14 matches found
CVE-2023-31874
Yank Note YN 3.52.1 allows execution of arbitrary code when a crafted file is opened, e.g., via nodeRequire'childprocess'...
EUVD-2023-36164
Malicious code in bioql PyPI...
CVE-2023-31874
Yank Note YN 3.52.1 allows execution of arbitrary code when a crafted file is opened, e.g., via nodeRequire'childprocess'...
CVE-2023-31874
Yank Note YN 3.52.1 allows execution of arbitrary code when a crafted file is opened, e.g., via nodeRequire'childprocess'...
CVE-2023-31874
Yank Note YN 3.52.1 allows execution of arbitrary code when a crafted file is opened, e.g., via nodeRequire'childprocess'...
Code injection
Yank Note YN 3.52.1 allows execution of arbitrary code when a crafted file is opened, e.g., via nodeRequire'childprocess'...
CVE-2023-31874
Yank Note YN 3.52.1 allows execution of arbitrary code when a crafted file is opened, e.g., via nodeRequire'childprocess'...
CVE-2023-31874
Yank Note YN 3.52.1 allows execution of arbitrary code when a crafted file is opened, e.g., via nodeRequire'childprocess'...
PT-2023-23501 · Yank Note · Yank Note
Name of the Vulnerable Software and Affected Versions: Yank Note YN version 3.52.1 Description: The issue allows for the execution of arbitrary code when a crafted file is opened. This can be achieved, for example, via nodeRequire'child process'. Recommendations: For Yank Note YN version 3.52.1,...
CVE-2023-31874
CVE-2023-31874 affects Yank Note (YN) v3.52.1. The vulnerability allows execution of arbitrary code when opening a crafted file, driven by the app’s use of nodeRequire('child_process') in an Electron-based environment. Reported exploits/PoCs exist (e.g., PacketStorm/Exploit-DB materials), confirm...
Yank Note 3.52.1 Arbitrary Code Execution
Exploit Title: Yank Note v3.52.1 Electron - Arbitrary Code Execution Date: 2023-04-27 Exploit Author: 8bitsec CVE: CVE-2023-31874 Vendor Homepage: yank-note.com Software Link: https://github.com/purocean/yn Version: 3.52.1 Tested on: Ubuntu 22.04 | Mac OS 13 Release Date: 2023-04-27 Product &...
Yank Note 安全漏洞
Yank Note is a highly extensible Markdown editor by purocean individual developers in China. A security vulnerability exists in Yank Note v3.52.1, which allows users to execute arbitrary code by opening a specially crafted file...
Yank Note v3.52.1 (Electron) - Arbitrary Code Execution Vulnerability
Exploit Title: Yank Note v3.52.1 Electron - Arbitrary Code Execution Exploit Author: 8bitsec CVE: CVE-2023-31874 Vendor Homepage: yank-note.com Software Link: https://github.com/purocean/yn Version: 3.52.1 Tested on: Ubuntu 22.04 | Mac OS 13 Release Date: 2023-04-27 Product & Service Introduction...
Yank Note v3.52.1 (Electron) - Arbitrary Code Execution
Exploit Title: Yank Note v3.52.1 Electron - Arbitrary Code Execution Date: 2023-04-27 Exploit Author: 8bitsec CVE: CVE-2023-31874 Vendor Homepage: yank-note.com Software Link: https://github.com/purocean/yn Version: 3.52.1 Tested on: Ubuntu 22.04 | Mac OS 13 Release Date: 2023-04-27 Product &...