Note Mark 安全漏洞

Note Mark is a web-based Markdown note-taking application developed by Leo Spratt. Versions of Note Mark prior to 0.19.1 contained a security vulnerability. This vulnerability stemmed from the login endpoint only performing bcrypt password verification when a username was provided. This allowed...

CVE-2026-40265 Note Mark has Broken Access Control on Asset Download

Note Mark is an open-source note-taking application. In versions 0.19.1 and prior, the asset download endpoint at /api/notes/noteID/assets/assetID is registered without authentication middleware, and the backend query does not verify ownership or book visibility. An unauthenticated user who knows...

CVE-2026-40263 Note Mark: Username Enumeration via Login Endpoint Timing Side-Channel

Note Mark is an open-source note-taking application. In versions 0.19.1 and prior, the login endpoint performs bcrypt password verification only when the supplied username exists, returning immediately for nonexistent usernames. This timing discrepancy allows unauthenticated attackers to enumerat...

CVE-2026-40263

The connected PT Security disclosures confirm CVE-2026-40263 corresponds to a Username Enumeration flaw via the login endpoint in Note Mark. Affected component is the login/authentication flow; the underlying issue is CWE-208 (Username Enumeration). PT notes that Note Mark versions prior to 0.19....

Low: aide

Issue Overview: AIDE is an advanced intrusion detection environment. From versions 0.13 to 0.19.1, there is a null pointer dereference vulnerability in AIDE. An attacker can crash the program during report printing or database listing after setting extended file attributes with an empty attribute...

Amazon Linux 2023 : aide (ALAS2023-2026-1462)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1462 advisory. AIDE is an advanced intrusion detection environment. From versions 0.13 to 0.19.1, there is a null pointer dereference vulnerability in AIDE. An attacker can crash the program during report printing or...

CVE-2026-24888

Maker.js is a 2D vector line drawing and shape modeling for CNC and laser cutters. In versions up to and including 0.19.1, the makerjs.extendObject function copies properties from source objects without proper validation, potentially exposing applications to security risks. The function lacks...

Maker.js security vulnerabilities

Maker.js is a two-dimensional vector drawing and shape modeling tool open-sourced by Microsoft. Versions of Maker.js prior to 0.19.1 contain security vulnerabilities. These vulnerabilities stem from the makerjs.extendObject function, which lacks proper validation when copying object properties...

Unity Linux 20.1070e Security Update: aide (UTSA-2025-991098)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-991098 advisory. AIDE is an advanced intrusion detection environment. From versions 0.13 to 0.19.1, there is a null pointer dereference vulnerability in AIDE. An attacker can crash t...

EulerOS 2.0 SP12 : aide (EulerOS-SA-2025-2346)

According to the versions of the aide package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : AIDE is an advanced intrusion detection environment. From versions 0.13 to 0.19.1, there is a null pointer dereference vulnerability in AIDE. An...

EulerOS 2.0 SP12 : aide (EulerOS-SA-2025-2315)

According to the versions of the aide package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : AIDE is an advanced intrusion detection environment. From versions 0.13 to 0.19.1, there is a null pointer dereference vulnerability in AIDE. An...

Denial of Service (DoS)

Overview Affected versions of this package are vulnerable to Denial of Service DoS via the Vector.ReadFrom function. An attacker can cause excessive memory allocation and application crashes by providing maliciously crafted input data containing large length fields. This can result in denial of...

Denial of Service (DoS)

Overview Affected versions of this package are vulnerable to Denial of Service DoS via the Vector.ReadFrom function. An attacker can cause excessive memory allocation and application crashes by providing maliciously crafted input data containing large length fields. This can result in denial of...

Denial of Service (DoS)

Overview Affected versions of this package are vulnerable to Denial of Service DoS via the Vector.ReadFrom function. An attacker can cause excessive memory allocation and application crashes by providing maliciously crafted input data containing large length fields. This can result in denial of...

EUVD-2018-17586

Malware in sbrugna...

EUVD-2018-12922

Malware in sbrugna...

EUVD-2025-24863

Malicious code in bioql PyPI...

EUVD-2024-0411

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2025-54409

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - AIDE is an advanced intrusion detection environment. From versions 0.13 to 0.19.1, there is a null pointer dereference vulnerability in AIDE. An attacker can...

Linux Distros Unpatched Vulnerability : CVE-2018-5818

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An error within the parserollei function internal/dcrawcommon.cpp within LibRaw versions prior to 0.19.1 can be exploited to trigger an infinite loop...