CVE-2026-3008

CVE-2026-3008 is a Notepad++ string-injection vulnerability in the Find Results flow. A vulnerability in sub_1400916C0 formats the Find Results count label using a localized string from nativeLang.xml as the wsprintfW format string, with no validation of the string flow. This can cause a crash (D...

CVE-2026-3008 Vulnerability in Notepad++

Successful exploitation of the string injection vulnerability could allow an attacker to obtain memory address information or crash the application...

CVE-2026-3008

Successful exploitation of the string injection vulnerability could allow an attacker to obtain memory address information or crash the application...

CVE-2026-3008 Vulnerability in Notepad++

Successful exploitation of the string injection vulnerability could allow an attacker to obtain memory address information or crash the application...

EUVD-2026-25775

Successful exploitation of the string injection vulnerability could allow an attacker to obtain memory address information or crash the application...

📄 V8 BigInt String Conversion Stress Test Conceptual Sandbox

This is a V8 Sandbox Escape vulnerability in BigInt::Allocate where buffers are shuffled outside the sandbox. The vulnerability allows for writes outside the boundaries of the allocated buffer within the sandbox outbound write by manipulating data during the MultiplyFFT process...

PT-2026-35357

Name of the Vulnerable Software and Affected Versions Notepad++ versions prior to 8.9.4 Description A string injection issue exists in the FindInFiles function of the text editor, stemming from flaws in the formatting string processing mechanism. Successful exploitation could allow an attacker to...

Notepad++ 格式化字符串错误漏洞

Notepad++ is an open-source plain-text editor developed by Don Ho of Taiwan, China. Notepad++ has a vulnerability related to formatted string handling, which stems from string injection issues. This vulnerability may allow attackers to obtain memory address information or cause the application to...

Binwalk 路径遍历漏洞

Binwalk is a fast and easy-to-use tool open sourced by ReFirm Labs. It is used for analysis, reverse engineering, and extracting firmware images. Versions of Binwalk 2.4.3 and earlier have a path traversal vulnerability. This vulnerability stems from improper handling of the parameter self.filena...

CVE-2018-25295

ObserverIP Scan Tool 1.4.0.1 contains a denial of service vulnerability that allows local attackers to crash the application by submitting an excessively long string in the IP input field. Attackers can paste a 2000-byte buffer of repeated characters into the IP field and trigger a search operati...

ALSA: fireworks: bound device-supplied status before string array lookup

...

OESA-2026-2067 libgphoto2 security update

is the core of gphoto2 software. It is a portable library which gives access to literally hundreds of digital cameras. Security Fixes: libgphoto2 is a camera access and control library. In versions up to and including 2.5.33, a missing null terminator exists in the ptpunpackCanonFE function in...

[SECURITY] Fedora 44 Update: qt6-qtbase-6.10.3-1.fc44

Qt is a software toolkit for developing applications. This package contains base tools, like string, xml, and network handling...

SUSE CVE-2026-31549

In the Linux kernel, the following vulnerability has been resolved: i2c: cp2615: fix serial string NULL-deref at probe The cp2615 driver uses the USB device serial string as the i2c adapter name but does not make sure that the string exists. Verify that the device has a serial number before...

CBL Mariner 2.0 Security Update: CBL-Mariner Releases (CVE-2026-32316)

The version of CBL-Mariner Releases installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2026-32316 advisory. - jq is a command-line JSON processor. An integer overflow vulnerability exists through version...

Linux Distros Unpatched Vulnerability : CVE-2026-31549

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - i2c: cp2615: fix serial string NULL-deref at probe The cp2615 driver uses the USB device serial string as the i2c adapter name but does not make sure that the...

CVE-2026-41428

Budibase is an open-source low-code platform. Prior to 3.35.4, the authenticated middleware uses unanchored regular expressions to match public no-auth endpoint patterns against ctx.request.url. Since ctx.request.url in Koa includes the query string, an attacker can access any protected endpoint ...

EUVD-2026-25618

Budibase is an open-source low-code platform. Prior to 3.35.4, the authenticated middleware uses unanchored regular expressions to match public no-auth endpoint patterns against ctx.request.url. Since ctx.request.url in Koa includes the query string, an attacker can access any protected endpoint ...

CVE-2026-41428 Budibase: Authentication Bypass via Unanchored Regex in Public Endpoint Matcher — Unauthenticated Access to Protected Endpoints

Budibase is an open-source low-code platform. Prior to 3.35.4, the authenticated middleware uses unanchored regular expressions to match public no-auth endpoint patterns against ctx.request.url. Since ctx.request.url in Koa includes the query string, an attacker can access any protected endpoint ...

CVE-2026-41428

Budibase is an open-source low-code platform. Prior to 3.35.4, the authenticated middleware uses unanchored regular expressions to match public no-auth endpoint patterns against ctx.request.url. Since ctx.request.url in Koa includes the query string, an attacker can access any protected endpoint ...