569 matches found
Notepad++ <= 8.9.3 Stack-based Buffer Overflow (CVE-2026-5525)
The version of Notepad++ installed on the remote host is 8.9.3 or earlier. It is, therefore, affected by a stack-based buffer overflow vulnerability: - A stack-based buffer overflow exists in the file drop handler component WMDROPFILES. When a user drags and drops a directory path of exactly 259...
EUVD-2026-21334
A stack-based buffer overflow vulnerability exists in Notepad++ version 8.9.3 in the file drop handler component. When a user drags and drops a directory path of exactly 259 characters without a trailing backslash, the application appends a backslash and null terminator without proper bounds...
CVE-2026-5525
A stack-based buffer overflow vulnerability exists in Notepad++ version 8.9.3 in the file drop handler component. When a user drags and drops a directory path of exactly 259 characters without a trailing backslash, the application appends a backslash and null terminator without proper bounds...
CVE-2026-5525
Notepad++ v8.9.3 contains a stack-based buffer overflow in the file drop handler. Dropping a directory path exactly 259 characters long without a trailing backslash causes the program to append a backslash and null terminator without proper bounds checking, leading to a stack buffer overflow and ...
CVE-2026-5525 Stack-Based Buffer Overflow in Notepad++ File Drop Handler leads to DoS
A stack-based buffer overflow vulnerability exists in Notepad++ version 8.9.3 in the file drop handler component. When a user drags and drops a directory path of exactly 259 characters without a trailing backslash, the application appends a backslash and null terminator without proper bounds...
CVE-2026-5525 Stack-Based Buffer Overflow in Notepad++ File Drop Handler leads to DoS
A stack-based buffer overflow vulnerability exists in Notepad++ version 8.9.3 in the file drop handler component. When a user drags and drops a directory path of exactly 259 characters without a trailing backslash, the application appends a backslash and null terminator without proper bounds...
CVE-2026-5525
A stack-based buffer overflow vulnerability exists in Notepad++ version 8.9.3 in the file drop handler component. When a user drags and drops a directory path of exactly 259 characters without a trailing backslash, the application appends a backslash and null terminator without proper bounds...
PT-2026-31894
Name of the Vulnerable Software and Affected Versions Notepad++ version 8.9.3 Description A stack-based buffer overflow exists in the file drop handler component. When a user drags and drops a directory path of exactly 259 characters without a trailing backslash, the application appends a backsla...
Notepad++ 安全漏洞
Notepad++ is an open-source plain-text editor developed by Don Ho of Taiwan, China. Version 8.9.3 of Notepad++ contains a security vulnerability. This vulnerability arises from the file drag-and-drop processing component, which may add slashes and empty terminators when users drag a directory pat...
Notepad++ < 8.9.3 libcurl TLS CA Store Caching (CVE-2025-14819)
The version of Notepad++ installed on the remote host is prior to 8.9.3. It is, therefore, affected by a vulnerability: - A flaw exists in the bundled libcurl library used by WinGUp, the Notepad++ updater. When doing TLS related transfers with reused easy or multi handles and altering the...
CVE-2026-34401
XML Notepad is a Windows program that provides a simple intuitive User Interface for browsing and editing XML documents. Prior to version 2.9.0.21, XML Notepad does not disable DTD processing by default which means external entities are resolved automatically. There is a well known attack related...
CVE-2026-34401
XML Notepad is a Windows program that provides a simple intuitive User Interface for browsing and editing XML documents. Prior to version 2.9.0.21, XML Notepad does not disable DTD processing by default which means external entities are resolved automatically. There is a well known attack related...
CVE-2026-34401 XML Notepad: XML External Entity (XXE) Injection via Unsafe XmlTextReader in XML Diff and Schema Loading
XML Notepad is a Windows program that provides a simple intuitive User Interface for browsing and editing XML documents. Prior to version 2.9.0.21, XML Notepad does not disable DTD processing by default which means external entities are resolved automatically. There is a well known attack related...
EUVD-2026-17666
XML Notepad is a Windows program that provides a simple intuitive User Interface for browsing and editing XML documents. Prior to version 2.9.0.21, XML Notepad does not disable DTD processing by default which means external entities are resolved automatically. There is a well known attack related...
CVE-2026-34401 XML Notepad: XML External Entity (XXE) Injection via Unsafe XmlTextReader in XML Diff and Schema Loading
XML Notepad is a Windows program that provides a simple intuitive User Interface for browsing and editing XML documents. Prior to version 2.9.0.21, XML Notepad does not disable DTD processing by default which means external entities are resolved automatically. There is a well known attack related...
CVE-2026-34401
XML Notepad is a Windows program that provides a simple intuitive User Interface for browsing and editing XML documents. Prior to version 2.9.0.21, XML Notepad does not disable DTD processing by default which means external entities are resolved automatically. There is a well known attack related...
CVE-2026-34401 XML Notepad: XML External Entity (XXE) Injection via Unsafe XmlTextReader in XML Diff and Schema Loading
XML Notepad is a Windows program that provides a simple intuitive User Interface for browsing and editing XML documents. Prior to version 2.9.0.21, XML Notepad does not disable DTD processing by default which means external entities are resolved automatically. There is a well known attack related...
CVE-2026-34401
XML Notepad is affected by an XXE flaw in which DTD processing was not disabled by default prior to version 2.9.0.21, allowing external entities to be resolved. The issue could cause the application to make outbound HTTP/SMB requests and potentially leak local file contents or NTLM credentials. T...
PT-2026-29357
Name of the Vulnerable Software and Affected Versions XML Notepad versions prior to 2.9.0.21 Description XML Notepad, a Windows program for editing XML documents, does not disable DTD processing by default before version 2.9.0.21. This allows for the resolution of external entities. An attacker c...
CVE-2026-4744
Out-of-bounds Read vulnerability in rizonesoft Notepad3 scintilla/oniguruma/src modules. This vulnerability is associated with program files regcomp.C. This issue affects Notepad3: before 6.25.714.1...