CVE-2026-52859
- EPSS 0.3%
- Veröffentlicht 11.06.2026 18:33:09
- Zuletzt bearbeitet 15.06.2026 13:12:47
Vim is an open source, command line text editor. Prior to version 9.2.0565, the update_snapshot() function in src/terminal.c copies the visible terminal screen into the scrollback buffer when a snapshot is taken. For each screen cell it walks the cel...
CVE-2026-52858
- EPSS 0.2%
- Veröffentlicht 11.06.2026 18:32:32
- Zuletzt bearbeitet 15.06.2026 13:32:35
Vim is an open source, command line text editor. Prior to version 9.2.0561, the Python omni-completion script in python3complete.vim for Vim with the +python3 interpreter enabled (and the legacy pythoncomplete.vim for builds with the +python interpre...
CVE-2026-47162
- EPSS 0.22%
- Veröffentlicht 11.06.2026 18:32:14
- Zuletzt bearbeitet 30.06.2026 03:20:23
Vim is an open source, command line text editor. Prior to version 9.2.0495, a Vimscript code injection vulnerability exists in s:NetrwBookHistSave() in the netrw plugin (runtime/pack/dist/opt/netrw/autoload/netrw.vim) when serializing browsed directo...
CVE-2026-47167
- EPSS 0.14%
- Veröffentlicht 11.06.2026 18:31:44
- Zuletzt bearbeitet 15.06.2026 13:32:14
Vim is an open source, command line text editor. Prior to version 9.2.0496, a code injection vulnerability exists in s:stepmatch() in the cucumber filetype plugin (runtime/ftplugin/cucumber.vim) on Vim builds with +ruby support. Step-definition patte...
- EPSS 0.55%
- Veröffentlicht 15.05.2026 14:57:31
- Zuletzt bearbeitet 19.05.2026 12:27:28
Vim is an open source, command line text editor. Prior to 9.2.0479, a command injection vulnerability exists in tar#Vimuntar() in runtime/autoload/tar.vim when decompressing .tgz archives on Unix-like systems. The function builds :!gunzip and :!gzip ...
CVE-2026-45130
- EPSS 0.25%
- Veröffentlicht 08.05.2026 22:42:35
- Zuletzt bearbeitet 09.06.2026 18:28:04
Vim is an open source, command line text editor. Prior to version 9.2.0450, a heap buffer overflow exists in read_compound() in src/spellfile.c when loading a crafted spell file (.spl) with UTF-8 encoding active. An attacker-controlled length field i...
CVE-2026-44656
- EPSS 0.92%
- Veröffentlicht 08.05.2026 22:40:49
- Zuletzt bearbeitet 14.05.2026 13:59:30
Vim is an open source, command line text editor. Prior to version 9.2.0435, an OS command injection vulnerability exists in Vim's :find command-line completion. When the path option contains backtick-enclosed shell commands, those commands are execut...
CVE-2026-42307
- EPSS 0.77%
- Veröffentlicht 08.05.2026 22:38:53
- Zuletzt bearbeitet 14.05.2026 13:55:49
Vim is an open source, command line text editor. Prior to version 9.2.0383, an OS command injection vulnerability exists in the netrw standard plugin bundled with Vim. By inducing a user to open a crafted URL (e.g., using the sftp:// or file:// proto...
CVE-2026-41411
- EPSS 0.5%
- Veröffentlicht 24.04.2026 16:51:39
- Zuletzt bearbeitet 27.04.2026 13:39:23
Vim is an open source, command line text editor. Prior to 9.2.0357, A command injection vulnerability exists in Vim's tag file processing. When resolving a tag, the filename field from the tags file is passed through wildcard expansion to resolve env...
CVE-2026-39881
- EPSS 0.62%
- Veröffentlicht 08.04.2026 20:18:19
- Zuletzt bearbeitet 22.04.2026 16:50:17
Vim is an open source, command line text editor. Prior to 9.2.0316, a command injection vulnerability in Vim's netbeans interface allows a malicious netbeans server to execute arbitrary Ex commands when Vim connects to it, via unsanitized strings in ...