CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

EUVD•added 2026/05/20 7:5 p.m.•5 views

EUVD-2026-31156

Cvelist•added 2026/05/20 7:5 p.m.•25 views

CVE-2026-39310 Trilium Notes: Authentication Bypass in Clipper API for Electron (Desktop) Builds

8.6CVSS0.00072EPSS

Vulnrichment•added 2026/05/20 7:5 p.m.•3 views

CVE-2026-39310 Trilium Notes: Authentication Bypass in Clipper API for Electron (Desktop) Builds

ATTACKERKB•added 2026/05/20 7:5 p.m.•3 views

CVE-2026-39310

Exploits0References3Affected Software1

CVE•added 2026/05/20 7:5 p.m.•6 views

CVE-2026-39310

Trilium Notes Desktop (Electron) prior to 0.102.2 suffers an authentication bypass in the Clipper API. In versions 0.102.1 and earlier (Desktop v0.101.3), Trilium disables authentication middleware for the Clipper API when running in Electron, exposing endpoints such as /api/clipper/notes to the ...

Positive Technologies•added 2026/05/20 12:0 a.m.•7 views

PT-2026-42224

CNNVD•added 2026/05/20 12:0 a.m.•3 views

Exploits0References3

Trilium Notes 访问控制错误漏洞

Trilium Notes is a hierarchical note application developed by Zadam’s individual developer. It focuses on building large personal knowledge bases. Versions of Trilium Notes prior to 0.102.1 contained an access control vulnerability. This vulnerability stemmed from the Clipper API completely...

The Hacker News•added 2026/04/09 12:57 p.m.•7 views

Exploits0References1

ThreatsDay Bulletin: Hybrid P2P Botnet, 13-Year-Old Apache RCE and 18 More Stories

Thursday. Another week, another batch of things that probably should've been caught sooner but weren't. This one's got some range — old vulnerabilities getting new life, a few "why was that even possible" moments, attackers leaning on platforms and tools you'd normally trust without thinking twic...

8.8CVSS7.5AI score0.93EPSS

Exploits13

Securelist•added 2026/04/01 6:0 a.m.•1 views

A laughing RAT: CrystalX combines spyware, stealer, and prankware features

Introduction In March 2026, we discovered an active campaign promoting previously unknown malware in private Telegram chats. The Trojan was offered as a MaaS malware‑as‑a‑service with three subscription tiers. It caught our attention because of its extensive arsenal of capabilities. On the panel...

6.2AI score

Exploits0

RedhatCVE•added 2026/03/28 11:9 p.m.•3 views

CVE-2026-33976

Notesnook is a note-taking app. Prior to version 3.3.11 on Web/Desktop and 3.3.17 on Android/iOS, a stored XSS in the Web Clipper rendering flow can be escalated to remote code execution in the desktop app. The root cause is that the clipper preserves attacker-controlled attributes from the sourc...

NVD•added 2026/03/27 10:16 p.m.•1 views

CVE-2026-33976

9.6CVSS0.00074EPSS

EUVD•added 2026/03/27 9:26 p.m.•1 views

EUVD-2026-16874

Cvelist•added 2026/03/27 9:26 p.m.•18 views

CVE-2026-33976 Notesnook vulnerable to RCE via stored XSS in Web Clipper rendering

9.6CVSS0.00074EPSS

CVE•added 2026/03/27 9:26 p.m.•9 views

CVE-2026-33976

Notesnook stores attacker-controlled attributes from a source page into web-clip HTML during Web Clipper rendering. When a clip is later opened, Notesnook renders this HTML in a same-origin, unsandboxed iframe via contentDocument.write, allowing event-handler attributes (onload, onclick, onmouseo...

Exploits1References1Affected Software2

OSV•added 2026/03/27 9:26 p.m.•1 views

CVE-2026-33976 Notesnook vulnerable to RCE via stored XSS in Web Clipper rendering

Vulnrichment•added 2026/03/27 9:26 p.m.•1 views

Exploits1References3

CVE-2026-33976 Notesnook vulnerable to RCE via stored XSS in Web Clipper rendering

ATTACKERKB•added 2026/03/27 9:26 p.m.•1 views

CVE-2026-33976

Exploits1References2Affected Software2

CNNVD•added 2026/03/27 12:0 a.m.•2 views

Notesnook 代码注入漏洞

Notesnook is an end-to-end encrypted note application developed by Streetwriters. There were code injection vulnerabilities in versions of Notesnook Web/Desktop prior to 3.3.11, as well as in versions for Android/iOS prior to 3.3.17. These vulnerabilities stemmed from a stored-xss vulnerability...