Lucene search
K

609 matches found

CVE
CVE
added 2026/06/26 8:11 p.m.36 views

CVE-2026-52884

Notepad++ CVE-2026-52884 affects Notepad++ up to version 8.9.6.1 where isInTrustedDirectory() does not canonicalize paths before checking. The code uses a prefix-based trust check (PathIsPrefix or equivalent), allowing a path traversal like ....\ after a trusted directory prefix to resolve to an ...

7.8CVSS5.8AI score0.00155EPSS
Exploits1References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/26 8:11 p.m.7 views

CVE-2026-52884

Notepad++ is a free and open-source source code editor. In v8.9.6.1, isInTrustedDirectory does NOT canonicalize the path before checking. It uses a prefix-based check PathIsPrefix or equivalent that matches paths starting with trusted directory strings. A path traversal using ....\ after a truste...

7.8CVSS5.8AI score0.00155EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/06/26 8:11 p.m.23 views

CVE-2026-52884 Notepad++: CVE-2026-48800 Bypass

Notepad++ is a free and open-source source code editor. In v8.9.6.1, isInTrustedDirectory does NOT canonicalize the path before checking. It uses a prefix-based check PathIsPrefix or equivalent that matches paths starting with trusted directory strings. A path traversal using ....\ after a truste...

7.8CVSS0.00155EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.12 views

PT-2026-52973

Name of the Vulnerable Software and Affected Versions Notepad++ versions prior to 8.9.6.4 Description A Time-of-Check to Time-of-Use TOCTOU flaw exists in NppCommands.cpp. The application validates the HMAC of the shortcuts.xml file on disk when a user command is triggered, but it executes the...

7.5CVSS5.8AI score0.00129EPSS
Exploits2References5
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.9 views

PT-2026-52972

Name of the Vulnerable Software and Affected Versions Notepad++ versions 8.9.4 through 8.9.5 Description The installer contains a local privilege escalation issue. During the installation process, the installer invokes powershell.exe without specifying an absolute path after setting the working...

7.8CVSS5.8AI score0.00108EPSS
Exploits0References5
GithubExploit
GithubExploit
added 2026/06/09 5:37 p.m.86 views

Exploit for CVE-2026-52885

TOCTOU: HMAC Checks Disk, Executes from Memory Notepad++ v8...

5.9AI score0.00129EPSS
Exploits2
Packet Storm News
Packet Storm News
added 2026/06/08 12:0 a.m.8 views

Windows Notepad Markdown Link Exposure Test

This Metasploit auxiliary module is a non-exploit, safety-focused research tool designed to generate a Markdown file for analyzing how Windows Notepad handles external links. It creates a controlled test document containing a user-defined URL and stores it locally for inspection...

5.5AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/06/08 12:0 a.m.6 views

Windows Notepad WebDAV UNC Reference Markdown File Generator

This Metasploit auxiliary module is a file-format generation tool intended for security testing of a CVE-2026-20841 related to Windows Notepad Markdown handling. It produces a Markdown file containing a UNC WebDAV-style path embedded as a clickable link for behavioral analysis...

7.8CVSS5.8AI score0.1165EPSS
Exploits9
RedhatCVE
RedhatCVE
added 2026/06/05 7:35 p.m.11 views

CVE-2026-5525

A stack-based buffer overflow vulnerability exists in Notepad++ version 8.9.3 in the file drop handler component. When a user drags and drops a directory path of exactly 259 characters without a trailing backslash, the application appends a backslash and null terminator without proper bounds...

7.8CVSS5.9AI score0.00166EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:32 p.m.12 views

CVE-2026-6539

Notepad++ 8.9.3 contains a format string injection vulnerability in the Find Results panel handler that allows attackers to cause denial of service and information disclosure by crafting a malicious nativeLang.xml language pack file. Attackers can distribute a poisoned language pack through...

