VNote Security Vulnerability

VNote is an open source cross-platform Markdown note-taking tool from VNote Open Source. A security vulnerability exists in VNote versions prior to 3.18.1, which stems from the presence of a code execution vulnerability that could allow an attacker to execute arbitrary programs on the victim's...

CVE-2023-39517

Joplin (note-taking app) has a documented XSS vulnerability (CVE-2023-39517) in affected versions where clicking an untrusted image link can execute shell commands. The HTML sanitizer in packages/renderer/htmlUtils.ts::sanitizeHtml preserves and links, but does not remove target or href attribu...

CVE-2023-45673

CVE-2023-45673 affects Joplin desktop prior to version 2.13.3. A remote code execution vulnerability arises when a user clicks a link in a PDF embedded in an untrusted note, because the app does not disable top redirection for note viewer iframes and node integration is enabled. Impact is executi...

CVE-2024-37675

Cross Site Scripting vulnerability in Tessi Docubase Document Management product 5.x allows a remote attacker to execute arbitrary code via the parameter "sectionContent" related to the functionality of adding notes to an uploaded file...

CVE-2024-27833

An integer overflow was addressed with improved input validation. This issue is fixed in Safari 17.5, iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and iPadOS 17.5, tvOS 17.5, visionOS 1.2. Processing maliciously crafted web content may lead to arbitrary code execution...

SUSE CVE-2021-26928

BIRD through 2.0.7 does not provide functionality for password authentication of BGP peers. Because of this, products that use BIRD which may, for example, include Tigera products in some configurations, as well as products of other vendors may have been susceptible to route redirection for Denia...

MantisBT < 2.26.2 Multiple Vulnerabilities

According to its version number, the MantisBT application hosted on the remote web server is prior to 2.26.2. It is, therefore, affected by the following vulnerabilities : - Insufficient access control in the registration and password reset process allows an attacker to reset another user's...

CVE-2024-5157

Use after free in Scheduling in Google Chrome prior to 125.0.6422.76 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

SAP Cloud Connector 2.16.1 Missing Validation

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Tolerating Self-Signed Certificates product: SAP® Cloud Connector vulnerable version: 2.15.0 - 2.16.1 Portable and Installer fixed version: 2.16.2 Portable and Installer...

PT-2024-25691

Name of the Vulnerable Software and Affected Versions MantisBT versions prior to 2.26.2 Description The issue affects MantisBT, an open source issue tracker, where an issue referencing a note from another issue that the user does not have access to becomes hyperlinked. Although clicking the link...

CVE-2024-30973

An issue in V-SOL G/EPON ONU HG323AC-B with firmware version V2.0.08-210715 allows an attacker to execute arbtirary code and obtain sensitive information via crafted POST request to /boaform/getASPdata/formFirewall, /boaform/getASPdata/formAcc...

Apple iOS 和 iPadOS 安全漏洞

Apple iOS and Apple iPadOS are products of Apple Inc. Apple iOS is an operating system developed for mobile devices, and Apple iPadOS is an operating system for iPad tablets. A security vulnerability exists in Apple iOS prior to 17.3 and iPadOS prior to 17.3, which arises from the contents of a...

CVE-2024-29029 memos vulnerable to an SSRF in /o/get/image

memos is a privacy-first, lightweight note-taking service. In memos 0.13.2, an SSRF vulnerability exists at the /o/get/image that allows unauthenticated users to enumerate the internal network and retrieve images. The response from the image request is then copied into the response of the current...

CVE-2024-29029

Memos: CVE-2024-29029 describes an SSRF flaw at the /o/get/image endpoint in memos 0.13.2 that allows unauthenticated users to enumerate the internal network and retrieve images. The response from the image request is echoed into the current server response, enabling a reflected XSS. The vulnerab...

CVE-2024-29028 memos vulnerable to an SSRF in /o/get/httpmeta

memos is a privacy-first, lightweight note-taking service. In memos 0.13.2, an SSRF vulnerability exists at the /o/get/httpmeta that allows unauthenticated users to enumerate the internal network and receive limited html values in json form. This vulnerability is fixed in 0.16.1...

BELL-CVE-2024-26903

Bulletin has no description...

Oracle Critical Patch Update Advisory - April 2024

A Critical Patch Update is a collection of patches for multiple security vulnerabilities. These patches address vulnerabilities in Oracle code and in third party components included in Oracle products. These patches are usually cumulative, but each advisory describes only the security patches add...

The vulnerability of the Jenkins automation server arises from improper handling of input during the creation of web pages. This allows attackers to carry out attacks using XSS techniques, with the ability to manipulate files in the working areas.

The vulnerability of the Jenkins automation server relates to the absence of a protection mechanism for the value of the “caption” parameter in the ExpandableDetailsNote configuration. Exploiting this vulnerability allows an attacker to carry out attacks using XSS techniques, with the ability to...

CVE-2024-26362

HTML injection vulnerability in Enpass Password Manager Desktop Client 6.9.2 for Windows and Linux allows attackers to run arbitrary HTML code via creation of crafted note...

CVE-2024-26362

HTML injection vulnerability in Enpass Password Manager Desktop Client 6.9.2 for Windows and Linux allows attackers to run arbitrary HTML code via creation of crafted note...