Lucene search
K
Notepad-plus-plusNotepad++

20 matches found

CVE
CVE
added 2026/04/30 8:31 p.m.370 views

CVE-2026-6539

Notepad++ 8.9.3 is affected by a vulnerability described as a format string injection in the Find Results panel handler, triggered by a malicious nativeLang.xml language pack. The issue can be introduced by poisoned language packs distributed via community channels and triggers format string inte...

4.6CVSS5.2AI score0.00191EPSS
CVE
CVE
added 2023/08/25 7:49 p.m.266 views

CVE-2023-40031

Notepad++ versions

7.8CVSS8.1AI score0.00494EPSS
CVE
CVE
added 2023/08/25 8:20 p.m.183 views

CVE-2023-40166

CVE-2023-40166 affects Notepad++ versions prior to 8.5.7. The issue is a heap buffer read overflow in FileManager::detectLanguageFromTextBegining, which can leak internal memory information and, per related advisories, may enable arbitrary code execution under some conditions. Public exploits exi...

5.5CVSS5.8AI score0.00471EPSS
CVE
CVE
added 2019/09/14 3:39 p.m.162 views

CVE-2019-16294

Notepad++ (x64) before version 7.7 is affected by CVE-2019-16294 due to SciLexer.dll (Scintilla) processing crafted Unicode in .ml files, enabling remote code execution or denial of service. Exploitation targets the SciLexer.dll component within Notepad++, with a local/remote feasibility dependin...

7.8CVSS7.8AI score0.09832EPSS
CVE
CVE
added 2026/04/10 7:40 a.m.154 views

CVE-2026-5525

CVE-2026-5525 affects Notepad++ up to version 8.9.3. The issue is a stack-based buffer overflow in the file drop handler (WM_DROPFILES) when dropping a directory path of exactly 259 characters without a trailing backslash. The handler appends a backslash and a null terminator without proper bound...

7.8CVSS6.2AI score0.00166EPSS
CVE
CVE
added 2026/06/26 8:21 p.m.142 views

CVE-2026-48778

Notepad++ prior to 8.9.6.1 is affected by an RCE in config.xml: the value is read without validation and passed to ShellExecute when triggering File → Open Containing Folder → cmd, enabling attacker-controlled executable paths. The issue stems from NppXml::value() storing the value in _nppGUI._c...

7.8CVSS5.8AI score0.01314EPSS
Web
CVE
CVE
added 2023/08/25 8:12 p.m.132 views

CVE-2023-40164

Notepad++ prior to 8.5.7 is affected by a global buffer overflow issue in Notepad++ core components: a read overflow in nsCodingStateMachine::NextStater (NVD) and a related heap buffer overflow in Utf8_16_Read::convert (PT-2023-4643). Impact is described as potential leakage of internal memory in...

5.5CVSS5.8AI score0.00549EPSS
CVE
CVE
added 2023/08/25 7:58 p.m.125 views

CVE-2023-40036

Notepad++

5.5CVSS5.8AI score0.00427EPSS
CVE
CVE
added 2023/11/30 2:31 p.m.100 views

CVE-2023-6401

CVE-2023-6401 affects NotePad++ up to version 8.1. The vulnerability is DLL search/path hijacking in dbghelp.dll loaded by the application, enabling local attackers to execute arbitrary code. The root cause is an uncontrolled search path that can cause the malicious dbghelp.dll in the application...

7.8CVSS6.3AI score0.00332EPSS
Web
CVE
CVE
added 2022/09/28 9:0 a.m.99 views

CVE-2022-32168

Summary: Notepad++

7.8CVSS7.7AI score0.00701EPSS
CVE
CVE
added 2026/06/26 8:22 p.m.92 views

CVE-2026-48770

Notepad++ prior to version 8.9.6.1 is affected by multiple issues arising from insecure handling of inter-process communication data. Specifically, a local attacker can trigger a denial of service (CVE-2026-48770) by sending a malformed WM_COPYDATA message where COPYDATA_FULL_CMDLINE is processed...

