Total
232 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-3294 | 1 Vim | 1 Vim | 2026-04-23 | 3.7 LOW | N/A |
| src/configure.in in Vim 5.0 through 7.1, when used for a build with Python support, does not ensure that the Makefile-conf temporary file has the intended ownership and permissions, which allows local users to execute arbitrary code by modifying this file during a time window, or by creating it ahead of time with permissions that prevent its modification by configure. | |||||
| CVE-2008-4677 | 1 Vim | 2 Netrw, Vim | 2026-04-23 | 4.3 MEDIUM | N/A |
| autoload/netrw.vim (aka the Netrw Plugin) 109, 131, and other versions before 133k for Vim 7.1.266, other 7.1 versions, and 7.2 stores credentials for an FTP session, and sends those credentials when attempting to establish subsequent FTP sessions to servers on different hosts, which allows remote FTP servers to obtain sensitive information in opportunistic circumstances by logging usernames and passwords. NOTE: the upstream vendor disputes a vector involving different ports on the same host, stating "I'm assuming that they're using the same id and password on that unchanged hostname, deliberately." | |||||
| CVE-2008-3432 | 1 Vim | 1 Vim | 2026-04-23 | 6.8 MEDIUM | N/A |
| Heap-based buffer overflow in the mch_expand_wildcards function in os_unix.c in Vim 6.2 and 6.3 allows user-assisted attackers to execute arbitrary code via shell metacharacters in filenames, as demonstrated by the netrw.v3 test case. | |||||
| CVE-2008-3075 | 1 Vim | 2 Vim, Zipplugin.vim | 2026-04-23 | 9.3 HIGH | N/A |
| The shellescape function in Vim 7.0 through 7.2, including 7.2a.10, allows user-assisted attackers to execute arbitrary code via the "!" (exclamation point) shell metacharacter in (1) the filename of a ZIP archive and possibly (2) the filename of the first file in a ZIP archive, which is not properly handled by zip.vim in the VIM ZIP plugin (zipPlugin.vim) v.11 through v.21, as demonstrated by the zipplugin and zipplugin.v2 test cases. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2008-2712. NOTE: this issue has the same root cause as CVE-2008-3074. NOTE: due to the complexity of the associated disclosures and the incomplete information related to them, there may be inaccuracies in this CVE description and in external mappings to this identifier. | |||||
| CVE-2008-4101 | 1 Vim | 1 Vim | 2026-04-23 | 9.3 HIGH | N/A |
| Vim 3.0 through 7.x before 7.2.010 does not properly escape characters, which allows user-assisted attackers to (1) execute arbitrary shell commands by entering a K keystroke on a line that contains a ";" (semicolon) followed by a command, or execute arbitrary Ex commands by entering an argument after a (2) "Ctrl-]" (control close-square-bracket) or (3) "g]" (g close-square-bracket) keystroke sequence, a different issue than CVE-2008-2712. | |||||
| CVE-2026-34982 | 1 Vim | 1 Vim | 2026-04-22 | N/A | 8.2 HIGH |
| Vim is an open source, command line text editor. Prior to version 9.2.0276, a modeline sandbox bypass in Vim allows arbitrary OS command execution when a user opens a crafted file. The `complete`, `guitabtooltip` and `printheader` options are missing the `P_MLE` flag, allowing a modeline to be executed. Additionally, the `mapset()` function lacks a `check_secure()` call, allowing it to be abused from sandboxed expressions. Commit 9.2.0276 fixes the issue. | |||||
| CVE-2026-39881 | 1 Vim | 1 Vim | 2026-04-22 | N/A | 5.0 MEDIUM |
| Vim is an open source, command line text editor. Prior to 9.2.0316, a command injection vulnerability in Vim's netbeans interface allows a malicious netbeans server to execute arbitrary Ex commands when Vim connects to it, via unsanitized strings in the defineAnnoType and specialKeys protocol messages. This vulnerability is fixed in 9.2.0316. | |||||
| CVE-2026-35177 | 1 Vim | 1 Vim | 2026-04-20 | N/A | 4.1 MEDIUM |
| Vim is an open source, command line text editor. Prior to 9.2.0280, a path traversal bypass in Vim's zip.vim plugin allows overwriting of arbitrary files when opening specially crafted zip archives, circumventing the previous fix for CVE-2025-53906. This vulnerability is fixed in 9.2.0280. | |||||
| CVE-2026-34714 | 1 Vim | 1 Vim | 2026-04-03 | N/A | 9.2 CRITICAL |
| Vim before 9.2.0272 allows code execution that happens immediately upon opening a crafted file in the default configuration, because %{expr} injection occurs with tabpanel lacking P_MLE. | |||||
| CVE-2025-53906 | 1 Vim | 1 Vim | 2026-04-01 | N/A | 4.1 MEDIUM |
