330 matches found
CVE-2026-6539
Notepad++ 8.9.3 contains a format string injection vulnerability in the Find Results panel handler that allows attackers to cause denial of service and information disclosure by crafting a malicious nativeLang.xml language pack file. Attackers can distribute a poisoned language pack through...
CVE-2026-6539 Notepad++ 8.9.3 Format String Injection via nativeLang.xml
Notepad++ 8.9.3 contains a format string injection vulnerability in the Find Results panel handler that allows attackers to cause denial of service and information disclosure by crafting a malicious nativeLang.xml language pack file. Attackers can distribute a poisoned language pack through...
Notepad++ 格式化字符串错误漏洞
Notepad++ is an open-source plain-text editor developed by Don Ho of Taiwan, China. Version 8.9.3 of Notepad++ has a vulnerability related to format strings. This vulnerability stems from format string injection in the Find Results panel’s processing logic, which may lead to denial-of-service...
PT-2026-36185
Name of the Vulnerable Software and Affected Versions Notepad++ version 8.9.3 Description A format string injection exists in the Find Results panel handler. This occurs when the application processes a maliciously crafted nativeLang.xml language pack file. An attacker can distribute a poisoned...
CVE-2026-3008
Successful exploitation of the string injection vulnerability could allow an attacker to obtain memory address information or crash the application...
CVE-2026-3008 Vulnerability in Notepad++
Successful exploitation of the string injection vulnerability could allow an attacker to obtain memory address information or crash the application...
CVE-2026-3008
Successful exploitation of the string injection vulnerability could allow an attacker to obtain memory address information or crash the application...
CVE-2026-3008 Vulnerability in Notepad++
Successful exploitation of the string injection vulnerability could allow an attacker to obtain memory address information or crash the application...
EUVD-2026-25775
Successful exploitation of the string injection vulnerability could allow an attacker to obtain memory address information or crash the application...
CVE-2026-3008
CVE-2026-3008 is a Notepad++ string-injection vulnerability in the Find Results flow. A vulnerability in sub_1400916C0 formats the Find Results count label using a localized string from nativeLang.xml as the wsprintfW format string, with no validation of the string flow. This can cause a crash (D...
PT-2026-35357
Name of the Vulnerable Software and Affected Versions Notepad++ versions prior to 8.9.4 Description A string injection issue exists in the FindInFiles function of the text editor, stemming from flaws in the formatting string processing mechanism. Successful exploitation could allow an attacker to...
Notepad++ 格式化字符串错误漏洞
Notepad++ is an open-source plain-text editor developed by Don Ho of Taiwan, China. Notepad++ has a vulnerability related to formatted string handling, which stems from string injection issues. This vulnerability may allow attackers to obtain memory address information or cause the application to...
Exploit for CVE-2026-3008
CVE-2026-3008 — Notepad++ 8.9.3 Format String Injection via na...
CVE-2026-34400 alerta-server has potential SQL Injection vulnerability in Query String Syntax (q=) API
Alerta is a monitoring tool. Prior to version 9.1.0, the Query string search API q= was vulnerable to SQL injection via the Postgres query parser, which built WHERE clauses by interpolating user-supplied search terms directly into SQL strings via f-strings. This issue has been patched in version...
Fedora 44 : rubygem-json (2026-3a7663d43d)
The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-3a7663d43d advisory. New version 2.19.2 is released. This fixes a format string injection vulnerability in JSON.parse, which is now assigned as CVE-2026-33210 Tenable has extract...
Fedora: Security Advisory (FEDORA-2026-8c07fcde49)
The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora 43 : rubygem-json (2026-8c07fcde49)
The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-8c07fcde49 advisory. This new updates backports a fix for a format string injection vulnerability in JSON.parse, which is now assigned as CVE-2026-33210 Tenable has extracted the...
CVE-2026-33210
A flaw was found in Ruby JSON. This vulnerability, a format string injection, allows a remote attacker to cause a denial of service DoS or disclose sensitive information. The flaw occurs when processing specially crafted user-supplied documents with the allowduplicatekey: false parsing option...
Format String Injection
Ruby JSON is vulnerable to Format String Injection. The vulnerability is due to a format string injection vulnerability, where the allowduplicatekey: false parsing option is used to parse user supplied documents and can lead to denial of service attacks or information disclosure...
CVE-2026-33210
Ruby JSON is a JSON implementation for Ruby. From version 2.14.0 to before versions 2.15.2.1, 2.17.1.2, and 2.19.2, a format string injection vulnerability can lead to denial of service attacks or information disclosure, when the allowduplicatekey: false parsing option is used to parse user...