vim 厂商漏洞列表 / CVE 中文分析 203

vim 厂商相关 203 条 CVE 漏洞，含 AI 中文分析、POC、CVSS 评分与受影响产品。

Vim 是一款广泛使用的开源文本编辑器，核心用途为高效代码编写与文件处理。其历史漏洞多集中于缓冲区溢出及命令注入，部分严重缺陷可导致远程代码执行。尽管作为本地工具风险相对可控，但解析恶意构造文件时仍可能触发崩溃或任意代码执行。鉴于已收录两百余条 CVE，用户需保持版本更新，并警惕来自不可信来源的配置文件或脚本，以防范潜在的安全威胁。

上位製品 vim: vim/vim vim

CVE ID	タイトル	CVSS	深刻度	公開日
CVE-2026-45130	Vim: Heap Buffer Overflow in spell file loading — vimCWE-122	6.6	Medium	2026-05-08
CVE-2026-44656	Vim: OS Command Injection via 'path' completion — vimCWE-78	-	-	2026-05-08
CVE-2026-42307	Vim: OS Command Injection in netrw — vimCWE-78	4.4	Medium	2026-05-08
CVE-2026-41411	Vim: Command injection via backtick expansion in tag filenames — vimCWE-78	6.6	Medium	2026-04-24
CVE-2026-39881	Vim Ex command injection in Vims NetBeans integration — vimCWE-94	5.0	Medium	2026-04-08
CVE-2026-35177	Path traversal issue with zip.vim in Vim — vimCWE-22	4.1	Medium	2026-04-06
CVE-2026-34982	Vim modeline bypass via various options affects Vim < 9.2.0276 — vimCWE-78	8.2	High	2026-04-06
CVE-2026-34714	Vim 操作系统命令注入漏洞 — VimCWE-78	9.2	Critical	2026-03-30
CVE-2026-33412	Vim affected by Command injection via newline in glob() — vimCWE-78	5.6	Medium	2026-03-24
CVE-2026-32249	NFA regex engine NULL pointer dereference affects Vim < 9.2.0137 — vimCWE-476	5.3	Medium	2026-03-12
CVE-2026-28422	Vim has stack-buffer-overflow in build_stl_str_hl() — vimCWE-121	2.2	Low	2026-02-27
CVE-2026-28421	Vim has a heap-buffer-overflow and a segmentation fault — vimCWE-20	5.3	Medium	2026-02-27
CVE-2026-28420	Vim has Heap-based Buffer Overflow and OOB Read in :terminal — vimCWE-122	4.4	Medium	2026-02-27
CVE-2026-28419	Vim has Heap-based Buffer Underflow in Emacs tags parsing — vimCWE-124	5.3	Medium	2026-02-27
CVE-2026-28418	Vim has Heap-based Buffer Overflow in Emacs tags parsing — vimCWE-122	4.4	Medium	2026-02-27
CVE-2026-28417	Vim has OS Command Injection in netrw — vimCWE-86	4.4	Medium	2026-02-27
CVE-2026-26269	Vim has a Netbeans specialKeys Stack Buffer Overflow — vimCWE-121	5.4	Medium	2026-02-13
CVE-2026-25749	Heap Overflow in Vim — vimCWE-122	6.6	Medium	2026-02-06
CVE-2025-66476	Vim for Windows Uncontrolled Search Path Element Remote Code Execution Vulnerability — vimCWE-427	7.8	High	2025-12-02
CVE-2025-55157	Vim heap use-after-free vulnerability when processing recursive tuple data types — vimCWE-416	8.8^AI	High^AI	2025-08-11
CVE-2025-55158	Vim double-free vulnerability during Vim9 script import operations — vimCWE-415	7.8^AI	High^AI	2025-08-11
CVE-2025-53906	Vim has path traversal issue with zip.vim and special crafted zip archives — vimCWE-22	4.1	Medium	2025-07-15
CVE-2025-53905	Vim has path traversial issue with tar.vim and special crafted tar files — vimCWE-22	4.1	Medium	2025-07-15
CVE-2025-29768	Vim vulnerable to potential data loss with zip.vim and special crafted zip files — vimCWE-88	4.4	Medium	2025-03-13
CVE-2025-27423	Improper Input Validation in Vim — vimCWE-77	7.1	High	2025-03-03
CVE-2025-26603	heap-use-after-free in function str_to_reg in vim/vim — vimCWE-416	4.2	Medium	2025-02-18
CVE-2025-24014	segmentation fault in win_line() in Vim < 9.1.1043 — vimCWE-787	4.2	Medium	2025-01-20
CVE-2025-22134	heap-buffer-overflow with visual mode in Vim < 9.1.1003 — vimCWE-122	4.2	Medium	2025-01-13
CVE-2024-47814	use-after-free when closing buffers in Vim — vimCWE-416	3.9	Low	2024-10-07
CVE-2024-45306	heap-buffer-overflow in Vim — vimCWE-122	4.5	Medium	2024-09-02

本页汇总了 vim 厂商截至目前公开的全部 203 条 CVE 漏洞。每条漏洞均包含 CVSS 评分、CWE 弱点分类、受影响产品与参考链接，并附带 AI 生成的中文分析以便快速判断风险。

目標達成 すべての支援者に感謝 — 100%達成しました！

vim 厂商漏洞列表 / CVE 中文分析 203

目標達成すべての支援者に感謝 — 100%達成しました！