These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.
CVE-2026-52860 is a high-severity vulnerability in Vim's Python omni-completion feature. Prior to version 9.2.0597, Vim's Python omni-completion executes reconstructed function and class definitions from the current buffer with exec() as part of populating the completion dictionary. This allows a hostile buffer to execute attacker-controlled Python expressions during omni-completion. The existing g:python [truncated]
CVE-2026-52859 is a MEDIUM severity vulnerability in Vim, a command-line text editor. The vulnerability exists in the update_snapshot() function, which can lead to a crash when a program's output is rendered inside a :terminal window. This issue has been patched in version 9.2.0565.
CVE-2026-52858 is a high-severity vulnerability in Vim's Python omni-completion script. The vulnerability exists in python3complete.vim for Vim with the +python3 interpreter enabled and in pythoncomplete.vim for builds with the +python interpreter. When a user opens a hostile .py file with a sibling Python package and invokes omni-completion, it runs that package's top-level code as the editing user. This [truncated]
A code injection vulnerability exists in s:stepmatch() in the cucumber filetype plugin (runtime/ftplugin/cucumber.vim) on Vim builds with +ruby support. Prior to version 9.2.0496, step-definition patterns read from .rb files under the repository's features/*/ or stories/*/ directories are embedded into a Ruby Kernel.eval argument without sufficient escaping. This allows a crafted pattern in an attacker-co [truncated]
A code injection vulnerability exists in Vim's Netrw plugin, specifically in the `s:NetrwBookHistSave()` function. This function is used to save the history of browsed directories to the `~/.vim/.netrwhist` file. The vulnerability occurs when directory names are not properly escaped, allowing an attacker to inject arbitrary Vimscript code, including shell commands, by manipulating the directory name.
A command injection vulnerability exists in Vim's tar plugin (tar#Vimuntar() in runtime/autoload/tar.vim) prior to version 9.2.0479. When decompressing .tgz archives on Unix-like systems, the function constructs :!gunzip and :!gzip -d commands using shellescape(tartail) without the {special} flag. This omission allows crafted archive filenames containing Vim cmdline-special characters to trigger expansion [truncated]
A heap buffer overflow vulnerability exists in Vim prior to version 9.2.0450, specifically in the `read_compound()` function within `src/spellfile.c`. The flaw occurs when loading a crafted spell file (.spl) with UTF-8 encoding active. An attacker-controlled length field in the spell file's compound section can overflow a 32-bit signed integer multiplication, resulting in a small buffer allocation that is [truncated]
A heap buffer overflow vulnerability exists in Vim's tag file resolution logic when processing the 'helpfile' option. The flaw is located in the get_tagfname() function in src/tag.c, where a user-controlled 'helpfile' option value is copied into a fixed-size heap buffer of MAXPATHL + 1 bytes (typically 4097 bytes) using an unsafe STRCPY() operation without bounds checking. This vulnerability affects Vim v [truncated]
CVE-2017-6350 is a critical Vim vulnerability affecting versions through 8.0.0377. According to NVD and the vendor-linked patch reference, an integer overflow in unserialize_uep can occur when Vim fails to validate tree length values while reading a corrupted undo file, which may lead to buffer overflows. The vulnerability was publicly recorded on 2017-02-27, and the NVD entry was later modified on 2026-0 [truncated]
CVE-2017-6349 is a critical Vim flaw in undo-file handling. A corrupted undo file can trigger an integer overflow during memory allocation in u_read_undo if tree-length values are not validated, which can lead to buffer overflows. The issue was published on 2017-02-27 and is fixed by the upstream patch referenced in the source corpus.
CVE-2017-5953 is a critical memory-corruption issue in Vim's spell-file handling. According to the NVD record and vendor references, Vim did not properly validate tree-length values, which could trigger an integer overflow at a memory-allocation site and then a resulting buffer overflow. The issue was publicly disclosed on 2017-02-10 and is rated CVSS 3.0 9.8 (network, low complexity, no privileges, no us [truncated]