609 matches found
CVE-2026-25866 MobaXterm < 26.1 Notepad++ Unquoted Service Path
MobaXterm versions prior to 26.1 contain an uncontrolled search path element vulnerability. The application calls WinExec to execute Notepad++ without a fully qualified executable path when opening remote files. An attacker can exploit the search path behavior by placing a malicious executable...
CVE-2026-25866 MobaXterm < 26.1 Notepad++ Unquoted Service Path
MobaXterm versions prior to 26.1 contain an uncontrolled search path element vulnerability. The application calls WinExec to execute Notepad++ without a fully qualified executable path when opening remote files. An attacker can exploit the search path behavior by placing a malicious executable...
CVE-2026-25866
MobaXterm versions prior to 26.1 are affected by an Unquoted Search Path vulnerability. The app uses WinExec to launch Notepad++ without a fully qualified executable path when opening remote files. An attacker can place a malicious executable earlier in the search order, leading to arbitrary code...
PT-2026-24077
Name of the Vulnerable Software and Affected Versions MobaXterm versions prior to 26.1 Description The software contains an uncontrolled search path element issue. The application uses WinExec to launch Notepad++ without specifying the complete path to the executable when opening files from remot...
Microsoft Windows Notepad Command Injection Vulnerability
Microsoft Windows Notepad is a text editor program from Microsoft USA. A command injection vulnerability exists in Microsoft Windows Notepad. The vulnerability stems from the application failing to properly filter constructed command special characters, commands, etc. An attacker could exploit th...
📄 Windows Notepad Markdown Link Code Execution
The Windows Notepad App Microsoft Store version fails to properly validate protocol handlers in markdown links. When a user Ctrl+Click on a crafted link in a .md file, Notepad passes the raw URI to ShellExecuteExW without sufficient filtering. This allows execution of arbitrary binaries in two...
CVE-2026-25926
Notepad++ is a free and open-source source code editor. An Unsafe Search Path vulnerability CWE-426 exists in versions prior to 8.9.2 when launching Windows Explorer without an absolute executable path. This may allow execution of a malicious explorer.exe if an attacker can control the process...
Notepad++ < 8.9.2 Unsafe Search Path (GHSA-rjvm-fcxw-2jxq)
The version of Notepad++ installed on the remote host is prior to 8.9.2. It is, therefore, affected by a vulnerability: - An Unsafe Search Path vulnerability CWE-426 exists when launching Windows Explorer without an absolute executable path. This may allow execution of a malicious explorer.exe if...
CVE-2026-25926
Notepad++ is a free and open-source source code editor. An Unsafe Search Path vulnerability CWE-426 exists in versions prior to 8.9.2 when launching Windows Explorer without an absolute executable path. This may allow execution of a malicious explorer.exe if an attacker can control the process...
Notepad++ 代码问题漏洞
Notepad++ is an open-source plain-text editor developed by Don Ho of Taiwan, China. Versions of Notepad++ prior to 8.9.2 had a code vulnerability; this vulnerability stemmed from the use of an absolute executable path when launching the Windows Explorer, which could lead to arbitrary code executi...
CVE-2026-25926 Notepad++ has an Untrusted Search Path
Notepad++ is a free and open-source source code editor. An Unsafe Search Path vulnerability CWE-426 exists in versions prior to 8.9.2 when launching Windows Explorer without an absolute executable path. This may allow execution of a malicious explorer.exe if an attacker can control the process...
CVE-2026-25926 Notepad++ has an Untrusted Search Path
Notepad++ is a free and open-source source code editor. An Unsafe Search Path vulnerability CWE-426 exists in versions prior to 8.9.2 when launching Windows Explorer without an absolute executable path. This may allow execution of a malicious explorer.exe if an attacker can control the process...
CVE-2026-25926
CVE-2026-25926 (Notepad++) is an Unsafe Search Path vulnerability (CWE-426) affecting Notepad++ versions prior to 8.9.2. The issue arises when launching explorer.exe without an absolute path, allowing an attacker who controls the process working directory to execute a malicious explorer.exe, pote...
CVE-2026-25926 Notepad++ has an Untrusted Search Path
Notepad++ is a free and open-source source code editor. An Unsafe Search Path vulnerability CWE-426 exists in versions prior to 8.9.2 when launching Windows Explorer without an absolute executable path. This may allow execution of a malicious explorer.exe if an attacker can control the process...
Notepad++ Fixes Hijacked Update Mechanism Used to Deliver Targeted Malware
Notepad++ has released a security fix to plug gaps that were exploited by an advanced threat actor from China to hijack the software update mechanism to selectively deliver malware to targets of interest. The version 8.9.2 update incorporates what maintainer Don Ho calls a "double lock" design th...
PT-2026-20553
Name of the Vulnerable Software and Affected Versions Notepad++ versions prior to 8.9.2 Description Notepad++ is a free and open-source source code editor. An Unsafe Search Path issue CWE-426 exists when launching Windows Explorer without an absolute executable path. This could allow execution of...
PT-2026-8028
Name of the Vulnerable Software and Affected Versions Windows Notepad versions prior to 11.x patch Description A remote code execution issue exists in the modern Windows 11 Notepad application distributed through the Microsoft Store. A malicious Markdown .md file can trigger command injection,...
Exploit for CVE-2026-20841
CVE-2026-20841 - Windows Notepad RCE PoC for a remote code ex...
ThreatsDay Bulletin: AI Prompt RCE, Claude 0-Click, RenEngine Loader, Auto 0-Days & 25+ Stories
Threat activity this week shows one consistent signal — attackers are leaning harder on what already works. Instead of flashy new exploits, many operations are built around quiet misuse of trusted tools, familiar workflows, and overlooked exposures that sit in plain sight. Another shift is how...
Exploit for CVE-2026-20841
CVE-2026-20841 - Windows Notepad RCE PoC for a remote code ex...