328 matches found
GHSA-4J5M-WC25-PVH7 Rust OneNote File Parser: Path traversal in `Parser::parse_notebook` allows reading files outside the notebook directory
Impact A maliciously crafted .onetoc2 table-of-contents file can cause Parser::parsenotebook to open arbitrary files on the host filesystem outside the notebook's directory. The parser reads entry names listed inside the .onetoc2 and joins them against the notebook's base directory without...
Rust OneNote File Parser: Path traversal in `Parser::parse_notebook` allows reading files outside the notebook directory
Impact A maliciously crafted .onetoc2 table-of-contents file can cause Parser::parsenotebook to open arbitrary files on the host filesystem outside the notebook's directory. The parser reads entry names listed inside the .onetoc2 and joins them against the notebook's base directory without...
PT-2026-42595
Impact A maliciously crafted .onetoc2 table-of-contents file can cause Parser::parse notebook to open arbitrary files on the host filesystem outside the notebook's directory. The parser reads entry names listed inside the .onetoc2 and joins them against the notebook's base directory without...
CVE-2026-22810
Joplin is an open source note-taking and to-do application that organises notes and lists into notebooks. Versions prior to 3.5.7 contain a path traversal vulnerability in the importer which allows overwriting arbitrary files on disk. The OneNote converter does not sanitize the names of embedded...
Directory Traversal
Overview @joplin/onenote-converter is an Used to import a OneNote archive into Joplin Affected versions of this package are vulnerable to Directory Traversal via the OneNote importer. An attacker can overwrite arbitrary files on disk by supplying a crafted .one file containing specially crafted...
CVE-2026-22810
Joplin is an open source note-taking and to-do application that organises notes and lists into notebooks. Versions prior to 3.5.7 contain a path traversal vulnerability in the importer which allows overwriting arbitrary files on disk. The OneNote converter does not sanitize the names of embedded...
CVE-2026-22810 Joplin: Path traversal in OneNote importer allows overwriting arbitrary files
Joplin is an open source note-taking and to-do application that organises notes and lists into notebooks. Versions prior to 3.5.7 contain a path traversal vulnerability in the importer which allows overwriting arbitrary files on disk. The OneNote converter does not sanitize the names of embedded...
CVE-2026-22810 Joplin: Path traversal in OneNote importer allows overwriting arbitrary files
Joplin is an open source note-taking and to-do application that organises notes and lists into notebooks. Versions prior to 3.5.7 contain a path traversal vulnerability in the importer which allows overwriting arbitrary files on disk. The OneNote converter does not sanitize the names of embedded...
EUVD-2026-30806
Joplin is an open source note-taking and to-do application that organises notes and lists into notebooks. Versions prior to 3.5.7 contain a path traversal vulnerability in the importer which allows overwriting arbitrary files on disk. The OneNote converter does not sanitize the names of embedded...
CVE-2026-22810
Joplin is an open source note-taking and to-do application that organises notes and lists into notebooks. Versions prior to 3.5.7 contain a path traversal vulnerability in the importer which allows overwriting arbitrary files on disk. The OneNote converter does not sanitize the names of embedded...
Joplin 安全漏洞
Joplin is an open-source note-taking and to-do application developed by Laurent Cozic. Versions of Joplin prior to 3.5.7 contained a security vulnerability. This vulnerability stemmed from path traversal vulnerabilities in the importer; the OneNote converter did not clean up embedded file names...
GHSA-GCMJ-C9GG-9VH6 @joplin/onenote-converter: Path traversal in OneNote importer allows overwriting arbitrary files
Summary A path traversal vulnerability in the OneNote importer allows overwriting arbitrary files on disk. Details The OneNote converter does not sanitize the names of embedded files before writing them to disk. As a result, it's possible for an attacker to create a malicious .one file that...
PT-2026-41386
Name of the Vulnerable Software and Affected Versions Joplin versions prior to 3.5.7 Description A path traversal issue exists in the OneNote importer. The OneNote converter fails to sanitize the names of embedded files before writing them to disk. An attacker can create a malicious .one file...
Microsoft多款产品 安全漏洞
Microsoft Excel is a product of the American company Microsoft. Microsoft Excel is a spreadsheet processing software within the Office suite. Microsoft Edge is a web browser that comes with systems running Windows 10 and later versions. Microsoft Word is a word processing software within the Offi...
EUVD-2025-10117
Malicious code in bioql PyPI...
EUVD-2024-19096
Malicious code in bioql PyPI...
EUVD-2022-47625
Malicious code in bioql PyPI...
EUVD-2023-37326
Malicious code in bioql PyPI...
EUVD-2023-25888
Malicious code in bioql PyPI...
EUVD-2025-2462
Malicious code in bioql PyPI...