CVE-2026-11487
- EPSS 0.92%
- Veröffentlicht 08.06.2026 04:15:11
- Zuletzt bearbeitet 08.06.2026 14:57:14
A flaw has been found in Neovim up to 0.12.2. Affected by this issue is the function M.read of the file runtime/lua/vim/secure.lua of the component View Branch. Executing a manipulation of the argument path can lead to command injection. It is possib...
CVE-2026-45130
- EPSS 0.25%
- Veröffentlicht 08.05.2026 22:42:35
- Zuletzt bearbeitet 09.06.2026 18:28:04
Vim is an open source, command line text editor. Prior to version 9.2.0450, a heap buffer overflow exists in read_compound() in src/spellfile.c when loading a crafted spell file (.spl) with UTF-8 encoding active. An attacker-controlled length field i...
CVE-2026-25749
- EPSS 0.21%
- Veröffentlicht 06.02.2026 22:43:38
- Zuletzt bearbeitet 09.06.2026 18:28:09
Vim is an open source, command line text editor. Prior to version 9.1.2132, a heap buffer overflow vulnerability exists in Vim's tag file resolution logic when processing the 'helpfile' option. The vulnerability is located in the get_tagfname() funct...
CVE-2025-22134
- EPSS 0.37%
- Veröffentlicht 13.01.2025 21:15:14
- Zuletzt bearbeitet 09.06.2026 18:28:13
When switching to other buffers using the :all command and visual mode still being active, this may cause a heap-buffer overflow, because Vim does not properly end visual mode and therefore may try to access beyond the end of a line in a buffer. In P...
CVE-2024-43374
- EPSS 0.35%
- Veröffentlicht 16.08.2024 02:15:17
- Zuletzt bearbeitet 09.06.2026 18:28:22
The UNIX editor Vim prior to version 9.1.0678 has a use-after-free error in argument list handling. When adding a new file to the argument list, this triggers `Buf*` autocommands. If in such an autocommand the buffer that was just opened is closed (i...
CVE-2021-4019
- EPSS 1.79%
- Veröffentlicht 01.12.2021 10:15:07
- Zuletzt bearbeitet 29.05.2026 20:09:37
vim is vulnerable to Heap-based Buffer Overflow
CVE-2019-12735
- EPSS 19.11%
- Veröffentlicht 05.06.2019 14:29:11
- Zuletzt bearbeitet 11.11.2025 17:15:34
getchar.c in Vim before 8.1.1365 and Neovim before 0.3.6 allows remote attackers to execute arbitrary OS commands via the :source! command in a modeline, as demonstrated by execute in Vim, and assert_fails or nvim_input in Neovim.