CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Leanote Desktop through 2.6.2 allows XSS because a note's title is mishandled during syncing. This leads to remote code execution because of Node integration...

9.6CVSS7AI score0.01913EPSS

Exploits0

RedhatCVE•added 2025/05/22 3:23 p.m.•10 views

CVE-2020-26158

Leanote Desktop through 2.6.2 allows XSS because a note's title is mishandled when the batch feature is triggered. This leads to remote code execution because of Node integration...

9.6CVSS7AI score0.01913EPSS

Exploits0

RedhatCVE•added 2025/05/22 7:57 a.m.•7 views

CVE-2019-1010003

Leanote prior to version 2.6 is affected by: Cross Site Scripting XSS...

6.1CVSS6.5AI score0.00636EPSS

Exploits1References1

RedhatCVE•added 2025/05/22 6:6 a.m.•4 views

CVE-2017-1000492

Leanote-desktop version v2.5 is vulnerable to a XSS which leads to code execution due to enabled node integration...

6.1CVSS7AI score0.01044EPSS

Exploits0References1

RedhatCVE•added 2025/05/22 5:51 a.m.•5 views

CVE-2017-1000459

Leanote version = 2.5 is vulnerable to XSS due to not sanitized input in markdown notes...

6.1CVSS6.4AI score0.00836EPSS

Exploits1References1

NVD•added 2024/02/07 3:15 a.m.•20 views

CVE-2024-0849

Leanote version 2.7.0 allows obtaining arbitrary local files. This is possible because the application is vulnerable to LFR...

5.5CVSS5.5AI score0.00234EPSS

Exploits0References2

ATTACKERKB•added 2024/02/07 3:15 a.m.•3 views

CVE-2024-0849

Leanote version 2.7.0 allows obtaining arbitrary local files. This is possible because the application is vulnerable to LFR...

5.5CVSS5.9AI score0.00234EPSS

Exploits0References3Affected Software1

OSV•added 2024/02/07 3:15 a.m.•15 views

CVE-2024-0849

Leanote version 2.7.0 allows obtaining arbitrary local files. This is possible because the application is vulnerable to LFR...

5CVSS5.4AI score

Exploits0References2

Prion•added 2024/02/07 3:15 a.m.•17 views

Code injection

Leanote version 2.7.0 allows obtaining arbitrary local files. This is possible because the application is vulnerable to LFR...

1.7CVSS7AI score0.00234EPSS

Exploits0References2Affected Software1

CVE•added 2024/02/07 2:50 a.m.•52 views

CVE-2024-0849

CVE-2024-0849 (Leanote 2.7.0) is a local-file-read vulnerability caused by a Local File Reading (LFR) weakness, allowing an attacker to obtain arbitrary local files. The vulnerability is explicitly described in multiple sources as affecting Leanote version 2.7.0, with the impact being exposure of...

5.5CVSS5.4AI score0.00234EPSS

Exploits0References2Affected Software1