CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

3094 matches found

RedhatCVE•added 2025/02/09 10:29 p.m.•7 views

CVE-2024-55630

Joplin is a free, open source note taking and to-do application, which can handle a large number of notes organised into notebooks. Joplin's HTML sanitizer allows the name attribute to be specified. If name is set to the same value as an existing document property e.g. querySelector, that propert...

5.5CVSS6.5AI score0.00313EPSS

Exploits1References1

NVD•added 2025/02/07 11:15 p.m.•9 views

CVE-2024-55630

5.5CVSS0.00313EPSS

Exploits1References3

Cvelist•added 2025/02/07 10:38 p.m.•11 views

CVE-2025-25187 Cross-site Scripting in Goto Anything allows arbitrary code execution in Joplin

Joplin is a free, open source note taking and to-do application, which can handle a large number of notes organised into notebooks. This vulnerability is caused by adding note titles to the document using React's dangerouslySetInnerHTML, without first escaping HTML entities. Joplin lacks a...

7.8CVSS0.00438EPSS

Exploits1References4

Vulnrichment•added 2025/02/07 10:38 p.m.•12 views

CVE-2025-25187 Cross-site Scripting in Goto Anything allows arbitrary code execution in Joplin

7.8CVSS7.8AI score0.00438EPSS

Exploits1References4

Cvelist•added 2025/02/07 10:23 p.m.•10 views

CVE-2024-55630 DOM Clobbering leads to temporary DOS in the note viewer in Joplin

3.3CVSS0.00313EPSS

Exploits1References3

CNNVD•added 2025/02/07 12:0 a.m.•2 views

Joplin 跨站脚本漏洞

Joplin is an open source notes and to-do list application by Laurent Cozic, an individual developer. Joplin suffers from a cross-site scripting vulnerability that stems from not escaping HTML entities when adding a note title and the lack of a strict Content-Security-Policy, resulting in the...

7.8CVSS6.1AI score0.00438EPSS

Exploits1References5

RedhatCVE•added 2025/02/05 7:53 a.m.•5 views

CVE-2024-41819

Note Mark is a web-based Markdown notes app. A stored cross-site scripting XSS vulnerability in Note Mark allows attackers to execute arbitrary web scripts via a crafted payload injected into the URL value of a link in the markdown content. This vulnerability is fixed in 0.13.1...

8.7CVSS5.5AI score0.00777EPSS

Exploits4References1

OpenVAS•added 2025/01/30 12:0 a.m.•11 views

openSUSE Security Advisory (SUSE-SU-2025:0281-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.1CVSS6.7AI score0.0062EPSS

Exploits0References6

SUSE CVE•added 2025/01/10 12:19 a.m.•2 views

SUSE CVE-2025-21609

SiYuan is self-hosted, open source personal knowledge management software. SiYuan Note version 3.1.18 has an arbitrary file deletion vulnerability. The vulnerability exists in the POST /api/history/getDocHistoryContent endpoint. An attacker can craft a payload to exploit this vulnerability,...

9.1CVSS7AI score0.00579EPSS

Exploits1References4

NVD•added 2025/01/03 5:15 p.m.•14 views

CVE-2025-21609

9.1CVSS0.00579EPSS

Exploits1References2

Cvelist•added 2025/01/03 4:26 p.m.•20 views

CVE-2025-21609 SiYuan has an arbitrary file deletion vulnerability

8.7CVSS0.00579EPSS

Exploits1References2

Vulnrichment•added 2025/01/03 4:26 p.m.•10 views

CVE-2025-21609 SiYuan has an arbitrary file deletion vulnerability

8.7CVSS6.5AI score0.00579EPSS

Exploits1References2

CVE•added 2025/01/03 4:26 p.m.•113 views

CVE-2025-21609

CVE-2025-21609 affects SiYuan Note 3.1.18. The vulnerability exists in the POST /api/history/getDocHistoryContent endpoint, where an attacker can craft a payload to cause arbitrary file deletion on the server. The issue is addressed by commit d9887aeec1b27073bec66299a9a4181dc42969f3, with a fix e...

9.1CVSS6.5AI score0.00579EPSS

Exploits1References2Affected Software1

OSV•added 2025/01/03 4:26 p.m.•8 views

CVE-2025-21609 SiYuan has an arbitrary file deletion vulnerability

8.7CVSS6.6AI score0.00579EPSS

Exploits1References4

OSV•added 2025/01/03 4:24 p.m.•12 views

GHSA-8FX8-PFFW-W498 SiYuan has an arbitrary file deletion vulnerability

Summary A arbitrary file deletion vulnerability has been identified in the latest version of Siyuan Note. The vulnerability exists in the POST /api/history/getDocHistoryContent endpoint.An attacker can craft a payload to exploit this vulnerability, resulting in the deletion of arbitrary files on...

8.7CVSS9.3AI score0.00579EPSS

Exploits1References4

Github Security Blog•added 2025/01/03 4:24 p.m.•39 views

SiYuan has an arbitrary file deletion vulnerability

9.1CVSS6.8AI score0.00579EPSS

Exploits1References4Affected Software1

Positive Technologies•added 2025/01/03 12:0 a.m.•3 views

PT-2025-4297 · Unknown +1 · Siyuan Note +1

Name of the Vulnerable Software and Affected Versions: SiYuan Note version 3.1.18 Description: SiYuan Note is self-hosted, open source personal knowledge management software. The software has an arbitrary file deletion vulnerability that exists in the POST /api/history/getDocHistoryContent...

9.9CVSS6.7AI score0.75197EPSS

Exploits5References62

OSV•added 2025/01/01 5:58 a.m.•2 views

BELL-CVE-2024-53189

Bulletin has no description...

5.5CVSS7.2AI score0.00222EPSS

Exploits0References1

Circl•added 2024/12/20 7:55 p.m.•3 views

GHSA-QMCW-H4F9-J3H3

creationtimestamp| type| source ---|---|--- 2024-12-20 19:55:38+00:00| seen| https://infosec.exchange/users/cve/statuses/113686907311266678...

7.2AI score

Exploits0References1

NVD•added 2024/12/18 10:15 p.m.•18 views

CVE-2024-55232

An IDOR vulnerability in the manage-notes.php module in PHPGurukul Online Notes Sharing Management System v1.0 allows unauthorized users to delete notes belonging to other accounts due to missing authorization checks. This flaw enables attackers to delete another user's information...

5.4CVSS0.00355EPSS

Exploits1References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by