CVE-2026-6539
- EPSS 0.19%
- Veröffentlicht 30.04.2026 20:31:54
- Zuletzt bearbeitet 01.05.2026 19:30:02
Notepad++ 8.9.3 contains a format string injection vulnerability in the Find Results panel handler that allows attackers to cause denial of service and information disclosure by crafting a malicious nativeLang.xml language pack file. Attackers can di...
CVE-2026-3008
- EPSS 0.22%
- Veröffentlicht 27.04.2026 06:04:22
- Zuletzt bearbeitet 27.04.2026 18:57:20
Successful exploitation of the string injection vulnerability could allow an attacker to obtain memory address information or crash the application.
CVE-2026-5525
- EPSS 0.17%
- Veröffentlicht 10.04.2026 08:16:26
- Zuletzt bearbeitet 05.06.2026 13:54:59
A stack-based buffer overflow vulnerability exists in Notepad++ version 8.9.3 in the file drop handler component. When a user drags and drops a directory path of exactly 259 characters without a trailing backslash, the application appends a backslash...
CVE-2025-56383
- EPSS 0.27%
- Veröffentlicht 26.09.2025 18:15:36
- Zuletzt bearbeitet 15.04.2026 00:35:42
Notepad++ v8.8.3 has a DLL hijacking vulnerability, which can replace the original DLL file to execute malicious code. NOTE: this is disputed by multiple parties because the behavior only occurs when a user installs the product into a directory tree ...