All 8 CVE vulnerabilities found in notepad-plus-plus, with AI-generated Chinese analysis, references, and POCs.
Vendor: notepad-plus-plus
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-25926 | Notepad++ has an Untrusted Search Path CWE-426 | 7.3 | High | 2026-02-18 |
| CVE-2025-15556 | Notepad++ < 8.8.9 WinGUp Updater Lacks Update Integrity Verification CWE-494 | 7.0AI | HighAI | 2026-02-03 |
| CVE-2025-49144 | Notepad++ Privilege Escalation in Installer via Uncontrolled Executable Search Path CWE-272 | 7.3 | High | 2025-06-23 |
| CVE-2023-40166 | Notepad++ heap buffer read overflow in FileManager::detectLanguageFromTextBegining CWE-120 | 5.5 | Medium | 2023-08-25 |
| CVE-2023-40164 | Notepad++ global buffer read overflow in nsCodingStateMachine::NextState CWE-120 | 5.5 | Medium | 2023-08-25 |
| CVE-2023-40036 | Notepad++ global buffer read overflow in CharDistributionAnalysis::HandleOneChar CWE-120 | 5.5 | Medium | 2023-08-25 |
| CVE-2023-40031 | Notepad++ vulnerable to heap buffer write overflow in Utf8_16_Read::convert CWE-120 | 7.8 | High | 2023-08-25 |
| CVE-2022-32168 | notepad-plus-plus - DLL Hijacking CWE-427 | 7.8 | - | 2022-09-28 |
All 8 known CVE vulnerabilities affecting notepad-plus-plus with full Chinese analysis, references, and POCs where available.