4.6CVSS5.5AI score0.00191EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:16 p.m.9 views

CVE-2026-42214

Notepad Next is a cross-platform, reimplementation of Notepad++. Prior to version 0.14, NotepadNext's detectLanguageFromExtension function interpolates a file's extension directly into a Lua script without sanitization. An attacker can craft a filename whose extension contains Lua code, which...

7.8CVSS5.6AI score0.00242EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2026/06/04 12:0 a.m.27 views

Notepad++ 8.9.4 / 8.9.5 < 8.9.6 Installer Vulnerability

The version of Notepad++ installed on the remote host is 8.9.4 or 8.9.5. It is, therefore, affected by an installer vulnerability: - A vulnerability exists in the Notepad++ installer affecting versions 8.9.4 and 8.9.5 that could allow an attacker to compromise the installation process...

7.8CVSS5.6AI score0.00108EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/06/04 12:0 a.m.36 views

Notepad++ < 8.9.6.2 Arbitrary Code Execution

The version of Notepad++ installed on the remote host is prior to 8.9.6.2. It is, therefore, affected by an arbitrary code execution vulnerability: - An arbitrary code execution vulnerability exists due to improper handling of shortcuts.xml files. A previous fix in version 8.9.6.1 was incomplete,...

7.8CVSS6.5AI score0.0036EPSS
Exploits3References4
Packet Storm
Packet Storm
added 2026/06/01 12:0 a.m.69 views

📄 Notepad++ 8.9.6 Arbitrary Code Execution

Notepad++ versions 8.9.6 and below proof of concept arbitrary code execution exploit. Exploit Title: Notepad++ 8.9.6 - Arbitrary Code Execution Date: 2026-05-30 Exploit Author: Kavin Jindal Avyukt Security https://www.linkedin.com/in/kavin-jindal/ Vendor Homepage: https://notepad-plus-plus.org...

6.3AI score0.01314EPSS
Exploits5
GithubExploit
GithubExploit
added 2026/05/31 5:2 a.m.317 views

Exploit for CVE-2026-48800

CVE-2026-48800 — Notepad++ Arbitrary Code Execution PoC Sev...

6.4AI score0.0036EPSS
Exploits3
GithubExploit
GithubExploit
added 2026/05/30 5:49 p.m.305 views

Exploit for CVE-2026-48778

CVE-2026-48...

5.8AI score0.01314EPSS
Exploits5
CNNVD
CNNVD
added 2026/05/30 12:0 a.m.13 views

Notepad++ security vulnerabilities

Notepad++ is an open-source plain-text editor developed by Don Ho of Taiwan, China. Notepad++ has security vulnerabilities, and attackers can exploit these vulnerabilities to execute arbitrary code...

6AI score0.01314EPSS
Exploits5References1
Positive Technologies
Positive Technologies
added 2026/05/30 12:0 a.m.14 views

PT-2026-48429

Name of the Vulnerable Software and Affected Versions Notepad++ affected versions not specified Description A zero-click remote code execution RCE issue exists due to path traversal. Path traversal is a technique that allows an attacker to access files and directories that are stored outside the...

7.8CVSS6.3AI score0.00155EPSS
Exploits1References10
Exploit DB
Exploit DB
added 2026/05/30 12:0 a.m.99 views

Notepad++ 8.9.6 - Arbitrary Code Execution

Exploit Title: Notepad++ 8.9.6 - Arbitrary Code Execution Date: 2026-05-30 Exploit Author: Kavin Jindal Avyukt Security https://www.linkedin.com/in/kavin-jindal/ Vendor Homepage: https://notepad-plus-plus.org Software Link: https://notepad-plus-plus.org/downloads/v8.9.6/ Version: from config.xml...

7.8CVSS5.8AI score0.01314EPSS
Exploits5
GithubExploit
GithubExploit
added 2026/05/28 10:25 p.m.134 views

Notepad-8.9.6-PoC

Notepad++ PoCs CVE-2026-48770 / CVE-2026-48778 / CVE-2026-488...

5.8AI score0.01314EPSS
Exploits8
Rows per page
Query Builder