Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

RedhatCVE
RedhatCVEadded 2025/05/23 3:28 a.m.5 views

CVE-2023-37298

Joplin before 2.11.5 allows XSS via a USE element in an SVG document...

6.1CVSS5.7AI score0.00352EPSS
Exploits0References1
Positive Technologies
Positive Technologiesadded 2025/04/30 12:0 a.m.2 views

PT-2025-18288 · Joplin · Joplin

Name of the Vulnerable Software and Affected Versions: Joplin versions prior to 3.3.3 Description: A privilege escalation vulnerability exists in the Joplin server, allowing non-admin users to exploit the API endpoint PATCH /api/users/:id to set the is admin field to 1. This issue allows maliciou...

8.8CVSS6.4AI score0.13424EPSS
Exploits1References11
RedhatCVE
RedhatCVEadded 2025/02/09 10:29 p.m.3 views

CVE-2025-24028

Joplin is a free, open source note taking and to-do application, which can handle a large number of notes organised into notebooks. This vulnerability is caused by differences between how Joplin's HTML sanitizer handles comments and how the browser handles comments. This affects both the Rich Tex...

9.6CVSS5.8AI score0.00342EPSS
Exploits1References1
Positive Technologies
Positive Technologiesadded 2024/11/25 12:0 a.m.1 views

PT-2024-35703 · Joplin · Joplin

Name of the Vulnerable Software and Affected Versions: Joplin versions prior to 3.0.3 Description: The issue allows attackers to abuse the lack of filtering of URI schemes in the openExternal function to obtain remote code execution in Windows environments. There are no known workarounds for this...

8.8CVSS7.2AI score0.03029EPSS
Exploits1References6
OSV
OSVadded 2024/06/21 7:43 p.m.6 views

CVE-2023-38506 Cross-site Scripting (XSS) when pasting HTML into the rich text editor in Joplin

Joplin is a free, open source note taking and to-do application. A Cross-site Scripting XSS vulnerability allows pasting untrusted data into the rich text editor to execute arbitrary code. HTML pasted into the rich text editor is not sanitized or not sanitized properly. As such, the onload...

8.2CVSS6.5AI score0.00468EPSS
Exploits1References3
Positive Technologies
Positive Technologiesadded 2024/06/21 12:0 a.m.2 views

PT-2024-13269 · Joplin · Joplin

Name of the Vulnerable Software and Affected Versions: Joplin versions prior to 2.13.3 Description: A remote code execution issue in Joplin allows arbitrary shell commands to be executed when a user clicks on a link in a PDF within an untrusted note. This occurs because Joplin desktop has not...

9CVSS7.5AI score0.02962EPSS
Exploits1References6
Github Security Blog
Github Security Blogadded 2022/05/24 7:9 p.m.19 views

Joplin vulnerable to Cross-site Scripting in notes

Joplin before 2.0.9 allows Cross-site Scripting via button and form in the note body...

6.1CVSS6.5AI score0.00358EPSS
Exploits0References4Affected Software1
OSV
OSVadded 2020/10/13 5:29 p.m.18 views

GHSA-6R7X-HC8M-985R Cross-site Scripting in Joplin

Joplin through 1.0.184 allows Arbitrary File Read via Cross-site Scripting XSS...

5.4CVSS5.4AI score0.01362EPSS
Exploits5References5
Rows per page
Query Builder