vim (SUSE:Linux Enterprise High Performance Computing 15 SP4-ESPOS) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the SUSE:Linux Enterprise High Performance Computing 15 SP4-ESPOS package vim, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (28)
CVE-2026-34714 — CVSS 9.2 (critical): Vim before 9.2.0272 allows code execution that happens immediately upon opening a crafted file in the default configuration, because…
CVE-2026-34982 — CVSS 8.2 (high): Vim is an open source, command line text editor. Prior to version 9.2.0276, a modeline sandbox bypass in Vim allows arbitrary OS command…
CVE-2024-22667 — CVSS 7.8 (high): Vim before 9.0.2142 has a stack-based buffer overflow because did_set_langmap in map.c calls sprintf to write to the error buffer that is…
CVE-2026-45130 — CVSS 6.6 (medium): Vim is an open source, command line text editor. Prior to version 9.2.0450, a heap buffer overflow exists in read_compound() in…
CVE-2026-33412 — CVSS 5.6 (medium): Vim is an open source, command line text editor. Prior to version 9.2.0202, a command injection vulnerability exists in Vim's glob()…
CVE-2026-26269 — CVSS 5.4 (medium): Vim is an open source, command line text editor. Prior to 9.1.2148, a stack buffer overflow vulnerability exists in Vim's NetBeans…
CVE-2026-28421 — CVSS 5.3 (medium): Vim is an open source, command line text editor. Versions prior to 9.2.0077 have a heap-buffer-overflow and a segmentation fault (SEGV)…
CVE-2026-44656 — CVSS 5.3 (medium): Vim is an open source, command line text editor. Prior to version 9.2.0435, an OS command injection vulnerability exists in Vim's :find…
CVE-2026-28419 — CVSS 5.3 (medium): Vim is an open source, command line text editor. Prior to version 9.2.0075, a heap-based buffer underflow exists in Vim's Emacs-style tags…
CVE-2026-39881 — CVSS 5.0 (medium): Vim is an open source, command line text editor. Prior to 9.2.0316, a command injection vulnerability in Vim's netbeans interface allows a…
CVE-2026-28417 — CVSS 4.4 (medium): Vim is an open source, command line text editor. Prior to version 9.2.0073, an OS command injection vulnerability exists in the `netrw`…
CVE-2025-29768 — CVSS 4.4 (medium): Vim, a text editor, is vulnerable to potential data loss with zip.vim and special crafted zip files in versions prior to 9.1.1198. The…
CVE-2026-28418 — CVSS 4.4 (medium): Vim is an open source, command line text editor. Prior to version 9.2.0074, a heap-based buffer overflow out-of-bounds read exists in Vim's…
CVE-2026-28420 — CVSS 4.4 (medium): Vim is an open source, command line text editor. Prior to version 9.2.0076, a heap-based buffer overflow WRITE and an out-of-bounds READ…
CVE-2026-42307 — CVSS 4.4 (medium): Vim is an open source, command line text editor. Prior to version 9.2.0383, an OS command injection vulnerability exists in the netrw…
CVE-2024-41965 — CVSS 4.2 (medium): Vim is an open source command line text editor. double-free in dialog_changed() in Vim < v9.1.0648. When abandoning a buffer, Vim may ask…
CVE-2025-53906 — CVSS 4.1 (medium): Vim is an open source, command line text editor. Prior to version 9.1.1551, a path traversal issue in Vim’s zip.vim plugin can allow…
CVE-2023-48231 — CVSS 3.9 (low): Vim is an open source command line text editor. When closing a window, vim may try to access already freed window structure. Exploitation…
CVE-2023-48232 — CVSS 3.9 (low): Vim is an open source command line text editor. A floating point exception may occur when calculating the line offset for overlong lines…
CVE-2023-48706 — CVSS 3.6 (low): Vim is a UNIX editor that, prior to version 9.0.2121, has a heap-use-after-free vulnerability. When executing a `:s` command for the very…
CVE-2026-46483 — CVSS 3.6 (low): Vim is an open source, command line text editor. Prior to 9.2.0479, a command injection vulnerability exists in tar#Vimuntar() in…
CVE-2023-48234 — CVSS 2.8 (low): Vim is an open source command line text editor. When getting the count for a normal mode z command, it may overflow for large counts given…
CVE-2023-48233 — CVSS 2.8 (low): Vim is an open source command line text editor. If the count after the :s command is larger than what fits into a (signed) long variable…
CVE-2023-48237 — CVSS 2.8 (low): Vim is an open source command line text editor. In affected versions when shifting lines in operator pending mode and using a very large…
CVE-2023-48236 — CVSS 2.8 (low): Vim is an open source command line text editor. When using the z= command, the user may overflow the count with values larger than MAX_INT…
CVE-2023-48235 — CVSS 2.8 (low): Vim is an open source command line text editor. When parsing relative ex addresses one may unintentionally cause an overflow. Ironically…
CVE-2026-28422 — CVSS 2.2 (low): Vim is an open source, command line text editor. Prior to version 9.2.0078, a stack-buffer-overflow occurs in `build_stl_str_hl()` when…