<?xml version="1.0" encoding="utf-8" standalone="yes"?>
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom">
  <channel>
    <title>Vulnerability-Management on karmine&#39;s notes</title>
    <link>https://karmine05.github.io/dirtyfrag-blog/tags/vulnerability-management/</link>
    <description>Recent content in Vulnerability-Management on karmine&#39;s notes</description>
    <generator>Hugo -- gohugo.io</generator>
    <language>en</language>
    <managingEditor>dhruv@fleetdm.com (Dhruv Majumdar)</managingEditor>
    <webMaster>dhruv@fleetdm.com (Dhruv Majumdar)</webMaster>
    <copyright>© 2026 karmine&#39;s notes</copyright>
    <lastBuildDate>Wed, 10 Jun 2026 09:00:00 -0400</lastBuildDate><atom:link href="https://karmine05.github.io/dirtyfrag-blog/tags/vulnerability-management/index.xml" rel="self" type="application/rss+xml" />
    
    <item>
      <title>Notepad&#43;&#43; trusted-directory bypass (GHSA-p58x-r3c9-x9p6): find it with Fleet, portable copies included</title>
      <link>https://karmine05.github.io/dirtyfrag-blog/posts/notepad-plus-plus-shortcuts-bypass-fleet/</link>
      <pubDate>Wed, 10 Jun 2026 09:00:00 -0400</pubDate>
      <author>dhruv@fleetdm.com (Dhruv Majumdar)</author>
      <guid>https://karmine05.github.io/dirtyfrag-blog/posts/notepad-plus-plus-shortcuts-bypass-fleet/</guid>
      <description>GHSA-p58x-r3c9-x9p6 is a path-traversal bypass of the CVE-2026-48800 patch in Notepad++ v8.9.6.1, fixed in v8.9.6.2. It carries no CVE of its own, so vulnerability scanners that key on CVE catalogs may not flag it — and even when they do, they catch the registry-installed program while a portable notepad++.exe dropped in Downloads goes unseen. This post validates the advisory, then ships a Fleet/osquery identification query and a policy that fails when a vulnerable copy is present, installed or portable.</description>
      
    </item>
    
  </channel>
</rss>
