Lucene search
K

69 matches found

NVD
NVD
added 2026/03/23 9:17 p.m.5 views

CVE-2026-23481

Blinko is an AI-powered card note-taking project. Prior to version 1.8.4, there is an authenticated arbitrary file write vulnerability in saveAdditionalDevFile. This issue has been patched in version 1.8.4...

6.5CVSS0.00375EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-52828

Malicious code in bioql PyPI...

5.5CVSS6.5AI score0.00313EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2024-50521

Malicious code in bioql PyPI...

8.8CVSS6.5AI score0.00749EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-4077

Malicious code in bioql PyPI...

7.8CVSS6.5AI score0.00438EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.8 views

EUVD-2025-30836

Malicious code in bioql PyPI...

5.5CVSS6.6AI score0.00159EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.15 views

EUVD-2024-2620

Malicious code in bioql PyPI...

8.1CVSS6.3AI score0.00607EPSS
Exploits1References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2023-43653

Malicious code in bioql PyPI...

6.1CVSS6.2AI score0.0048EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.2 views

EUVD-2024-38554

Malicious code in bioql PyPI...

9.6CVSS6.6AI score0.00748EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2025/05/23 7:13 a.m.9 views

CVE-2024-53268

Joplin is an open source, privacy-focused note taking app with sync capabilities for Windows, macOS, Linux, Android and iOS. In affected versions attackers are able to abuse the fact that openExternal is used without any filtering of URI schemes to obtain remote code execution in Windows...

8.8CVSS7.7AI score0.00749EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/02/09 10:29 p.m.8 views

CVE-2024-55630

Joplin is a free, open source note taking and to-do application, which can handle a large number of notes organised into notebooks. Joplin's HTML sanitizer allows the name attribute to be specified. If name is set to the same value as an existing document property e.g. querySelector, that propert...

5.5CVSS6.5AI score0.00313EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/02/07 10:38 p.m.13 views

CVE-2025-25187 Cross-site Scripting in Goto Anything allows arbitrary code execution in Joplin

Joplin is a free, open source note taking and to-do application, which can handle a large number of notes organised into notebooks. This vulnerability is caused by adding note titles to the document using React's dangerouslySetInnerHTML, without first escaping HTML entities. Joplin lacks a...

7.8CVSS7.8AI score0.00438EPSS
Exploits1References4
NVD
NVD
added 2024/11/25 8:15 p.m.20 views

CVE-2024-53268

Joplin is an open source, privacy-focused note taking app with sync capabilities for Windows, macOS, Linux, Android and iOS. In affected versions attackers are able to abuse the fact that openExternal is used without any filtering of URI schemes to obtain remote code execution in Windows...

8.8CVSS0.00749EPSS
Exploits1References1
CVE
CVE
added 2024/11/25 7:22 p.m.63 views

CVE-2024-53268

CVE-2024-53268 affects Joplin where openExternal is used without URI scheme filtering, enabling remote code execution on Windows environments. Affected versions exposed via this weakness; remediation is to upgrade to Joplin 3.0.3 or later. Some connected sources indicate a proof-of-concept exists...

8.8CVSS7.3AI score0.00749EPSS
Exploits1References1Affected Software1
NVD
NVD
added 2024/09/09 3:15 p.m.24 views

CVE-2024-40643

Joplin is a free, open source note taking and to-do application. Joplin fails to take into account that "" followed by a non letter character will not be considered html. As such it is possible to do an XSS by putting an "illegal" tag within a tag...

9.6CVSS0.00748EPSS
Exploits1References2
OSV
OSV
added 2024/09/09 2:28 p.m.15 views

CVE-2024-40643 Joplin has a parsing error leading to Cross-site Scripting (XSS)

Joplin is a free, open source note taking and to-do application. Joplin fails to take into account that "" followed by a non letter character will not be considered html. As such it is possible to do an XSS by putting an "illegal" tag within a tag...

9.6CVSS6.3AI score0.00748EPSS
Exploits1References4
CVE
CVE
added 2024/09/09 2:28 p.m.58 views

CVE-2024-40643

Summary: CVE-2024-40643 affects Joplin via a parsing error that fails to properly handle “

9.6CVSS9.1AI score0.00748EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2024/08/20 7:54 p.m.27 views

CVE-2024-41659 GHSL-2024-034: memos CORS Misconfiguration in server.go

memos is a privacy-first, lightweight note-taking service. A CORS misconfiguration exists in memos 0.20.1 and earlier where an arbitrary origin is reflected with Access-Control-Allow-Credentials set to true. This may allow an attacking website to make a cross-origin request, allowing the attacker...

8.1CVSS6.3AI score0.00607EPSS
Exploits1References5
Cvelist
Cvelist
added 2024/08/20 7:54 p.m.64 views

CVE-2024-41659 GHSL-2024-034: memos CORS Misconfiguration in server.go

memos is a privacy-first, lightweight note-taking service. A CORS misconfiguration exists in memos 0.20.1 and earlier where an arbitrary origin is reflected with Access-Control-Allow-Credentials set to true. This may allow an attacking website to make a cross-origin request, allowing the attacker...

8.1CVSS0.00607EPSS
Exploits1References3
Talos
Talos
added 2024/08/19 12:0 a.m.26 views

Microsoft OneNote for macOS library injection vulnerability

Talos Vulnerability Report TALOS-2024-1975 Microsoft OneNote for macOS library injection vulnerability August 19, 2024 CVE Number CVE-2024-41159 SUMMARY A library injection vulnerability exists in Microsoft OneNote 16.83 for macOS. A specially crafted library can leverage OneNote’s access...

7.1CVSS6.7AI score0.00818EPSS
Exploits1
Github Security Blog
Github Security Blog
added 2024/08/05 9:29 p.m.16 views

memos vulnerable to Server-Side Request Forgery and Cross-site Scripting

memos is a privacy-first, lightweight note-taking service. In memos 0.13.2, an SSRF vulnerability exists at the /o/get/image that allows unauthenticated users to enumerate the internal network and retrieve images. The response from the image request is then copied into the response of the current...

6.1CVSS5.9AI score0.0108EPSS
Exploits1References5Affected Software1
Rows per page
Query Builder