Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

ATTACKERKB
ATTACKERKBadded 2026/05/07 6:14 p.m.4 views

CVE-2026-42214

Notepad Next is a cross-platform, reimplementation of Notepad++. Prior to version 0.14, NotepadNext's detectLanguageFromExtension function interpolates a file's extension directly into a Lua script without sanitization. An attacker can craft a filename whose extension contains Lua code, which...

7.8CVSS5.9AI score0.00015EPSS
Exploits1References4Affected Software1
EUVD
EUVDadded 2026/05/07 6:14 p.m.4 views

EUVD-2026-28410

Notepad Next is a cross-platform, reimplementation of Notepad++. Prior to version 0.14, NotepadNext's detectLanguageFromExtension function interpolates a file's extension directly into a Lua script without sanitization. An attacker can craft a filename whose extension contains Lua code, which...

7.8CVSS5.9AI score0.00015EPSS
Exploits1References3
Cvelist
Cvelistadded 2026/05/07 6:14 p.m.25 views

CVE-2026-42214 Improper Control of Generation of Code ('Code Injection') in dail8859/NotepadNext

Notepad Next is a cross-platform, reimplementation of Notepad++. Prior to version 0.14, NotepadNext's detectLanguageFromExtension function interpolates a file's extension directly into a Lua script without sanitization. An attacker can craft a filename whose extension contains Lua code, which...

7.8CVSS0.00015EPSS
Exploits1References3
Cvelist
Cvelistadded 2026/02/17 2:29 p.m.27 views

CVE-2026-22208 OpenS100 Portrayal Engine Unrestricted Lua Standard Library Access

OpenS100 the reference implementation S-100 viewer prior to commit 753cf29 contains a remote code execution vulnerability via an unrestricted Lua interpreter. The Portrayal Engine initializes Lua using luaLopenlibs without sandboxing or capability restrictions, exposing standard libraries such as...

9.6CVSS0.00231EPSS
Exploits0References3
ATTACKERKB
ATTACKERKBadded 2026/02/17 2:29 p.m.2 views

CVE-2026-22208

OpenS100 the reference implementation S-100 viewer prior to commit 753cf29 contains a remote code execution vulnerability via an unrestricted Lua interpreter. The Portrayal Engine initializes Lua using luaLopenlibs without sandboxing or capability restrictions, exposing standard libraries such as...

9.6CVSS6.6AI score0.00231EPSS
Exploits0References4
CVE
CVEadded 2026/02/17 2:29 p.m.9 views

CVE-2026-22208

OpenS100 (reference S-100 viewer) before commit 753cf29 is vulnerable to remote code execution via an unrestricted Lua interpreter. The Portrayal Engine calls luaL_openlibs() without sandboxing, exposing standard libraries such as os and io to untrusted portrayal catalogues. An attacker can suppl...

9.6CVSS6.6AI score0.00231EPSS
Exploits0References3
Vulnrichment
Vulnrichmentadded 2026/02/17 2:29 p.m.4 views

CVE-2026-22208 OpenS100 Portrayal Engine Unrestricted Lua Standard Library Access

OpenS100 the reference implementation S-100 viewer prior to commit 753cf29 contains a remote code execution vulnerability via an unrestricted Lua interpreter. The Portrayal Engine initializes Lua using luaLopenlibs without sandboxing or capability restrictions, exposing standard libraries such as...

9.6CVSS6.6AI score0.00231EPSS
Exploits0References3
Rows per page
Query Builder