Lucene search
K

411 matches found

Tenable Nessus
Tenable Nessus
added 4 days ago5 views

Linux Distros Unpatched Vulnerability : CVE-2026-55404

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - yt-dlp and youtube-dl are command-line audio/video downloaders. Prior to 2026.7.4, the --write-link, --write-url-link, and --write-desktop-link options can writ...

8.8CVSS6.2AI score0.00554EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/07/03 12:0 a.m.7 views

Notepad++ 8.9.6.2 < 8.9.6.4 TOCTOU Race Condition (CVE-2026-52885)

The version of Notepad++ installed on the remote host is 8.9.6.2 or 8.9.6.3. It is, therefore, affected by a TOCTOU race condition vulnerability: - A time-of-check time-of-use TOCTOU race condition exists in the HMAC verification of shortcuts.xml. The HMAC check validates the on-disk file at...

7.5CVSS6.2AI score0.00129EPSS
Exploits2References2
NVD
NVD
added 2026/06/26 9:16 p.m.8 views

CVE-2026-48800

Notepad++ is a free and open-source source code editor. Prior to 8.9.6.1, the tag text content inside in shortcuts.xml is read by NppXml::valueaNode Parameters.cpp:3658 in the feedUserCmds function and stored in UserCommand.cmd without any validation. When the user clicks the corresponding entry ...

7.8CVSS0.0036EPSS
Exploits3References2
NVD
NVD
added 2026/06/26 9:16 p.m.8 views

CVE-2026-52885

Notepad++ is a free and open-source source code editor. Prior to 8.9.6.4, NppCommands.cpp checks the HMAC of the on-disk shortcuts.xml at the moment a user command fires Time-of-Check. However, the command payload is taken from the in-memory userCommands vector, which is populated at application...

7.5CVSS0.00129EPSS
Exploits2References2
ATTACKERKB
ATTACKERKB
added 2026/06/26 8:19 p.m.8 views

CVE-2026-52885

Notepad++ is a free and open-source source code editor. Prior to 8.9.6.4, NppCommands.cpp checks the HMAC of the on-disk shortcuts.xml at the moment a user command fires Time-of-Check. However, the command payload is taken from the in-memory userCommands vector, which is populated at application...

7.5CVSS6AI score0.00129EPSS
Exploits2References3Affected Software1
Cvelist
Cvelist
added 2026/06/26 8:19 p.m.39 views

CVE-2026-52885 Notepad++ TOCTOU: HMAC Checks Disk, Executes from Memory

Notepad++ is a free and open-source source code editor. Prior to 8.9.6.4, NppCommands.cpp checks the HMAC of the on-disk shortcuts.xml at the moment a user command fires Time-of-Check. However, the command payload is taken from the in-memory userCommands vector, which is populated at application...

7.5CVSS0.00129EPSS
Exploits2References2
CVE
CVE
added 2026/06/26 8:19 p.m.41 views

CVE-2026-52885

Notepad++ Notepad++ v8.9.6.4 fixes a TOCTOU vulnerability (CVE-2026-52885) where the on-disk HMAC of shortcuts.xml is checked at trigger time while the command payload is loaded into memory at startup and never synchronized. An attacker with write access to shortcuts.xml can plant a malicious fil...

7.5CVSS6AI score0.00129EPSS
Exploits2References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/26 8:12 p.m.14 views

CVE-2026-48800

Notepad++ is a free and open-source source code editor. Prior to 8.9.6.1, the tag text content inside in shortcuts.xml is read by NppXml::valueaNode Parameters.cpp:3658 in the feedUserCmds function and stored in UserCommand.cmd without any validation. When the user clicks the corresponding entry ...

7.8CVSS5.8AI score0.0036EPSS
Exploits3References3Affected Software1
Cvelist
Cvelist
added 2026/06/26 8:12 p.m.31 views

CVE-2026-48800 Notepad++: Arbitrary Code Execution via shortcuts.xml UserCommand Injection

Notepad++ is a free and open-source source code editor. Prior to 8.9.6.1, the tag text content inside in shortcuts.xml is read by NppXml::valueaNode Parameters.cpp:3658 in the feedUserCmds function and stored in UserCommand.cmd without any validation. When the user clicks the corresponding entry ...

