Lucene search
K

10 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:16 p.m.10 views

CVE-2026-42214

Notepad Next is a cross-platform, reimplementation of Notepad++. Prior to version 0.14, NotepadNext's detectLanguageFromExtension function interpolates a file's extension directly into a Lua script without sanitization. An attacker can craft a filename whose extension contains Lua code, which...

7.8CVSS5.6AI score0.00242EPSS
Exploits1References1
NVD
NVD
added 2026/05/07 7:16 p.m.28 views

CVE-2026-42214

Notepad Next is a cross-platform, reimplementation of Notepad++. Prior to version 0.14, NotepadNext's detectLanguageFromExtension function interpolates a file's extension directly into a Lua script without sanitization. An attacker can craft a filename whose extension contains Lua code, which...

7.8CVSS0.00242EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/05/07 6:14 p.m.54 views

CVE-2026-42214 Improper Control of Generation of Code ('Code Injection') in dail8859/NotepadNext

Notepad Next is a cross-platform, reimplementation of Notepad++. Prior to version 0.14, NotepadNext's detectLanguageFromExtension function interpolates a file's extension directly into a Lua script without sanitization. An attacker can craft a filename whose extension contains Lua code, which...

7.8CVSS0.00242EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/05/07 6:14 p.m.6 views

CVE-2026-42214

Notepad Next is a cross-platform, reimplementation of Notepad++. Prior to version 0.14, NotepadNext's detectLanguageFromExtension function interpolates a file's extension directly into a Lua script without sanitization. An attacker can craft a filename whose extension contains Lua code, which...

7.8CVSS5.9AI score0.00242EPSS
Exploits1References4Affected Software1
EUVD
EUVD
added 2026/05/07 6:14 p.m.11 views

EUVD-2026-28410

Notepad Next is a cross-platform, reimplementation of Notepad++. Prior to version 0.14, NotepadNext's detectLanguageFromExtension function interpolates a file's extension directly into a Lua script without sanitization. An attacker can craft a filename whose extension contains Lua code, which...

7.8CVSS5.9AI score0.00242EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/05/07 6:14 p.m.13 views

CVE-2026-42214 Improper Control of Generation of Code ('Code Injection') in dail8859/NotepadNext

Notepad Next is a cross-platform, reimplementation of Notepad++. Prior to version 0.14, NotepadNext's detectLanguageFromExtension function interpolates a file's extension directly into a Lua script without sanitization. An attacker can craft a filename whose extension contains Lua code, which...

7.8CVSS5.9AI score0.00242EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/05/07 12:0 a.m.18 views

PT-2026-38552

Name of the Vulnerable Software and Affected Versions Notepad Next versions prior to 0.14 Description The detectLanguageFromExtension function interpolates a file extension directly into a Lua script without sanitization. An attacker can craft a filename with an extension containing Lua code that...

7.8CVSS6AI score0.00242EPSS
Exploits1References11
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.10 views

Notepad Next 代码注入漏洞

Notepad Next is a notepad software developed by dail8859. Versions of Notepad Next prior to 0.14 contained a code injection vulnerability. This vulnerability stemmed from the detectLanguageFromExtension function, which directly inserted file extensions into Lua scripts without proper cleanup. Thi...

7.8CVSS6.1AI score0.00242EPSS
Exploits1References1
CNNVD
CNNVD
added 2025/06/23 12:0 a.m.6 views

Notepad Next 缓冲区错误漏洞

Notepad Next is a notepad program by dail8859 individual developer. A buffer error vulnerability exists in Notepad Next v0.11 and earlier versions, which stems from out-of-bounds writes to the ldebug.C and lvm.C files...

9.4CVSS6.6AI score0.00153EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/06/23 12:0 a.m.6 views

Notepad Next 缓冲区错误漏洞

Notepad Next is a notepad program by dail8859 individual developer. A buffer error vulnerability exists in Notepad Next v0.11 and earlier versions, which stems from an out-of-bounds read in the lparser.C file, which may result in an over-read of the heap buffer...

5.1CVSS6.8AI score0.00153EPSS
Exploits0References2
Rows per page
Query Builder