Lucene search
+L

622 matches found

NVD
NVD
added 2026/02/19 12:16 a.m.11 views

CVE-2026-25926

Notepad++ is a free and open-source source code editor. An Unsafe Search Path vulnerability CWE-426 exists in versions prior to 8.9.2 when launching Windows Explorer without an absolute executable path. This may allow execution of a malicious explorer.exe if an attacker can control the process...

7.3CVSS0.00248EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/02/19 12:0 a.m.12 views

Notepad++ 代码问题漏洞

Notepad++ is an open-source plain-text editor developed by Don Ho of Taiwan, China. Versions of Notepad++ prior to 8.9.2 had a code vulnerability; this vulnerability stemmed from the use of an absolute executable path when launching the Windows Explorer, which could lead to arbitrary code executi...

7.3CVSS7.7AI score0.00248EPSS
Exploits1References4
OSV
OSV
added 2026/02/18 11:7 p.m.12 views

CVE-2026-25926 Notepad++ has an Untrusted Search Path

Notepad++ is a free and open-source source code editor. An Unsafe Search Path vulnerability CWE-426 exists in versions prior to 8.9.2 when launching Windows Explorer without an absolute executable path. This may allow execution of a malicious explorer.exe if an attacker can control the process...

7.3CVSS6.5AI score0.00248EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2026/02/18 11:7 p.m.7 views

CVE-2026-25926 Notepad++ has an Untrusted Search Path

Notepad++ is a free and open-source source code editor. An Unsafe Search Path vulnerability CWE-426 exists in versions prior to 8.9.2 when launching Windows Explorer without an absolute executable path. This may allow execution of a malicious explorer.exe if an attacker can control the process...

7.3CVSS6.5AI score0.00248EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/02/18 11:7 p.m.46 views

CVE-2026-25926 Notepad++ has an Untrusted Search Path

Notepad++ is a free and open-source source code editor. An Unsafe Search Path vulnerability CWE-426 exists in versions prior to 8.9.2 when launching Windows Explorer without an absolute executable path. This may allow execution of a malicious explorer.exe if an attacker can control the process...

7.3CVSS0.00248EPSS
Exploits1References3
CVE
CVE
added 2026/02/18 11:7 p.m.59 views

CVE-2026-25926

CVE-2026-25926 (Notepad++) is an Unsafe Search Path vulnerability (CWE-426) affecting Notepad++ versions prior to 8.9.2. The issue arises when launching explorer.exe without an absolute path, allowing an attacker who controls the process working directory to execute a malicious explorer.exe, pote...

7.3CVSS6.7AI score0.00248EPSS
Exploits1References3Affected Software1
The Hacker News
The Hacker News
added 2026/02/18 7:40 a.m.25 views

Notepad++ Fixes Hijacked Update Mechanism Used to Deliver Targeted Malware

Notepad++ has released a security fix to plug gaps that were exploited by an advanced threat actor from China to hijack the software update mechanism to selectively deliver malware to targets of interest. The version 8.9.2 update incorporates what maintainer Don Ho calls a "double lock" design th...

7.7CVSS7.1AI score0.01268EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2026/02/16 12:0 a.m.14 views

PT-2026-20553

Name of the Vulnerable Software and Affected Versions Notepad++ versions prior to 8.9.2 Description Notepad++ is a free and open-source source code editor. An Unsafe Search Path issue CWE-426 exists when launching Windows Explorer without an absolute executable path. This could allow execution of...

7.3CVSS6.6AI score0.00248EPSS
Exploits1References14
Positive Technologies
Positive Technologies
added 2026/02/13 12:0 a.m.14 views

PT-2026-8028

Name of the Vulnerable Software and Affected Versions Windows Notepad versions prior to 11.x patch Description A remote code execution issue exists in the modern Windows 11 Notepad application distributed through the Microsoft Store. A malicious Markdown .md file can trigger command injection,...

6.5AI score
Exploits0References2
GithubExploit
GithubExploit
added 2026/02/12 3:29 p.m.162 views

Exploit for CVE-2026-20841

CVE-2026-20841 - Windows Notepad RCE PoC for a remote code ex...

8.8CVSS6.6AI score0.1165EPSS
Exploits9
The Hacker News
The Hacker News
added 2026/02/12 11:51 a.m.18 views

ThreatsDay Bulletin: AI Prompt RCE, Claude 0-Click, RenEngine Loader, Auto 0-Days & 25+ Stories

Threat activity this week shows one consistent signal — attackers are leaning harder on what already works. Instead of flashy new exploits, many operations are built around quiet misuse of trusted tools, familiar workflows, and overlooked exposures that sit in plain sight. Another shift is how...

9.8CVSS10AI score0.98871EPSS
Exploits71
GithubExploit
GithubExploit
added 2026/02/12 11:0 a.m.319 views

Exploit for CVE-2026-20841

CVE-2026-20841 - Windows Notepad RCE PoC for a remote code ex...

8.8CVSS6.8AI score0.1165EPSS
Exploits9
GithubExploit
GithubExploit
added 2026/02/12 6:4 a.m.233 views

Exploit for CVE-2026-20841

Purpose The purpose of this work is to investigate the RCE vul...

8.8CVSS6AI score0.1165EPSS
Exploits9
GithubExploit
GithubExploit
added 2026/02/12 3:58 a.m.230 views

Exploit for CVE-2026-20841

CVE-2026-20841 This content corresponds to a part of what is...

8.8CVSS6.4AI score0.1165EPSS
Exploits9
CISA KEV Catalog
CISA KEV Catalog
added 2026/02/12 12:0 a.m.13 views

Notepad++ Download of Code Without Integrity Check Vulnerability

Notepad++ when using the WinGUp updater, contains a download of code without integrity check vulnerability that could allow an attacker to intercept or redirect update traffic to download and execute an attacker-controlled installer. This could lead to arbitrary code execution with the privileges...

7.7CVSS6.4AI score0.01268EPSS
In wildExploits0
RedhatCVE
RedhatCVE
added 2026/02/11 7:44 p.m.5 views

CVE-2026-20841

Improper neutralization of special elements used in a command 'command injection' in Windows Notepad App allows an unauthorized attacker to execute code locally...

7.8CVSS6.1AI score0.1165EPSS
Exploits9References1
GithubExploit
GithubExploit
added 2026/02/11 2:55 p.m.177 views

Exploit for CVE-2026-20841

CVE-2026-20841 PoC PoC of the "Windows Notepad RCE" vulnerabi...

8.8CVSS6.2AI score0.1165EPSS
Exploits9
GithubExploit
GithubExploit
added 2026/02/11 12:14 p.m.179 views

Exploit for CVE-2026-20841

The accuracy of this PoC trigger method has not been verified,...

8.8CVSS5.4AI score0.1165EPSS
Exploits9
Tenable Nessus
Tenable Nessus
added 2026/02/11 12:0 a.m.44 views

Microsoft Windows Notepad < 11.2510 Command Injection (February 2026)

The Windows 'Microsoft Windows Notepad' app installed on the remote host is prior to version 11.2510. It is, therefore, affected by a command injection vulnerability: - Improper neutralization of special elements used in a command allows an unauthorized attacker to execute code over a network...

7.8CVSS6.3AI score0.1165EPSS
Exploits9References2
OSV
OSV
added 2026/02/10 6:16 p.m.2 views

CVE-2026-20841

Improper neutralization of special elements used in a command 'command injection' in Windows Notepad App allows an unauthorized attacker to execute code locally...

7.8CVSS5.9AI score0.1165EPSS
Exploits9References2
Rows per page
Query Builder