Lucene search
K
Notepad-plus-plusNotepad++*

7 matches found

CVE
CVE
•added 2019/09/14 3:39 p.m.•158 views

CVE-2019-16294

Notepad++ (x64) before version 7.7 is affected by CVE-2019-16294 due to SciLexer.dll (Scintilla) processing crafted Unicode in .ml files, enabling remote code execution or denial of service. Exploitation targets the SciLexer.dll component within Notepad++, with a local/remote feasibility dependin...

7.8CVSS7.8AI score0.09832EPSS
CVE
CVE
•added 2026/06/26 8:21 p.m.•109 views

CVE-2026-48778

Notepad++ prior to 8.9.6.1 is affected by an RCE in config.xml: the value is read without validation and passed to ShellExecute when triggering File → Open Containing Folder → cmd, enabling attacker-controlled executable paths. The issue stems from NppXml::value() storing the value in _nppGUI._c...

7.8CVSS5.8AI score0.01314EPSS
CVE
CVE
•added 2026/06/26 8:22 p.m.•61 views

CVE-2026-48770

Notepad++ prior to version 8.9.6.1 is affected by multiple issues arising from insecure handling of inter-process communication data. Specifically, a local attacker can trigger a denial of service (CVE-2026-48770) by sending a malformed WM_COPYDATA message where COPYDATA_FULL_CMDLINE is processed...

5CVSS5.8AI score0.00258EPSS
CVE
CVE
•added 2026/02/03 12:50 a.m.•58 views

CVE-2025-15556

Notepad++ versions prior to 8.8.9 using the WinGUp updater are affected by an update integrity verification vulnerability: downloaded update metadata and installers are not cryptographically verified. An attacker who can intercept or redirect update traffic can cause the updater to download and e...

7.7CVSS6.4AI score0.01268EPSS
In wild
CVE
CVE
•added 2026/06/26 8:12 p.m.•51 views

CVE-2026-48800

Notepad++ prior to 8.9.6.1 is affected by CVE-2026-48800 where the content inside in shortcuts.xml is read without validation and used to build a Run menu item that ShellExecute() executes. The attacker-controlled string becomes the executable path when the user clicks the Run menu entry, enabl...

7.8CVSS5.8AI score0.0036EPSS
CVE
CVE
•added 2026/02/18 11:7 p.m.•38 views

CVE-2026-25926

CVE-2026-25926 (Notepad++) is an Unsafe Search Path vulnerability (CWE-426) affecting Notepad++ versions prior to 8.9.2. The issue arises when launching explorer.exe without an absolute path, allowing an attacker who controls the process working directory to execute a malicious explorer.exe, pote...

7.3CVSS6.7AI score0.00248EPSS
CVE
CVE
•added 2026/06/26 8:19 p.m.•24 views

CVE-2026-52885

Notepad++ Notepad++ v8.9.6.4 fixes a TOCTOU vulnerability (CVE-2026-52885) where the on-disk HMAC of shortcuts.xml is checked at trigger time while the command payload is loaded into memory at startup and never synchronized. An attacker with write access to shortcuts.xml can plant a malicious fil...

7.5CVSS6AI score0.00129EPSS