7.8CVSS0.0036EPSS
Exploits3References2
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.20 views

PT-2026-52973

Name of the Vulnerable Software and Affected Versions Notepad++ versions prior to 8.9.6.4 Description A Time-of-Check to Time-of-Use TOCTOU flaw exists in NppCommands.cpp. The application validates the HMAC of the shortcuts.xml file on disk when a user command is triggered, but it executes the...

7.5CVSS5.8AI score0.00129EPSS
Exploits2References5
Tenable Nessus
Tenable Nessus
added 2026/06/24 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2026-50023

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - yt-dlp is a command-line audio/video downloader. Prior to 2026.06.09, a vulnerability exists in yt-dlp that allows a remote attacker to write arbitrary...

9.6CVSS6AI score0.00555EPSS
Exploits1References3
NVD
NVD
added 2026/06/23 5:17 p.m.10 views

CVE-2026-50023

yt-dlp is a command-line audio/video downloader. Prior to 2026.06.09, a vulnerability exists in yt-dlp that allows a remote attacker to write arbitrary OS-shortcut files such as .desktop, .url, .webloc to the user's filesystem, bypassing the remediation for CVE-2024-38519. The allowlist explicitl...

9.6CVSS0.00555EPSS
Exploits1References4
GithubExploit
GithubExploit
added 2026/06/09 5:37 p.m.101 views

Exploit for CVE-2026-52885

TOCTOU: HMAC Checks Disk, Executes from Memory Notepad++ v8...

5.9AI score0.00129EPSS
Exploits2
RedhatCVE
RedhatCVE
added 2026/06/07 5:22 a.m.14 views

CVE-2026-11283

A policy bypass flaw was found in the Shortcuts component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=502069297...

6.5CVSS5.4AI score0.002EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2026/06/07 4:39 a.m.11 views

SUSE CVE-2026-11283

Insufficient validation of untrusted input in Shortcuts in Google Chrome on Mac prior to 149.0.7827.53 allowed a remote attacker to bypass navigation restrictions via a malicious file. Chromium security severity: Low...

6.5CVSS5.5AI score0.002EPSS
Exploits0References2
Microsoft CVE
Microsoft CVE
added 2026/06/05 2:0 p.m.9 views

Chromium: CVE-2026-11283 Policy bypass in Shortcuts

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

6.5CVSS5.4AI score0.002EPSS
Exploits0
EUVD
EUVD
added 2026/06/05 12:31 a.m.13 views

EUVD-2026-34744

Insufficient validation of untrusted input in Shortcuts in Google Chrome on Mac prior to 149.0.7827.53 allowed a remote attacker to bypass navigation restrictions via a malicious file. Chromium security severity: Low...

5.8AI score0.002EPSS
Exploits0References3
NVD
NVD
added 2026/06/05 12:17 a.m.12 views

CVE-2026-11283

Insufficient validation of untrusted input in Shortcuts in Google Chrome on Mac prior to 149.0.7827.53 allowed a remote attacker to bypass navigation restrictions via a malicious file. Chromium security severity: Low...

6.5CVSS0.002EPSS
Exploits0References2
OSV
OSV
added 2026/06/05 12:17 a.m.6 views

DEBIAN-CVE-2026-11283

Insufficient validation of untrusted input in Shortcuts in Google Chrome on Mac prior to 149.0.7827.53 allowed a remote attacker to bypass navigation restrictions via a malicious file. Chromium security severity: Low...

6.5CVSS5.5AI score0.002EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/06/05 12:0 a.m.13 views

Linux Distros Unpatched Vulnerability : CVE-2026-11283

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Insufficient validation of untrusted input in Shortcuts in Google Chrome on Mac prior to 149.0.7827.53 allowed a remote attacker to bypass navigation restrictio...

6.5CVSS5.5AI score0.002EPSS
Exploits0References2
Rows per page
Query Builder