CVE-2026-34600

CVE-2026-34600 affects Joplin (note-taking app). Versions

CVE-2026-34600 Joplin Server delta API returns note content after share access is revoked

Joplin is an open source note-taking and to-do application that organises notes and lists into notebooks. Versions 3.5.2 and prior contain a logic error in the delta API that allows share recipients to download notes that are no longer shared with them, related to but not fully fixed by the prior...

CVE-2026-34600 Joplin Server delta API returns note content after share access is revoked

Joplin is an open source note-taking and to-do application that organises notes and lists into notebooks. Versions 3.5.2 and prior contain a logic error in the delta API that allows share recipients to download notes that are no longer shared with them, related to but not fully fixed by the prior...

EUVD-2017-16113

Malware in sbrugna...

EUVD-2022-4507

Malicious code in bioql PyPI...

CVE-2023-5791

A vulnerability, which was classified as problematic, was found in SourceCodester Sticky Notes App 1.0. This affects an unknown part of the file endpoint/add-note.php. The manipulation of the argument noteTitle/noteContent leads to cross site scripting. It is possible to initiate the attack...

SourceCodester Sticky Notes Cross-Site Scripting Vulnerability

SourceCodester Sticky Notes is a sticky notes application. A security vulnerability exists in SourceCodester Sticky Notes version 1.0, which stems from a cross-site scripting XSS vulnerability in the parameters noteTitle/noteContent in the file endpoint/add-note.php...

CVE-2023-4864

A vulnerability, which was classified as problematic, was found in SourceCodester Take-Note App 1.0. This affects an unknown part of the file index.php. The manipulation of the argument noteContent with the input alert'xss' leads to cross site scripting. It is possible to initiate the attack...

Joplin Vulnerable to Cross-site Scripting in Note Content

Joplin version prior to 1.0.90 contains a Cross-site Scripting XSS evolving into code execution due to enabled nodeIntegration for that particular BrowserWindow instance where XSS was identified from vulnerability in Note content field - information on the fix can be found here...

CVE-2018-19609

ShowDoc 2.4.1 allows remote attackers to obtain sensitive information by navigating with a modified pageid, as demonstrated by reading note content, or discovering a username in the JSON data at a diff URL...

Joplin Cross-Site Scripting Vulnerability

Joplin is an open source document note-taking application based on the Markdown format. The program supports copying, marking and modification of text and so on. A cross-site scripting vulnerability exists in the Note content field in versions of Joplin prior to 1.0.90. A remote attacker can...

CVE-2018-1000534

Joplin version prior to 1.0.90 contains a XSS evolving into code execution due to enabled nodeIntegration for that particular BrowserWindow instance where XSS was identified from vulnerability in Note content field - information on the fix can be found here...

Code injection

An issue was discovered in certain Apple products. iOS before 11 is affected. The issue involves the "Notes" component. It allows local users to obtain sensitive information by reading search results that contain locked-note content...

(spacewalk-java): XSS in system.addNote XML-RPC call due improper sanitization of note's subject and content

Multiple cross-site scripting XSS vulnerabilities in systems/sdc/notes.jsp in Spacewalk and Red Hat Network RHN Satellite 5.6 allow remote attackers to inject arbitrary web script or HTML via the 1 subject or 2 content values of a note in a system.addNote XML-RPC call...