CVE-2026-35177
- EPSS 0.13%
- Veröffentlicht 06.04.2026 17:54:42
- Zuletzt bearbeitet 20.04.2026 18:28:03
Vim is an open source, command line text editor. Prior to 9.2.0280, a path traversal bypass in Vim's zip.vim plugin allows overwriting of arbitrary files when opening specially crafted zip archives, circumventing the previous fix for CVE-2025-53906. ...
CVE-2026-34982
- EPSS 0.47%
- Veröffentlicht 06.04.2026 15:16:48
- Zuletzt bearbeitet 07.07.2026 12:16:39
Vim is an open source, command line text editor. Prior to version 9.2.0276, a modeline sandbox bypass in Vim allows arbitrary OS command execution when a user opens a crafted file. The `complete`, `guitabtooltip` and `printheader` options are missing...
CVE-2026-34714
- EPSS 0.59%
- Veröffentlicht 30.03.2026 18:27:55
- Zuletzt bearbeitet 30.06.2026 03:18:57
Vim before 9.2.0272 allows code execution that happens immediately upon opening a crafted file in the default configuration, because %{expr} injection occurs with tabpanel lacking P_MLE.
CVE-2026-33412
- EPSS 0.83%
- Veröffentlicht 24.03.2026 19:43:07
- Zuletzt bearbeitet 30.06.2026 03:18:39
Vim is an open source, command line text editor. Prior to version 9.2.0202, a command injection vulnerability exists in Vim's glob() function on Unix-like systems. By including a newline character (\n) in a pattern passed to glob(), an attacker may b...
CVE-2026-32249
- EPSS 0.13%
- Veröffentlicht 12.03.2026 19:17:23
- Zuletzt bearbeitet 18.03.2026 11:50:06
Vim is an open source, command line text editor. From 9.1.0011 to before 9.2.0137, Vim's NFA regex compiler, when encountering a collection containing a combining character as the endpoint of a character range (e.g. [0-0\u05bb]), incorrectly emits th...
CVE-2026-28419
- EPSS 0.17%
- Veröffentlicht 27.02.2026 22:16:25
- Zuletzt bearbeitet 04.03.2026 21:22:05
Vim is an open source, command line text editor. Prior to version 9.2.0075, a heap-based buffer underflow exists in Vim's Emacs-style tags file parsing logic. When processing a malformed tags file where a delimiter appears at the start of a line, Vim...
CVE-2026-28420
- EPSS 0.18%
- Veröffentlicht 27.02.2026 22:16:25
- Zuletzt bearbeitet 04.03.2026 20:47:23
Vim is an open source, command line text editor. Prior to version 9.2.0076, a heap-based buffer overflow WRITE and an out-of-bounds READ exist in Vim's terminal emulator when processing maximum combining characters from Unicode supplementary planes. ...
CVE-2026-28421
- EPSS 0.18%
- Veröffentlicht 27.02.2026 22:16:25
- Zuletzt bearbeitet 04.03.2026 20:47:36
Vim is an open source, command line text editor. Versions prior to 9.2.0077 have a heap-buffer-overflow and a segmentation fault (SEGV) exist in Vim's swap file recovery logic. Both are caused by unvalidated fields read from crafted pointer blocks wi...
CVE-2026-28422
- EPSS 0.14%
- Veröffentlicht 27.02.2026 22:16:25
- Zuletzt bearbeitet 04.03.2026 20:44:22
Vim is an open source, command line text editor. Prior to version 9.2.0078, a stack-buffer-overflow occurs in `build_stl_str_hl()` when rendering a statusline with a multi-byte fill character on a very wide terminal. Version 9.2.0078 patches the issu...
CVE-2026-28418
- EPSS 0.22%
- Veröffentlicht 27.02.2026 21:58:37
- Zuletzt bearbeitet 03.03.2026 17:49:55
Vim is an open source, command line text editor. Prior to version 9.2.0074, a heap-based buffer overflow out-of-bounds read exists in Vim's Emacs-style tags file parsing logic. When processing a malformed tags file, Vim can be tricked into reading up...