PT-2026-38666

Name of the Vulnerable Software and Affected Versions NAVER MYBOX Explorer for Windows versions prior to 3.0.11.160 Description Improper privilege checks allow a local attacker to escalate privileges to NT AUTHORITYSYSTEM through registry manipulation. Recommendations Update to version 3.0.11.160...

Exploit for External Control of File Name or Path in Microsoft

CVE-2025-24054 PoC A simple Proof of Concept for CVE-2025-2...

Windows Print Spooler Information Disclosure Vulnerability

Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally...

CVE-2026-25926

Notepad++ is a free and open-source source code editor. An Unsafe Search Path vulnerability CWE-426 exists in versions prior to 8.9.2 when launching Windows Explorer without an absolute executable path. This may allow execution of a malicious explorer.exe if an attacker can control the process...

Notepad++ < 8.9.2 Unsafe Search Path (GHSA-rjvm-fcxw-2jxq)

The version of Notepad++ installed on the remote host is prior to 8.9.2. It is, therefore, affected by a vulnerability: - An Unsafe Search Path vulnerability CWE-426 exists when launching Windows Explorer without an absolute executable path. This may allow execution of a malicious explorer.exe if...

Notepad++ 代码问题漏洞

Notepad++ is an open-source plain-text editor developed by Don Ho of Taiwan, China. Versions of Notepad++ prior to 8.9.2 had a code vulnerability; this vulnerability stemmed from the use of an absolute executable path when launching the Windows Explorer, which could lead to arbitrary code executi...

CVE-2026-25926 Notepad++ has an Untrusted Search Path

Notepad++ is a free and open-source source code editor. An Unsafe Search Path vulnerability CWE-426 exists in versions prior to 8.9.2 when launching Windows Explorer without an absolute executable path. This may allow execution of a malicious explorer.exe if an attacker can control the process...

CVE-2026-25926 Notepad++ has an Untrusted Search Path

Notepad++ is a free and open-source source code editor. An Unsafe Search Path vulnerability CWE-426 exists in versions prior to 8.9.2 when launching Windows Explorer without an absolute executable path. This may allow execution of a malicious explorer.exe if an attacker can control the process...

CVE-2026-25926 Notepad++ has an Untrusted Search Path

Notepad++ is a free and open-source source code editor. An Unsafe Search Path vulnerability CWE-426 exists in versions prior to 8.9.2 when launching Windows Explorer without an absolute executable path. This may allow execution of a malicious explorer.exe if an attacker can control the process...

CVE-2026-25926

CVE-2026-25926 (Notepad++) is an Unsafe Search Path vulnerability (CWE-426) affecting Notepad++ versions prior to 8.9.2. The issue arises when launching explorer.exe without an absolute path, allowing an attacker who controls the process working directory to execute a malicious explorer.exe, pote...

PT-2026-20553

Name of the Vulnerable Software and Affected Versions Notepad++ versions prior to 8.9.2 Description Notepad++ is a free and open-source source code editor. An Unsafe Search Path issue CWE-426 exists when launching Windows Explorer without an absolute executable path. This could allow execution of...

CVE-2026-25880 Untrusted Search Path in SumatraPDF Reader (explorer.exe on Windows)

SumatraPDF is a multi-format reader for Windows. In 3.5.2 and earlier, the PDF reader allows execution of a malicious binary explorer.exe located in the same directory as the opened PDF when the user clicks File → “Show in folder”. This behavior leads to arbitrary code execution on the victim’s...

CVE-2026-25880

SumatraPDF (Windows)

CVE-2026-20932

Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally...

EUVD-2010-3157

Malware in sbrugna...

EUVD-2010-1825

Malware in sbrugna...

EUVD-2025-24355

Malicious code in bioql PyPI...

Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Microsoft

CVE-2025-24071: Microsoft Windows File Explorer Spoofing Vulne...

CVE-2025-58323

NAVER MYBOX Explorer for Windows before 3.0.8.133 allows a local attacker to escalate privileges to NT AUTHORITY\SYSTEM by executing arbitrary files due to improper privilege checks...

Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Microsoft

NTLM/SMB Hardening & Threat Hunt Toolkit Author: w01f...