05.2026 13:55:49

Vim is an open source, command line text editor. Prior to version 9.2.0383, an OS command injection vulnerability exists in the netrw standard plugin bundled with Vim. By inducing a user to open a crafted URL (e.g., using the sftp:// or file:// proto...

6.6

CVE-2026-41411

  • EPSS 0.15%
  • Veröffentlicht 24.04.2026 16:51:39
  • Zuletzt bearbeitet 27.04.2026 13:39:23

Vim is an open source, command line text editor. Prior to 9.2.0357, A command injection vulnerability exists in Vim's tag file processing. When resolving a tag, the filename field from the tags file is passed through wildcard expansion to resolve env...

7.8

CVE-2026-39881

  • EPSS 0.03%
  • Veröffentlicht 08.04.2026 20:18:19
  • Zuletzt bearbeitet 22.04.2026 16:50:17

Vim is an open source, command line text editor. Prior to 9.2.0316, a command injection vulnerability in Vim's netbeans interface allows a malicious netbeans server to execute arbitrary Ex commands when Vim connects to it, via unsanitized strings in ...

7.1

CVE-2026-35177

  • EPSS 0.02%
  • Veröffentlicht 06.04.2026 17:54:42
  • Zuletzt bearbeitet 20.04.2026 18:28:03

Vim is an open source, command line text editor. Prior to 9.2.0280, a path traversal bypass in Vim's zip.vim plugin allows overwriting of arbitrary files when opening specially crafted zip archives, circumventing the previous fix for CVE-2025-53906. ...

8.2

CVE-2026-34982

Medienbericht
  • EPSS 0.03%
  • Veröffentlicht 06.04.2026 15:16:48
  • Zuletzt bearbeitet 22.04.2026 20:10:01

Vim is an open source, command line text editor. Prior to version 9.2.0276, a modeline sandbox bypass in Vim allows arbitrary OS command execution when a user opens a crafted file. The `complete`, `guitabtooltip` and `printheader` options are missing...

8.6

CVE-2026-34714

Medienbericht
  • EPSS 0.01%
  • Veröffentlicht 30.03.2026 18:27:55
  • Zuletzt bearbeitet 03.04.2026 12:16:18

Vim before 9.2.0272 allows code execution that happens immediately upon opening a crafted file in the default configuration, because %{expr} injection occurs with tabpanel lacking P_MLE.

7.3

CVE-2026-33412

  • EPSS 0.01%
  • Veröffentlicht 24.03.2026 19:43:07
  • Zuletzt bearbeitet 25.03.2026 21:59:14

Vim is an open source, command line text editor. Prior to version 9.2.0202, a command injection vulnerability exists in Vim's glob() function on Unix-like systems. By including a newline character (\n) in a pattern passed to glob(), an attacker may b...