| Vim is an open source, command line text editor. Prior to version 9.1.1551, a path traversal issue in Vim’s zip.vim plugin can allow overwriting of arbitrary files when opening specially crafted zip archives. Impact is low because this exploit requires direct user interaction. However, successfully exploitation can lead to overwriting sensitive files or placing executable code in privileged locations, depending on the permissions of the process editing the archive. The victim must edit such a file using Vim which will reveal the filename and the file content, a careful user may suspect some strange things going on. Successful exploitation could results in the ability to execute arbitrary commands on the underlying operating system. Version 9.1.1551 contains a patch for the vulnerability. | |||||
| CVE-2026-33412 | 1 Vim | 1 Vim | 2026-03-25 | N/A | 5.6 MEDIUM |
| Vim is an open source, command line text editor. Prior to version 9.2.0202, a command injection vulnerability exists in Vim's glob() function on Unix-like systems. By including a newline character (\n) in a pattern passed to glob(), an attacker may be able to execute arbitrary shell commands. This vulnerability depends on the user's 'shell' setting. This issue has been patched in version 9.2.0202. | |||||
| CVE-2026-32249 | 1 Vim | 1 Vim | 2026-03-18 | N/A | 5.3 MEDIUM |
| Vim is an open source, command line text editor. From 9.1.0011 to before 9.2.0137, Vim's NFA regex compiler, when encountering a collection containing a combining character as the endpoint of a character range (e.g. [0-0\u05bb]), incorrectly emits the composing bytes of that character as separate NFA states. This corrupts the NFA postfix stack, resulting in NFA_START_COLL having a NULL out1 pointer. When nfa_max_width() subsequently traverses the compiled NFA to estimate match width for the look-behind assertion, it dereferences state->out1->out without a NULL check, causing a segmentation fault. This vulnerability is fixed in 9.2.0137. | |||||
| CVE-2026-28419 | 1 Vim | 1 Vim | 2026-03-04 | N/A | 5.3 MEDIUM |
| Vim is an open source, command line text editor. Prior to version 9.2.0075, a heap-based buffer underflow exists in Vim's Emacs-style tags file parsing logic. When processing a malformed tags file where a delimiter appears at the start of a line, Vim attempts to read memory immediately preceding the allocated buffer. Version 9.2.0075 fixes the issue. | |||||
| CVE-2026-28421 | 1 Vim | 1 Vim | 2026-03-04 | N/A | 5.3 MEDIUM |
| Vim is an open source, command line text editor. Versions prior to 9.2.0077 have a heap-buffer-overflow and a segmentation fault (SEGV) exist in Vim's swap file recovery logic. Both are caused by unvalidated fields read from crafted pointer blocks within a swap file. Version 9.2.0077 fixes the issue. | |||||
| CVE-2026-28420 | 1 Vim | 1 Vim | 2026-03-04 | N/A | 4.4 MEDIUM |
| Vim is an open source, command line text editor. Prior to version 9.2.0076, a heap-based buffer overflow WRITE and an out-of-bounds READ exist in Vim's terminal emulator when processing maximum combining characters from Unicode supplementary planes. Version 9.2.0076 fixes the issue. | |||||
| CVE-2026-28422 | 1 Vim | 1 Vim | 2026-03-04 | N/A | 2.2 LOW |
| Vim is an open source, command line text editor. Prior to version 9.2.0078, a stack-buffer-overflow occurs in `build_stl_str_hl()` when rendering a statusline with a multi-byte fill character on a very wide terminal. Version 9.2.0078 patches the issue. | |||||
| CVE-2026-28417 | 1 Vim | 1 Vim | 2026-03-03 | N/A | 4.4 MEDIUM |
| Vim is an open source, command line text editor. Prior to version 9.2.0073, an OS command injection vulnerability exists in the `netrw` standard plugin bundled with Vim. By inducing a user to open a crafted URL (e.g., using the `scp://` protocol handler), an attacker can execute arbitrary shell commands with the privileges of the Vim process. Version 9.2.0073 fixes the issue. | |||||
| CVE-2026-28418 | 1 Vim | 1 Vim | 2026-03-03 | N/A | 4.4 MEDIUM |
| Vim is an open source, command line text editor. Prior to version 9.2.0074, a heap-based buffer overflow out-of-bounds read exists in Vim's Emacs-style tags file parsing logic. When processing a malformed tags file, Vim can be tricked into reading up to 7 bytes beyond the allocated memory boundary. Version 9.2.0074 fixes the issue. | |||||
| CVE-2022-2845 | 2 Fedoraproject, Vim | 2 Fedora, Vim | 2026-02-25 | N/A | 7.8 HIGH |
| Improper Validation of Specified Quantity in Input in GitHub repository vim/vim prior to 9.0.0218. | |||||
| CVE-2022-2598 | 2 Debian, Vim | 2 Debian Linux, Vim | 2026-02-25 | N/A | 6.5 MEDIUM |
| Out-of-bounds Write to API in GitHub repository vim/vim prior to 9.0.0100. | |||||