9 matches found
CVE-2026-42214
Notepad Next is a cross-platform, reimplementation of Notepad++. Prior to version 0.14, NotepadNext's detectLanguageFromExtension function interpolates a file's extension directly into a Lua script without sanitization. An attacker can craft a filename whose extension contains Lua code, which...
CVE-2026-42214
Notepad Next is a cross-platform, reimplementation of Notepad++. Prior to version 0.14, NotepadNext's detectLanguageFromExtension function interpolates a file's extension directly into a Lua script without sanitization. An attacker can craft a filename whose extension contains Lua code, which...
EUVD-2026-28410
Notepad Next is a cross-platform, reimplementation of Notepad++. Prior to version 0.14, NotepadNext's detectLanguageFromExtension function interpolates a file's extension directly into a Lua script without sanitization. An attacker can craft a filename whose extension contains Lua code, which...
CVE-2026-42214 Improper Control of Generation of Code ('Code Injection') in dail8859/NotepadNext
Notepad Next is a cross-platform, reimplementation of Notepad++. Prior to version 0.14, NotepadNext's detectLanguageFromExtension function interpolates a file's extension directly into a Lua script without sanitization. An attacker can craft a filename whose extension contains Lua code, which...
CVE-2026-42214 Improper Control of Generation of Code ('Code Injection') in dail8859/NotepadNext
Notepad Next is a cross-platform, reimplementation of Notepad++. Prior to version 0.14, NotepadNext's detectLanguageFromExtension function interpolates a file's extension directly into a Lua script without sanitization. An attacker can craft a filename whose extension contains Lua code, which...
Notepad Next 代码注入漏洞
Notepad Next is a notepad software developed by dail8859. Versions of Notepad Next prior to 0.14 contained a code injection vulnerability. This vulnerability stemmed from the detectLanguageFromExtension function, which directly inserted file extensions into Lua scripts without proper cleanup. Thi...
PT-2026-38552
Name of the Vulnerable Software and Affected Versions Notepad Next versions prior to 0.14 Description The detectLanguageFromExtension function interpolates a file extension directly into a Lua script without sanitization. An attacker can craft a filename with an extension containing Lua code that...
Notepad Next 缓冲区错误漏洞
Notepad Next is a notepad program by dail8859 individual developer. A buffer error vulnerability exists in Notepad Next v0.11 and earlier versions, which stems from out-of-bounds writes to the ldebug.C and lvm.C files...
Notepad Next 缓冲区错误漏洞
Notepad Next is a notepad program by dail8859 individual developer. A buffer error vulnerability exists in Notepad Next v0.11 and earlier versions, which stems from an out-of-bounds read in the lparser.C file, which may result in an over-read of the heap buffer...