CVE-2025-25187 Cross-site Scripting in Goto Anything allows arbitrary code execution in Joplin

Joplin is a free, open source note taking and to-do application, which can handle a large number of notes organised into notebooks. This vulnerability is caused by adding note titles to the document using React's dangerouslySetInnerHTML, without first escaping HTML entities. Joplin lacks a...

MAL-2024-8867 Malicious code in node-integration-test (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 23d6de79c4bf861e69bfe8d180b460e32004ab2e37565da361ba8874d29c6a71 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in node-integration-test (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 23d6de79c4bf861e69bfe8d180b460e32004ab2e37565da361ba8874d29c6a71 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Exploit for Cross-site Scripting in Goanother Another_Redis_Desktop_Manager

Another Redis Desktop Manager PoC A Proof-Of-Concept for CVE-2...

PT-2024-24179 · Mintplex · Mintplex-Labs/Anything-Llm

Name of the Vulnerable Software and Affected Versions: mintplex-labs/anything-llm versions 1.2.0 through 1.4.1 mintplex-labs/anything-llm web application affected versions not specified Description: A Cross-Site Scripting XSS vulnerability exists in the application, affecting both the desktop and...

PT-2022-26038 · Unknown · Markdownify

Name of the Vulnerable Software and Affected Versions: Markdownify version 1.4.1 Description: The issue allows an external attacker to execute arbitrary code remotely on any client attempting to view a malicious markdown file through Markdownify. This is possible because the application has the...

Exploit for CVE-2022-30507

Description remote code execution RCE by executing javascr...

Exploit for CVE-2022-30507

Description remote code execution RCE by executing javascr...

MAL-2022-6221 Malicious code in sovryn-node-integration-tests (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a0d8a316d21d24dc79e10223d3c0b2e58efb32ba31dc62b9d09efedcc39a14d3 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2022-25224

Proton v0.2.0 allows an attacker to create a malicious link inside a markdown file. When the victim clicks the link, the application opens the site in the current frame allowing an attacker to host JavaScript code in the malicious link in order to trigger an XSS attack. The 'nodeIntegration'...

GHSA-7FV9-M79R-J9X8 Electron vulnerable to remote command execution

Electron before 1.6.8 allows remote command execution because of a nodeIntegration bypass vulnerability. This also affects all applications that bundle Electron code equivalent to 1.6.8 or earlier. Bypassing the Same Origin Policy SOP is a precondition; however, recent Electron versions do not ha...

GHSA-JR64-PGGR-J8XJ Shiba vulnerable to XSS leading to code execution

Shiba markdown live preview app version 1.1.0 is vulnerable to XSS which leads to code execution due to enabled node integration...

Shiba vulnerable to XSS leading to code execution

Shiba markdown live preview app version 1.1.0 is vulnerable to XSS which leads to code execution due to enabled node integration...

Zonetti Zonote 跨站脚本漏洞

Zonetti Zonote is Zonetti individual developers of a Javascript-based language development for the provision of Markdown format note-taking capabilities . A cross-site scripting vulnerability exists in zonote version 0.4.0 and prior versions, which allows remote code execution as the node...

CVE-2020-26157

Leanote Desktop through 2.6.2 allows XSS because a note's title is mishandled during syncing. This leads to remote code execution because of Node integration...

CVE-2020-26158

Leanote Desktop through 2.6.2 allows XSS because a note's title is mishandled when the batch feature is triggered. This leads to remote code execution because of Node integration...

CVE-2020-26157

Leanote Desktop through 2.6.2 allows XSS because a note's title is mishandled during syncing. This leads to remote code execution because of Node integration...

CVE-2020-26158

Leanote Desktop through 2.6.2 allows XSS because a note's title is mishandled when the batch feature is triggered. This leads to remote code execution because of Node integration...

Design/Logic Flaw

Leanote Desktop through 2.6.2 allows XSS because a note's title is mishandled when the batch feature is triggered. This leads to remote code execution because of Node integration...

Design/Logic Flaw

Leanote Desktop through 2.6.2 allows XSS because a note's title is mishandled during syncing. This leads to remote code execution because of Node integration...