CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Joplin is a free, open source note taking and to-do application, which can handle a large number of notes organised into notebooks. This vulnerability is caused by adding note titles to the document using React's dangerouslySetInnerHTML, without first escaping HTML entities. Joplin lacks a...

7.8CVSS7.6AI score0.00593EPSS

Exploits1References6

Positive Technologies•added 2025/02/07 12:0 a.m.•2 views

PT-2025-6012 · React +1 · React +1

Name of the Vulnerable Software and Affected Versions: Joplin versions prior to 3.1.24 Description: This issue is caused by Joplin adding note titles to the document using React's dangerouslySetInnerHTML, without first escaping HTML entities. Joplin lacks a Content-Security-Policy with a...

7.8CVSS7.7AI score0.00593EPSS

Exploits1References9

Huntr•added 2023/03/24 4:23 a.m.•26 views

XSS to RCE found in Trilium

Vulnerability Type Remote Code Execution RCE Authentication Required? No Affected Location - Search Notes Search Ancestor Output - Jump to Note Search Note Output - New Tab Search Notes Output Issue Summary The application contains a vulnerability where HTML characters within the title name of...

6.2AI score

Exploits0References1

Huntr•added 2023/03/23 7:22 a.m.•21 views

Zero-Click Remote Code Execution

Vulnerability Type Remote Code Execution Affected URL http://127.0.0.1/?anyparameter= Affected Parameter Arbitrary GET parameter Authentication Required? No Issue Summary Multiple vulnerabilities discovered in Appium-Desktop that can be chained together to achieve Zero Click Remote Code Execution...

7.5CVSS7.3AI score0.92729EPSS

Exploits2

OSV•added 2022/10/19 7:0 p.m.•17 views

GHSA-C942-MFMP-P4FH Markdownify subject to Remote Code Execution via malicious markdown file

Markdownify version 1.4.1 allows an external attacker to execute arbitrary code remotely on any client attempting to view a malicious markdown file through Markdownify. This is possible because the application has the "nodeIntegration" option enabled. There are currently no patched versions and n...

7.8CVSS7.8AI score0.00077EPSS

Exploits1References3

Github Security Blog•added 2022/10/19 7:0 p.m.•13 views

Markdownify subject to Remote Code Execution via malicious markdown file

7.8CVSS7.9AI score0.00077EPSS

Exploits1References4Affected Software1

OSV•added 2022/10/19 5:15 p.m.•12 views

CVE-2022-41709

7.8CVSS7.9AI score

Exploits0References2

NVD•added 2022/10/19 5:15 p.m.•9 views

CVE-2022-41709

7.8CVSS0.00077EPSS

Exploits1References2

Prion•added 2022/10/19 5:15 p.m.•9 views

Code injection

4.4CVSS7.8AI score0.00077EPSS

Exploits1References2Affected Software1

Positive Technologies•added 2022/10/19 12:0 a.m.•2 views

PT-2022-26038 · Unknown · Markdownify

Name of the Vulnerable Software and Affected Versions: Markdownify version 1.4.1 Description: The issue allows an external attacker to execute arbitrary code remotely on any client attempting to view a malicious markdown file through Markdownify. This is possible because the application has the...

7.8CVSS7.8AI score0.00077EPSS

Exploits1References5

Vulnrichment•added 2022/10/19 12:0 a.m.•3 views

CVE-2022-41709

8AI score0.00077EPSS

Exploits1References2

Cvelist•added 2022/10/19 12:0 a.m.•9 views

CVE-2022-41709

8AI score0.00077EPSS

Exploits1References2

OSV•added 2022/09/30 5:15 p.m.•8 views

CVE-2022-40274

Gridea version 0.9.3 allows an external attacker to execute arbitrary code remotely on any client attempting to view a malicious markdown file through Gridea. This is possible because the application has the 'nodeIntegration' option enabled...

7.8CVSS7.7AI score

Exploits0References2

Prion•added 2022/09/30 5:15 p.m.•9 views

Code injection

4.4CVSS7.9AI score0.0025EPSS

Exploits1References2Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by