Total
5 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-16294 | 2 Notepad-plus-plus, Scintilla | 2 Notepad\+\+, Scintilla | 2023-02-28 | 6.8 MEDIUM | 7.8 HIGH |
| SciLexer.dll in Scintilla in Notepad++ (x64) before 7.7 allows remote code execution or denial of service via Unicode characters in a crafted .ml file. | |||||
| CVE-2022-31902 | 1 Notepad-plus-plus | 1 Notepad\+\+ | 2023-02-07 | N/A | 5.5 MEDIUM |
| Notepad++ v8.4.1 was discovered to contain a stack overflow via the component Finder::add(). | |||||
| CVE-2022-31901 | 1 Notepad-plus-plus | 1 Notepad\+\+ | 2023-01-26 | N/A | 6.5 MEDIUM |
| Buffer overflow in function Notepad_plus::addHotSpot in Notepad++ v8.4.3 and earlier allows attackers to crash the application via two crafted files. | |||||
| CVE-2022-32168 | 1 Notepad-plus-plus | 1 Notepad\+\+ | 2022-09-29 | N/A | 7.8 HIGH |
| Notepad++ versions 8.4.1 and before are vulnerable to DLL hijacking where an attacker can replace the vulnerable dll (UxTheme.dll) with his own dll and run arbitrary code in the context of Notepad++. | |||||
| CVE-2017-8803 | 2 Mh-nexus, Notepad-plus-plus | 2 Hex Editor, Notepad\+\+ | 2021-09-13 | 6.8 MEDIUM | 7.8 HIGH |
| Notepad++ 7.3.3 (32-bit) with Hex Editor Plugin v0.9.5 might allow user-assisted attackers to execute code via a crafted file, because of a "Data from Faulting Address controls Code Flow" issue. One threat model is a victim who obtains an untrusted crafted file from a remote location and issues several user-defined commands. | |||||