CVE-2026-33978

Notesnook is a note-taking app focused on user privacy & ease of use. Prior to version 3.3.17, a stored XSS vulnerability exists in the mobile share / web clip flow because attacker-controlled clip metadata is concatenated into HTML without escaping and then rendered with innerHTML inside the...

CVE-2026-33978 Notesnook: Stored XSS in mobile share editor via unescaped web clip title metadata

Notesnook is a note-taking app focused on user privacy & ease of use. Prior to version 3.3.17, a stored XSS vulnerability exists in the mobile share / web clip flow because attacker-controlled clip metadata is concatenated into HTML without escaping and then rendered with innerHTML inside the...

EUVD-2026-17962

Notesnook is a note-taking app focused on user privacy & ease of use. Prior to version 3.3.17, a stored XSS vulnerability exists in the mobile share / web clip flow because attacker-controlled clip metadata is concatenated into HTML without escaping and then rendered with innerHTML inside the...

CVE-2026-33976

Notesnook is a note-taking app. Prior to version 3.3.11 on Web/Desktop and 3.3.17 on Android/iOS, a stored XSS in the Web Clipper rendering flow can be escalated to remote code execution in the desktop app. The root cause is that the clipper preserves attacker-controlled attributes from the sourc...

EUVD-2026-16874

Notesnook is a note-taking app. Prior to version 3.3.11 on Web/Desktop and 3.3.17 on Android/iOS, a stored XSS in the Web Clipper rendering flow can be escalated to remote code execution in the desktop app. The root cause is that the clipper preserves attacker-controlled attributes from the sourc...

CVE-2026-33976 Notesnook vulnerable to RCE via stored XSS in Web Clipper rendering

Notesnook is a note-taking app. Prior to version 3.3.11 on Web/Desktop and 3.3.17 on Android/iOS, a stored XSS in the Web Clipper rendering flow can be escalated to remote code execution in the desktop app. The root cause is that the clipper preserves attacker-controlled attributes from the sourc...

CVE-2026-33976 Notesnook vulnerable to RCE via stored XSS in Web Clipper rendering

Notesnook is a note-taking app. Prior to version 3.3.11 on Web/Desktop and 3.3.17 on Android/iOS, a stored XSS in the Web Clipper rendering flow can be escalated to remote code execution in the desktop app. The root cause is that the clipper preserves attacker-controlled attributes from the sourc...

CVE-2023-2608

The Multiple Page Generator Plugin for WordPress is vulnerable to Cross-Site Request Forgery leading to time-based SQL Injection via the orderby and order parameters in versions up to, and including, 3.3.17 due to missing nonce verification on the projectslist function and insufficient escaping o...

PT-2023-29864 · Grails · Grails

Name of the Vulnerable Software and Affected Versions: Grails versions prior to 3.3.17 Grails versions prior to 4.1.3 Grails versions prior to 5.3.4 Grails versions prior to 6.1.0 Description: A specially crafted web request can lead to a JVM crash or denial of service. Any Grails framework...

CVE-2023-2607

The Multiple Page Generator Plugin for WordPress is vulnerable to time-based SQL Injection via the orderby and order parameters in versions up to, and including, 3.3.17 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This...

CVE-2023-2607

The Multiple Page Generator Plugin for WordPress is vulnerable to time-based SQL Injection via the orderby and order parameters in versions up to, and including, 3.3.17 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This...

CVE-2023-2607 Multiple Page Generator Plugin <= 3.3.17 - Authenticated (Administrator+) SQL Injection

The Multiple Page Generator Plugin for WordPress is vulnerable to time-based SQL Injection via the orderby and order parameters in versions up to, and including, 3.3.17 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This...

CVE-2023-2608

The Multiple Page Generator Plugin for WordPress is vulnerable to Cross-Site Request Forgery leading to time-based SQL Injection via the orderby and order parameters in versions up to, and including, 3.3.17 due to missing nonce verification on the projectslist function and insufficient escaping o...

CVE-2023-2608 Multiple Page Generator Plugin <= 3.3.17 - Cross-Site Request Forgery to SQL Injection

The Multiple Page Generator Plugin for WordPress is vulnerable to Cross-Site Request Forgery leading to time-based SQL Injection via the orderby and order parameters in versions up to, and including, 3.3.17 due to missing nonce verification on the projectslist function and insufficient escaping o...

WordPress MPG Plugin <= 3.3.17 is vulnerable to SQL Injection

Software MPG Type Plugin Vulnerable versions = 3.3.17 Fixed in 3.3.18 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-2607 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID 74726ab41bcc Credits Marco Wotschka Required privilege Administrator Published 16...

CVE-2022-23741

An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed a scoped user-to-server token to escalate to full admin/owner privileges. An attacker would require an account with admin access to install a malicious GitHub App. This vulnerability was fixed in...

Path traversal

A path traversal vulnerability was identified in GitHub Enterprise Server that allowed remote code execution when building a GitHub Pages site. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the instance. This vulnerability was fixed in...

WordPress My Calendar plugin <= 3.3.16 - Unauthenticated Open Redirect vulnerability

Unauthenticated Open Redirect vulnerability discovered by Dan Kegel in WordPress My Calendar plugin versions = 3.3.16. Solution Update the WordPress My Calendar plugin to the latest available version at least 3.3.17...

Sensiolabs Symfony <= 2.7.48, 2.8.* <= 2.8.43, 3.* <= 3.3.17, 3.4.* <= 3.4.13, 4.0.* <= 4.0.13 and 4.1.* <= 4.1.2 Multiple Vulnerabilities

This host runs Symfony and is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if description...

Fedora 27 : php-symfony3 (2018-c8ddc44bbb)

3.3.17 2018-05-25 - security cve-2018-11407 Ldap cast to string when checking empty passwords - security cve-2018-11408 SecurityBundle Fail if security.httputils cannot be configured - security cve-2018-11406 clear CSRF tokens when the user is logged out - security cve-2018-11385 migrating sessio...