Lucene search
+L

30 matches found

euvd
euvd
added 2025/10/03 8:7 p.m.6 views

EUVD-2022-38030

Malicious code in bioql PyPI...

6.1CVSS6.2AI score0.00421EPSS
Exploits0References2
nessus
nessus
added 2025/08/30 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2022-35133

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A cross-site scripting XSS vulnerability in CherryTree v0.99.30 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into th...

6.1CVSS6.5AI score0.00421EPSS
Exploits0References2
osv
osv
added 2024/06/15 12:0 a.m.2 views

OPENSUSE-SU-2024:12330-1 cherrytree-0.99.49+3-1.1 on GA media

These are all security issues fixed in the cherrytree-0.99.49+3-1.1 package on the GA media of openSUSE Tumbleweed...

6.1CVSS6.4AI score0.00421EPSS
Exploits0References1
openvas
openvas
added 2024/04/05 12:0 a.m.17 views

Mageia: Security Advisory (MGASA-2024-0074)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.1CVSS7.2AI score0.00421EPSS
Exploits0References3
mageia
mageia
added 2024/03/20 3:35 a.m.60 views

Updated cherrytree packages fix security vulnerability

A cross-site scripting XSS vulnerability in CherryTree v0.99.30 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name text field when creating a node. CVE-2022-35133...

6.1CVSS5.8AI score0.00421EPSS
Exploits0References1
osv
osv
added 2024/03/20 3:35 a.m.7 views

MGASA-2024-0074 Updated cherrytree packages fix security vulnerability

A cross-site scripting XSS vulnerability in CherryTree v0.99.30 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name text field when creating a node. CVE-2022-35133...

6.1CVSS5.6AI score0.00421EPSS
Exploits0References2
hivepro
hivepro
added 2024/02/01 6:30 a.m.18 views

CherryTree Impostor Dubbed CherryLoader Makes Its Move

Summary: CherryLoader, a new Go-based downloader, has surfaced in cyber attacks, masquerading as the legitimate CherryTree note-taking app. This sophisticated threat infiltrates compromised hosts, delivering malicious payloads such as privilege escalation tools for exploitation and persistent...

7.5AI score
Exploits0
thn
thn
added 2024/01/25 7:21 a.m.30 views

New CherryLoader Malware Mimics CherryTree to Deploy PrivEsc Exploits

A new Go-based malware loader called CherryLoader has been discovered by threat hunters in the wild to deliver additional payloads onto compromised hosts for follow-on exploitation. Arctic Wolf Labs, which discovered the new attack tool in two recent intrusions, said the loader's icon and name...

7.6AI score
Exploits0
nessus
nessus
added 2022/12/05 12:0 a.m.18 views

openSUSE 15 Security Update : cherrytree (openSUSE-SU-2022:10230-1)

The remote SUSE Linux SUSE15 host has packages installed that are affected by a vulnerability as referenced in the openSUSE-SU-2022:10230-1 advisory. - A cross-site scripting XSS vulnerability in CherryTree v0.99.30 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...

6.1CVSS6AI score0.00421EPSS
Exploits0References4
osv
osv
added 2022/12/04 9:1 a.m.3 views

OPENSUSE-SU-2022:10230-1 Security update for cherrytree

cherrytree was updated to version 0.99.49+3: Legacycanonicalizefilename: manage empty filename, ghgiuspen/cherrytree2118 added command line option '--anchor AnchorName' that in addition to existing '--node NodeName' allows to open a document focusing an anchor in a node. Changed non configurable...

6.1CVSS6.4AI score0.00421EPSS
Exploits0References3
opensuse
opensuse
added 2022/12/04 12:0 a.m.5 views

Security update for cherrytree (moderate)

openSUSE Security Update: Security update for cherrytree Announcement ID: openSUSE-SU-2022:10230-1 Rating: moderate References: 1202513 Cross-References: CVE-2022-35133 CVSS scores: CVE-2022-35133 NVD : 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Affected Products: openSUSE Backports...

6.1CVSS6.6AI score0.00421EPSS
Exploits0References1
attackerkb
attackerkb
added 2022/08/17 9:15 p.m.3 views

CVE-2022-35133

A cross-site scripting XSS vulnerability in CherryTree v0.99.30 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name text field when creating a node...

6.1CVSS6AI score0.00421EPSS
Exploits0References2
nvd
nvd
added 2022/08/17 9:15 p.m.27 views

CVE-2022-35133

A cross-site scripting XSS vulnerability in CherryTree v0.99.30 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name text field when creating a node...

6.1CVSS0.00421EPSS
Exploits0References1
ubuntucve
ubuntucve
added 2022/08/17 9:15 p.m.31 views

CVE-2022-35133

A cross-site scripting XSS vulnerability in CherryTree v0.99.30 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name text field when creating a node...

6.1CVSS6.5AI score0.00421EPSS
Exploits0References2
prion
prion
added 2022/08/17 9:15 p.m.15 views

Cross site scripting

A cross-site scripting XSS vulnerability in CherryTree v0.99.30 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name text field when creating a node...

5.8CVSS5.9AI score0.00421EPSS
Exploits0References1Affected Software1
osv
osv
added 2022/08/17 9:15 p.m.5 views

UBUNTU-CVE-2022-35133

A cross-site scripting XSS vulnerability in CherryTree v0.99.30 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name text field when creating a node...

6.1CVSS6.5AI score0.00421EPSS
Exploits0References3
debiancve
debiancve
added 2022/08/17 8:38 p.m.54 views

CVE-2022-35133

A cross-site scripting XSS vulnerability in CherryTree v0.99.30 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name text field when creating a node...

6.1CVSS5.9AI score0.00421EPSS
Exploits0
osv
osv
added 2022/08/17 8:38 p.m.18 views

CVE-2022-35133

A cross-site scripting XSS vulnerability in CherryTree v0.99.30 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name text field when creating a node...

6.1CVSS5.7AI score0.00421EPSS
Exploits0References3
cve
cve
added 2022/08/17 8:38 p.m.70 views

CVE-2022-35133

CVE-2022-35133 : A cross-site scripting (XSS) vulnerability in CherryTree v0.99.30 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the Name field when creating a node. Public records include multiple advisories indicating a fix in newer releases; OpenSUSE/Mageia...

6.1CVSS5.8AI score0.00421EPSS
Exploits0References1Affected Software1
ptsecurity
ptsecurity
added 2022/08/17 12:0 a.m.2 views

PT-2022-22591 · Unknown · Cherrytree

Name of the Vulnerable Software and Affected Versions: CherryTree version 0.99.30 Description: A cross-site scripting XSS vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name text field when creating a node. Recommendations: For...

6.1CVSS5.9AI score0.00421EPSS
Exploits0References14
Rows per page
Query Builder