Vulnerabilities > Notepad Plus Plus

DATE CVE VULNERABILITY TITLE RISK
2023-11-30 CVE-2023-47452 Uncontrolled Search Path Element vulnerability in Notepad-Plus-Plus Notepad++ 6.5
An Untrusted search path vulnerability in notepad++ 6.5 allows local users to gain escalated privileges through the msimg32.dll file in the current working directory.
local
low complexity
notepad-plus-plus CWE-427
7.8
2023-11-30 CVE-2023-6401 Uncontrolled Search Path Element vulnerability in Notepad-Plus-Plus Notepad++
A vulnerability classified as problematic was found in NotePad++ up to 8.1.
local
low complexity
notepad-plus-plus CWE-427
7.8
2023-08-25 CVE-2023-40164 Classic Buffer Overflow vulnerability in Notepad-Plus-Plus Notepad++
Notepad++ is a free and open-source source code editor.
local
low complexity
notepad-plus-plus CWE-120
5.5
2023-08-25 CVE-2023-40166 Heap-based Buffer Overflow vulnerability in Notepad-Plus-Plus Notepad++
Notepad++ is a free and open-source source code editor.
local
low complexity
notepad-plus-plus CWE-122
5.5
2023-08-25 CVE-2023-40031 Heap-based Buffer Overflow vulnerability in Notepad-Plus-Plus Notepad++
Notepad++ is a free and open-source source code editor.
local
low complexity
notepad-plus-plus CWE-122
7.8
2023-08-25 CVE-2023-40036 Classic Buffer Overflow vulnerability in Notepad-Plus-Plus Notepad++
Notepad++ is a free and open-source source code editor.
local
low complexity
notepad-plus-plus CWE-120
5.5
2023-02-01 CVE-2022-31902 Out-of-bounds Write vulnerability in Notepad-Plus-Plus Notepad++
Notepad++ v8.4.1 was discovered to contain a stack overflow via the component Finder::add().
local
low complexity
notepad-plus-plus CWE-787
5.5
2023-01-19 CVE-2022-31901 Out-of-bounds Write vulnerability in Notepad-Plus-Plus Notepad++
Buffer overflow in function Notepad_plus::addHotSpot in Notepad++ v8.4.3 and earlier allows attackers to crash the application via two crafted files.
network
low complexity
notepad-plus-plus CWE-787
6.5
2022-09-28 CVE-2022-32168 Uncontrolled Search Path Element vulnerability in Notepad-Plus-Plus Notepad++
Notepad++ versions 8.4.1 and before are vulnerable to DLL hijacking where an attacker can replace the vulnerable dll (UxTheme.dll) with his own dll and run arbitrary code in the context of Notepad++.
local
low complexity
notepad-plus-plus CWE-427
7.8
2019-09-14 CVE-2019-16294 Out-of-bounds Write vulnerability in multiple products
SciLexer.dll in Scintilla in Notepad++ (x64) before 7.7 allows remote code execution or denial of service via Unicode characters in a crafted .ml file.
local
low complexity
notepad-plus-plus scintilla CWE-787
7.8