69 matches found
CVE-2026-23481
Blinko is an AI-powered card note-taking project. Prior to version 1.8.4, there is an authenticated arbitrary file write vulnerability in saveAdditionalDevFile. This issue has been patched in version 1.8.4...
EUVD-2024-52828
Malicious code in bioql PyPI...
EUVD-2024-50521
Malicious code in bioql PyPI...
EUVD-2025-4077
Malicious code in bioql PyPI...
EUVD-2025-30836
Malicious code in bioql PyPI...
EUVD-2024-2620
Malicious code in bioql PyPI...
EUVD-2023-43653
Malicious code in bioql PyPI...
EUVD-2024-38554
Malicious code in bioql PyPI...
CVE-2024-53268
Joplin is an open source, privacy-focused note taking app with sync capabilities for Windows, macOS, Linux, Android and iOS. In affected versions attackers are able to abuse the fact that openExternal is used without any filtering of URI schemes to obtain remote code execution in Windows...
CVE-2024-55630
Joplin is a free, open source note taking and to-do application, which can handle a large number of notes organised into notebooks. Joplin's HTML sanitizer allows the name attribute to be specified. If name is set to the same value as an existing document property e.g. querySelector, that propert...
CVE-2025-25187 Cross-site Scripting in Goto Anything allows arbitrary code execution in Joplin
Joplin is a free, open source note taking and to-do application, which can handle a large number of notes organised into notebooks. This vulnerability is caused by adding note titles to the document using React's dangerouslySetInnerHTML, without first escaping HTML entities. Joplin lacks a...
CVE-2024-53268
Joplin is an open source, privacy-focused note taking app with sync capabilities for Windows, macOS, Linux, Android and iOS. In affected versions attackers are able to abuse the fact that openExternal is used without any filtering of URI schemes to obtain remote code execution in Windows...
CVE-2024-53268
CVE-2024-53268 affects Joplin where openExternal is used without URI scheme filtering, enabling remote code execution on Windows environments. Affected versions exposed via this weakness; remediation is to upgrade to Joplin 3.0.3 or later. Some connected sources indicate a proof-of-concept exists...
CVE-2024-40643
Joplin is a free, open source note taking and to-do application. Joplin fails to take into account that "" followed by a non letter character will not be considered html. As such it is possible to do an XSS by putting an "illegal" tag within a tag...
CVE-2024-40643 Joplin has a parsing error leading to Cross-site Scripting (XSS)
Joplin is a free, open source note taking and to-do application. Joplin fails to take into account that "" followed by a non letter character will not be considered html. As such it is possible to do an XSS by putting an "illegal" tag within a tag...
CVE-2024-40643
Summary: CVE-2024-40643 affects Joplin via a parsing error that fails to properly handle “
CVE-2024-41659 GHSL-2024-034: memos CORS Misconfiguration in server.go
memos is a privacy-first, lightweight note-taking service. A CORS misconfiguration exists in memos 0.20.1 and earlier where an arbitrary origin is reflected with Access-Control-Allow-Credentials set to true. This may allow an attacking website to make a cross-origin request, allowing the attacker...
CVE-2024-41659 GHSL-2024-034: memos CORS Misconfiguration in server.go
memos is a privacy-first, lightweight note-taking service. A CORS misconfiguration exists in memos 0.20.1 and earlier where an arbitrary origin is reflected with Access-Control-Allow-Credentials set to true. This may allow an attacking website to make a cross-origin request, allowing the attacker...
Microsoft OneNote for macOS library injection vulnerability
Talos Vulnerability Report TALOS-2024-1975 Microsoft OneNote for macOS library injection vulnerability August 19, 2024 CVE Number CVE-2024-41159 SUMMARY A library injection vulnerability exists in Microsoft OneNote 16.83 for macOS. A specially crafted library can leverage OneNote’s access...
memos vulnerable to Server-Side Request Forgery and Cross-site Scripting
memos is a privacy-first, lightweight note-taking service. In memos 0.13.2, an SSRF vulnerability exists at the /o/get/image that allows unauthenticated users to enumerate the internal network and retrieve images. The response from the image request is then copied into the response of the current...