vim

252 tracked vulnerabilities.

CVE-2026-59858 HIGH
Vim: Arbitrary Code Execution via C Omni-Completion
Jul 09, 2026
CVSS 7.8
EPSS 0.00
CVE-2026-59857 MEDIUM
Vim < 9.2.0725 - SAL Soundfolding Out-of-Bounds Write
Jul 09, 2026
CVSS 5.5
EPSS 0.00
CVE-2026-59856 HIGH
Vim: Arbitrary Code Execution via PHP Omni-Completion
Jul 09, 2026
CVSS 7.8
EPSS 0.00
CVE-2026-57456 HIGH
Vim: Arbitrary Code Execution via Python Omni-Completion Docstrings
Jun 25, 2026
CVSS 7.8
EPSS 0.00
CVE-2026-57455 HIGH
Vim: Stack out-of-bounds write in `spell_soundfold_sofo()` via an over-length `soundfold()` argument
Jun 25, 2026
CVSS 7.8
EPSS 0.00
CVE-2026-57454 MEDIUM
Vim: Out-of-bounds Read with Text Properties
Jun 25, 2026
CVSS 6.1
EPSS 0.00
CVE-2026-57453 MEDIUM
Vim: PowerShell Command Injection via Unescaped Filename in zip.vim Extraction
Jun 25, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-57452 MEDIUM
Vim: Out-of-bounds Read with libsodium-encrypted Files
Jun 25, 2026
CVSS 5.5
EPSS 0.00
CVE-2026-57451 MEDIUM
Vim: Out-of-bounds Read in Text Property Count
Jun 25, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-55895 HIGH
Vim: Vimscript Code Injection in netrw NetrwLocalRmFile() via crafted filename
Jun 25, 2026
CVSS 7.8
EPSS 0.00
CVE-2026-55892 MEDIUM
Vim: Out-of-bounds Write in Spell File Prefix Dump
Jun 25, 2026
CVSS 5.5
EPSS 0.00
CVE-2026-55693 HIGH
Vim: Out-of-bounds Write in Spell File Word Count
Jun 25, 2026
CVSS 7.8
EPSS 0.00
CVE-2026-52860 HIGH
Vim: Arbitrary Code Execution via Python Omni-Completion
Jun 11, 2026
CVSS 7.8
EPSS 0.00
CVE-2026-52859 HIGH
Vim: Out-of-bounds Read in Terminal Screen Snapshot
Jun 11, 2026
CVSS 8.2
EPSS 0.00
CVE-2026-52858 HIGH
Vim: Arbitrary Code Execution via Python Omni-Completion
Jun 11, 2026
CVSS 7.8
EPSS 0.00
CVE-2026-47167 MEDIUM
Vim: Vimscript Code Injection in cucumber filetype plugin via crafted step-definition regex
Jun 11, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-47162 HIGH
Vim: Vimscript Code Injection in netrw NetrwBookHistSave() via crafted directory name
Jun 11, 2026
CVSS 8.8
EPSS 0.00
CVE-2026-46483 LOW
Vim: Command injection in tar#Vimuntar via missing shellescape {special} flag
May 15, 2026
CVSS 3.6
EPSS 0.01
CVE-2026-45130 MEDIUM
Vim: Heap Buffer Overflow in spell file loading
May 08, 2026
CVSS 6.6
EPSS 0.00
CVE-2026-44656 MEDIUM
Vim path Completion - OS Command Injection
May 08, 2026
CVSS 5.3
EPSS 0.01
CVE-2026-42307 MEDIUM
Vim netrw - OS Command Injection
May 08, 2026
CVSS 4.4
EPSS 0.01
CVE-2026-41411 MEDIUM
Vim < 9.2.0357 - OS Command Injection via Tag File Processing
Apr 24, 2026
CVSS 6.6
EPSS 0.01
CVE-2026-39881 MEDIUM
Vim Ex command injection in Vims NetBeans integration
Apr 08, 2026
CVSS 5.0
EPSS 0.01
CVE-2026-35177 MEDIUM
Vim < 9.2.0280 zip.vim - Path Traversal Arbitrary File Overwrite
Apr 06, 2026
CVSS 4.1
EPSS 0.00
CVE-2026-34982 HIGH
Vim modeline bypass via various options affects Vim < 9.2.0276
Apr 06, 2026
CVSS 8.2
EPSS 0.00