305 matches found
Joplin 3.3.3 Server - Privilege Escalation
Joplin is a free, open source note taking and to-do application, which can handle a large number of notes organised into notebooks. Prior to version 3.3.3, a privilege escalation vulnerability exists in the Joplin server, allowing non-admin users to exploit the API endpoint PATCH /api/users/-id t...
Joplin Plugin Persistence
This module installs a malicious Joplin plugin .jpl into the target's Joplin plugin directory. The plugin executes the payload each time Joplin is launched, providing persistent code execution. Joplin can not be running at the time of plugin installation, or it will be overwriten at shutdown. The...
CVE-2025-57798
Joplin is an open source note-taking and to-do application that organises notes and lists into notebooks. Versions 3.6.14 and prior contain a Denial of Service DoS vulnerability in the title input functionality due to a lack of proper length validation. This flaw allows an attacker to cause an Ou...
CVE-2026-34600
Joplin is an open source note-taking and to-do application that organises notes and lists into notebooks. Versions 3.5.2 and prior contain a logic error in the delta API that allows share recipients to download notes that are no longer shared with them, related to but not fully fixed by the prior...
CVE-2026-22810
Joplin is an open source note-taking and to-do application that organises notes and lists into notebooks. Versions prior to 3.5.7 contain a path traversal vulnerability in the importer which allows overwriting arbitrary files on disk. The OneNote converter does not sanitize the names of embedded...
@joplin/plugin-repo-cli (>=2.2.3 <=3.6.3), @joplin/tools (>=2.2.3 <=3.6.3) +3 more potentially affected by CVE-2025-57798 via @joplin/lib (>=2.10.2 <=3.6.3)
@joplin/lib NPM version =2.10.2, =2.2.3, =2.2.3, =1.6.3, =2.0.0, =0.5.2, =0.17.1 Source cves: CVE-2025-57798 Source advisory: SNYK:JS-JOPLINLIB-16771369...
Allocation of Resources Without Limits or Throttling
Overview @joplin/lib is a joplin core library. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the title input. An attacker can cause the application to consume excessive memory and terminate unexpectedly by submitting an extremely long...
CVE-2026-34600
Joplin is an open source note-taking and to-do application that organises notes and lists into notebooks. Versions 3.5.2 and prior contain a logic error in the delta API that allows share recipients to download notes that are no longer shared with them, related to but not fully fixed by the prior...
CVE-2026-34600 Joplin Server delta API returns note content after share access is revoked
Joplin is an open source note-taking and to-do application that organises notes and lists into notebooks. Versions 3.5.2 and prior contain a logic error in the delta API that allows share recipients to download notes that are no longer shared with them, related to but not fully fixed by the prior...
CVE-2026-34600
CVE-2026-34600 affects Joplin (note-taking app). Versions
CVE-2026-34600
Joplin is an open source note-taking and to-do application that organises notes and lists into notebooks. Versions 3.5.2 and prior contain a logic error in the delta API that allows share recipients to download notes that are no longer shared with them, related to but not fully fixed by the prior...
CVE-2026-34600 Joplin Server delta API returns note content after share access is revoked
Joplin is an open source note-taking and to-do application that organises notes and lists into notebooks. Versions 3.5.2 and prior contain a logic error in the delta API that allows share recipients to download notes that are no longer shared with them, related to but not fully fixed by the prior...
CVE-2025-57798
Joplin is an open source note-taking and to-do application that organises notes and lists into notebooks. Versions 3.6.14 and prior contain a Denial of Service DoS vulnerability in the title input functionality due to a lack of proper length validation. This flaw allows an attacker to cause an Ou...
CVE-2025-57798
CVE-2025-57798 affects Joplin
CVE-2025-57798
Joplin is an open source note-taking and to-do application that organises notes and lists into notebooks. Versions 3.6.14 and prior contain a Denial of Service DoS vulnerability in the title input functionality due to a lack of proper length validation. This flaw allows an attacker to cause an Ou...
PT-2026-42012
Name of the Vulnerable Software and Affected Versions Joplin versions prior to 3.7.1 Description A Denial of Service DoS flaw exists in the title input functionality due to missing length validation. An attacker can trigger an Out Of Memory OOM error, leading to program termination, by inserting ...
Joplin 信息泄露漏洞
Joplin is an open-source note-taking and to-do application developed by Laurent Cozic. Joplin versions 3.5.2 and earlier contained a vulnerability that led to information leakage. This vulnerability originated from a logical error in the delta API, allowing recipients of shared notes to download...
Joplin 安全漏洞
Joplin is an open-source note-taking and to-do application developed by Laurent Cozic. Joplin versions 3.6.14 and earlier contained a security vulnerability. This vulnerability stemmed from insufficient length validation in the title input function, allowing attackers to exploit it by inserting...
CVE-2026-22810
Joplin is an open source note-taking and to-do application that organises notes and lists into notebooks. Versions prior to 3.5.7 contain a path traversal vulnerability in the importer which allows overwriting arbitrary files on disk. The OneNote converter does not sanitize the names of embedded...
CVE-2026-22810 Joplin: Path traversal in OneNote importer allows overwriting arbitrary files
Joplin is an open source note-taking and to-do application that organises notes and lists into notebooks. Versions prior to 3.5.7 contain a path traversal vulnerability in the importer which allows overwriting arbitrary files on disk. The OneNote converter does not sanitize the names of embedded...