CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

EUVD•added 2026/05/20 7:5 p.m.•8 views

EUVD-2026-31156

CVE•added 2026/05/20 7:5 p.m.•11 views

CVE-2026-39310

Trilium Notes Desktop (Electron) prior to 0.102.2 suffers an authentication bypass in the Clipper API. In versions 0.102.1 and earlier (Desktop v0.101.3), Trilium disables authentication middleware for the Clipper API when running in Electron, exposing endpoints such as /api/clipper/notes to the ...

Cvelist•added 2026/05/20 7:5 p.m.•30 views

CVE-2026-39310 Trilium Notes: Authentication Bypass in Clipper API for Electron (Desktop) Builds

8.6CVSS0.00391EPSS

Vulnrichment•added 2026/05/20 7:5 p.m.•5 views

CVE-2026-39310 Trilium Notes: Authentication Bypass in Clipper API for Electron (Desktop) Builds

ATTACKERKB•added 2026/05/20 7:5 p.m.•5 views

CVE-2026-39310

Exploits0References3Affected Software1

CNNVD•added 2026/05/20 12:0 a.m.•6 views

Trilium Notes 访问控制错误漏洞

Trilium Notes is a hierarchical note application developed by Zadam’s individual developer. It focuses on building large personal knowledge bases. Versions of Trilium Notes prior to 0.102.1 contained an access control vulnerability. This vulnerability stemmed from the Clipper API completely...

Positive Technologies•added 2026/05/20 12:0 a.m.•9 views

Exploits0References1

PT-2026-42224

The Hacker News•added 2026/04/09 12:57 p.m.•10 views

Exploits0References3

ThreatsDay Bulletin: Hybrid P2P Botnet, 13-Year-Old Apache RCE and 18 More Stories

Thursday. Another week, another batch of things that probably should've been caught sooner but weren't. This one's got some range — old vulnerabilities getting new life, a few "why was that even possible" moments, attackers leaning on platforms and tools you'd normally trust without thinking twic...

8.8CVSS7.5AI score0.9631EPSS

Exploits14

Securelist•added 2026/04/01 6:0 a.m.•4 views

A laughing RAT: CrystalX combines spyware, stealer, and prankware features

Introduction In March 2026, we discovered an active campaign promoting previously unknown malware in private Telegram chats. The Trojan was offered as a MaaS malware‑as‑a‑service with three subscription tiers. It caught our attention because of its extensive arsenal of capabilities. On the panel...

6.2AI score

Exploits0

RedhatCVE•added 2026/03/28 11:9 p.m.•6 views

CVE-2026-33976

Notesnook is a note-taking app. Prior to version 3.3.11 on Web/Desktop and 3.3.17 on Android/iOS, a stored XSS in the Web Clipper rendering flow can be escalated to remote code execution in the desktop app. The root cause is that the clipper preserves attacker-controlled attributes from the sourc...

NVD•added 2026/03/27 10:16 p.m.•4 views

CVE-2026-33976

9.6CVSS0.00706EPSS

Cvelist•added 2026/03/27 9:26 p.m.•20 views

CVE-2026-33976 Notesnook vulnerable to RCE via stored XSS in Web Clipper rendering

9.6CVSS0.00706EPSS

EUVD•added 2026/03/27 9:26 p.m.•2 views

EUVD-2026-16874

CVE•added 2026/03/27 9:26 p.m.•17 views

CVE-2026-33976

Notesnook stores attacker-controlled attributes from a source page into web-clip HTML during Web Clipper rendering. When a clip is later opened, Notesnook renders this HTML in a same-origin, unsandboxed iframe via contentDocument.write, allowing event-handler attributes (onload, onclick, onmouseo...

Exploits1References1Affected Software2

ATTACKERKB•added 2026/03/27 9:26 p.m.•4 views

CVE-2026-33976

Exploits1References2Affected Software2

Vulnrichment•added 2026/03/27 9:26 p.m.•6 views

CVE-2026-33976 Notesnook vulnerable to RCE via stored XSS in Web Clipper rendering