CVE-2026-41572

Note Mark is an open-source note-taking application. Prior to version 0.19.3, after a note-mark owner soft-deletes a public book, its notes and uploaded assets stay readable at /api/notes/id, /api/notes/id/content, the slug URL, and the asset endpoints. Unauthenticated callers who hold the note I...

CVE-2026-41572 Note Mark: Unauthenticated read of notes and assets in soft-deleted public books

Note Mark is an open-source note-taking application. Prior to version 0.19.3, after a note-mark owner soft-deletes a public book, its notes and uploaded assets stay readable at /api/notes/id, /api/notes/id/content, the slug URL, and the asset endpoints. Unauthenticated callers who hold the note I...

PT-2026-36891

Name of the Vulnerable Software and Affected Versions Note Mark versions prior to 0.19.3 Description An issue exists where notes and uploaded assets remain accessible after a public book is soft-deleted. Unauthenticated users with the note ID or slug path can access data via the endpoints...

CVE-2019-15562

GORM before 1.9.10 allows SQL injection via incomplete parentheses. NOTE: Misusing Gorm by passing untrusted user input where Gorm expects trusted SQL fragments is a vulnerability in the application, not in Gorm...

Exploit for SQL Injection in Layer5 Meshery

Vulnerability Report CVE-2021-31856: a sql injection in Mesh...

SQL Injection

GORM is vulnerable to sql injection attacks. The attacks are possible because the library does not properly check for incomplete parentheses, allowing remote attackers to inject and execute arbitrary SQL...

GORM SQL Injection Vulnerability

GORM is a Golang ORM library. A SQL injection vulnerability exists in GORM versions prior to 1.9.10. The vulnerability can be exploited by an attacker to conduct a SQL injection attack via incomplete parentheses...

CVE-2019-15562

GORM before 1.9.10 allows SQL injection via incomplete parentheses. NOTE: Misusing Gorm by passing untrusted user input where Gorm expects trusted SQL fragments is a vulnerability in the application, not in Gorm...

CVE-2019-15562

GORM before 1.9.10 allows SQL injection via incomplete parentheses. NOTE: Misusing Gorm by passing untrusted user input where Gorm expects trusted SQL fragments is a vulnerability in the application, not in Gorm...

Sql injection

DISPUTED GORM before 1.9.10 allows SQL injection via incomplete parentheses. NOTE: Misusing Gorm by passing untrusted user input where Gorm expects trusted SQL fragments is a vulnerability in the application, not in Gorm...

CVE-2019-15562

GORM before 1.9.10 allows SQL injection via incomplete parentheses. NOTE: Misusing Gorm by passing untrusted user input where Gorm expects trusted SQL fragments is a vulnerability in the application, not in Gorm...

CVE-2019-15562

CVE-2019-15562 affects GORM (Go ORM) prior to 1.9.10, where SQL injection can occur via incomplete parentheses. Public sources consistently describe a vulnerability in how untrusted input is integrated into SQL fragments (the issue is in the application behavior, not GORM itself). In Red Hat, CNV...