CVE-2026-28417
- EPSS 1.16%
- Veröffentlicht 27.02.2026 21:54:35
- Zuletzt bearbeitet 03.03.2026 17:50:29
Vim is an open source, command line text editor. Prior to version 9.2.0073, an OS command injection vulnerability exists in the `netrw` standard plugin bundled with Vim. By inducing a user to open a crafted URL (e.g., using the `scp://` protocol hand...
CVE-2026-26269
- EPSS 0.28%
- Veröffentlicht 13.02.2026 19:18:41
- Zuletzt bearbeitet 18.02.2026 21:29:03
Vim is an open source, command line text editor. Prior to 9.1.2148, a stack buffer overflow vulnerability exists in Vim's NetBeans integration when processing the specialKeys command, affecting Vim builds that enable and use the NetBeans feature. The...
CVE-2026-25749
- EPSS 0.21%
- Veröffentlicht 06.02.2026 22:43:38
- Zuletzt bearbeitet 09.06.2026 18:28:09
Vim is an open source, command line text editor. Prior to version 9.1.2132, a heap buffer overflow vulnerability exists in Vim's tag file resolution logic when processing the 'helpfile' option. The vulnerability is located in the get_tagfname() funct...
CVE-2025-66476
- EPSS 0.44%
- Veröffentlicht 02.12.2025 21:49:24
- Zuletzt bearbeitet 30.01.2026 18:50:29
Vim is an open source, command line text editor. Prior to version 9.1.1947, an uncontrolled search path vulnerability on Windows allows Vim to execute malicious executables placed in the current working directory for the current edited file. On Windo...
CVE-2025-9390
- EPSS 0.25%
- Veröffentlicht 24.08.2025 14:15:32
- Zuletzt bearbeitet 29.04.2026 01:00:01
A security flaw has been discovered in vim up to 9.1.1615. Affected by this vulnerability is the function main of the file src/xxd/xxd.c of the component xxd. The manipulation results in buffer overflow. The attack requires a local approach. The expl...
CVE-2025-9389
- EPSS 0.2%
- Veröffentlicht 24.08.2025 13:15:29
- Zuletzt bearbeitet 29.04.2026 01:00:01
A vulnerability was identified in vim 9.1.0000. Affected is the function __memmove_avx_unaligned_erms of the file memmove-vec-unaligned-erms.S. The manipulation leads to memory corruption. The attack needs to be performed locally. The exploit is publ...
CVE-2025-55157
- EPSS 0.32%
- Veröffentlicht 11.08.2025 22:54:27
- Zuletzt bearbeitet 12.08.2025 18:50:20
Vim is an open source, command line text editor. In versions from 9.1.1231 to before 9.1.1400, When processing nested tuples in Vim script, an error during evaluation can trigger a use-after-free in Vim’s internal tuple reference management. Specific...
CVE-2025-55158
- EPSS 0.33%
- Veröffentlicht 11.08.2025 22:54:12
- Zuletzt bearbeitet 12.08.2025 18:49:05
Vim is an open source, command line text editor. In versions from 9.1.1231 to before 9.1.1406, when processing nested tuples during Vim9 script import operations, an error during evaluation can trigger a double-free in Vim’s internal typed value (typ...
CVE-2025-53906
- EPSS 0.73%
- Veröffentlicht 15.07.2025 20:52:40
- Zuletzt bearbeitet 01.04.2026 19:16:24
Vim is an open source, command line text editor. Prior to version 9.1.1551, a path traversal issue in Vim’s zip.vim plugin can allow overwriting of arbitrary files when opening specially crafted zip archives. Impact is low because this exploit requir...
CVE-2025-53905
- EPSS 0.24%
- Veröffentlicht 15.07.2025 20:48:34
- Zuletzt bearbeitet 04.11.2025 22:16:27
Vim is an open source, command line text editor. Prior to version 9.1.1552, a path traversal issue in Vim’s tar.vim plugin can allow overwriting of arbitrary files when opening specially crafted tar archives. Impact is low because this exploit requir...