5CVSS5.8AI score0.00258EPSS
Web
CVE
CVE
added 2023/02/01 12:0 a.m.83 views

CVE-2022-31902

CVE-2022-31902 affects Notepad++ v8.4.1, with a stack overflow in the Finder::add() function. The Root Cause/Impact are described as a stack overflow; CVSS metrics in the initial document show local attack vector, low attack complexity, no privileges required, but user interaction is required and...

5.5CVSS5.7AI score0.00524EPSS
CVE
CVE
added 2026/06/26 8:12 p.m.80 views

CVE-2026-48800

Notepad++ prior to 8.9.6.1 is affected by CVE-2026-48800 where the content inside in shortcuts.xml is read without validation and used to build a Run menu item that ShellExecute() executes. The attacker-controlled string becomes the executable path when the user clicks the Run menu entry, enabl...

7.8CVSS5.8AI score0.0036EPSS
CVE
CVE
added 2023/01/19 12:0 a.m.76 views

CVE-2022-31901

CVE-2022-31901 concerns a buffer overflow in Notepad_plus::addHotSpot of Notepad++ (up to version 8.4.3 and earlier). The vulnerability can cause the application to crash when processing two crafted files, as described across multiple sources (Notepad++ vulnerability entries and related advisorie...

6.5CVSS6.6AI score0.01305EPSS
CVE
CVE
added 2026/02/03 12:50 a.m.62 views

CVE-2025-15556

Notepad++ versions prior to 8.8.9 using the WinGUp updater are affected by an update integrity verification vulnerability: downloaded update metadata and installers are not cryptographically verified. An attacker who can intercept or redirect update traffic can cause the updater to download and e...

7.7CVSS6.4AI score0.01268EPSS
In wild
CVE
CVE
added 2026/02/18 11:7 p.m.57 views

CVE-2026-25926

CVE-2026-25926 (Notepad++) is an Unsafe Search Path vulnerability (CWE-426) affecting Notepad++ versions prior to 8.9.2. The issue arises when launching explorer.exe without an absolute path, allowing an attacker who controls the process working directory to execute a malicious explorer.exe, pote...

7.3CVSS6.7AI score0.00248EPSS
CVE
CVE
added 2023/11/30 12:0 a.m.51 views

CVE-2023-47452

CVE-2023-47452 affects Notepad++ 6.5; vulnerability is an Untrusted search path allowing local privilege escalation via msimg32.dll loaded from the current working directory. Root cause: loading a system DLL from CWD can override expected DLLs. Impact (as stated): local privilege escalation with ...

7.8CVSS7.6AI score0.00535EPSS
CVE
CVE
added 2026/06/26 8:11 p.m.49 views

CVE-2026-52884

Notepad++ CVE-2026-52884 affects Notepad++ up to version 8.9.6.1 where isInTrustedDirectory() does not canonicalize paths before checking. The code uses a prefix-based trust check (PathIsPrefix or equivalent), allowing a path traversal like ....\ after a trusted directory prefix to resolve to an ...

7.8CVSS5.8AI score0.00155EPSS
CVE
CVE
added 2026/06/26 8:19 p.m.39 views

CVE-2026-52885

Notepad++ Notepad++ v8.9.6.4 fixes a TOCTOU vulnerability (CVE-2026-52885) where the on-disk HMAC of shortcuts.xml is checked at trigger time while the command payload is loaded into memory at startup and never synchronized. An attacker with write access to shortcuts.xml can plant a malicious fil...

7.5CVSS6AI score0.00129EPSS
CVE
CVE
added 2026/06/26 8:16 p.m.10 views

CVE-2026-46710

Notepad++ is affected by a local privilege escalation vulnerability in the installer (CVE-2026-46710) detected in versions 8.9.4–8.9.6. During installation, the installer launches powershell.exe without an absolute path after setting the working directory to the installation contextMenu directory...

7.8CVSS5.8AI score0.00108EPSS