Lucene search
K

3126 matches found

CVE
CVE
added 2024/07/29 4:3 p.m.67 views

CVE-2024-41819

CVE-2024-41819 concerns Note Mark, a web-based Markdown notes app. The vulnerability is a stored XSS in the URL value of a link embedded in markdown content, allowing arbitrary web scripts to run when a user interacts with the rendered note. Affected versions are prior to 0.13.1; remediation is t...

8.7CVSS7.5AI score0.00777EPSS
Exploits4References2Affected Software1
Vulnrichment
Vulnrichment
added 2024/07/29 4:3 p.m.26 views

CVE-2024-41819 Note Mark has a stored XSS in the note link href attribute

Note Mark is a web-based Markdown notes app. A stored cross-site scripting XSS vulnerability in Note Mark allows attackers to execute arbitrary web scripts via a crafted payload injected into the URL value of a link in the markdown content. This vulnerability is fixed in 0.13.1...

8.7CVSS7.5AI score0.00777EPSS
Exploits4References2
Positive Technologies
Positive Technologies
added 2024/07/29 12:0 a.m.7 views

PT-2024-29585

Name of the Vulnerable Software and Affected Versions Note Mark versions prior to 0.13.1 Description A stored cross-site scripting issue allows attackers to execute arbitrary web scripts via a crafted payload injected into the URL value of a link in the markdown content. Recommendations For...

8.7CVSS7.4AI score0.00777EPSS
Exploits4References6
CNNVD
CNNVD
added 2024/07/29 12:0 a.m.5 views

Note Mark 安全漏洞

Note Mark is a web-based Markdown note-taking application from the individual developer Leo Spratt. A security vulnerability exists in Note Mark version 0.13.0 and prior versions. An attacker could exploit this vulnerability to execute arbitrary web script by injecting a specially crafted payload...

8.7CVSS8.3AI score0.00777EPSS
Exploits4References3
OSV
OSV
added 2024/07/27 4:1 a.m.9 views

OPENSUSE-SU-2024:0226-1 Security update for gh

This update for gh fixes the following issues: Update to version 2.53.0: CVE-2024-6104: gh: hashicorp/go-retryablehttp: url might write sensitive information to log file boo1227035 Disable TestGetTrustedRoot/successfullyverifiesTUFroot test due to https://github.com/cli/cli/issues/8928 Rename...

6CVSS6.6AI score0.00358EPSS
Exploits0References3
Openbugbounty
Openbugbounty
added 2024/07/18 7:52 a.m.7 views

owlwisemarketing.com.xx3.kz Cross Site Scripting vulnerability OBB-3947284

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.2AI score
Exploits0
Broadcom
Broadcom
added 2024/07/15 12:0 a.m.88 views

CVE-2024-6387: Remote Unauthorized Code Execution Vulnerability in openSSH server (regreSSHion)

OpenSSH contains a remote code execution RCE vulnerability, exploitable by an unauthenticated attacker through a race condition. Successful exploitation can allow for the remote execution of arbitrary code. Note: This flaw has been demonstrated to be exploitable remotely on glibc-based Linux...

8.1CVSS8.4AI score0.99506EPSS
Exploits68
NVD
NVD
added 2024/07/11 4:15 p.m.27 views

CVE-2024-39904

VNote is a note-taking platform. Prior to 3.18.1, a code execution vulnerability existed in VNote, which allowed an attacker to execute arbitrary programs on the victim's system. A crafted URI can be used in a note to perform this attack using file:/// as a link. For example,...

8.8CVSS0.00657EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/07/11 3:37 p.m.10 views

CVE-2024-39904 Code Execution Vulnerability via Local File Path Traversal in Vnote

VNote is a note-taking platform. Prior to 3.18.1, a code execution vulnerability existed in VNote, which allowed an attacker to execute arbitrary programs on the victim's system. A crafted URI can be used in a note to perform this attack using file:/// as a link. For example,...

8.8CVSS7.5AI score0.00657EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/07/11 3:37 p.m.39 views

CVE-2024-39904 Code Execution Vulnerability via Local File Path Traversal in Vnote

VNote is a note-taking platform. Prior to 3.18.1, a code execution vulnerability existed in VNote, which allowed an attacker to execute arbitrary programs on the victim's system. A crafted URI can be used in a note to perform this attack using file:/// as a link. For example,...

8.8CVSS0.00657EPSS
Exploits0References2
OSV
OSV
added 2024/07/11 3:37 p.m.18 views

CVE-2024-39904 Code Execution Vulnerability via Local File Path Traversal in Vnote

VNote is a note-taking platform. Prior to 3.18.1, a code execution vulnerability existed in VNote, which allowed an attacker to execute arbitrary programs on the victim's system. A crafted URI can be used in a note to perform this attack using file:/// as a link. For example,...

8.8CVSS7.6AI score0.00657EPSS
Exploits0References4
CNNVD
CNNVD
added 2024/07/11 12:0 a.m.5 views

VNote Security Vulnerability

VNote is an open source cross-platform Markdown note-taking tool from VNote Open Source. A security vulnerability exists in VNote versions prior to 3.18.1, which stems from the presence of a code execution vulnerability that could allow an attacker to execute arbitrary programs on the victim's...

8.8CVSS7.8AI score0.00657EPSS
Exploits0References3
CVE
CVE
added 2024/06/21 7:41 p.m.52 views

CVE-2023-39517

Joplin (note-taking app) has a documented XSS vulnerability (CVE-2023-39517) in affected versions where clicking an untrusted image link can execute shell commands. The HTML sanitizer in packages/renderer/htmlUtils.ts::sanitizeHtml preserves and links, but does not remove target or href attribu...

8.2CVSS6.5AI score0.00476EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2024/06/21 7:38 p.m.49 views

CVE-2023-45673

CVE-2023-45673 affects Joplin desktop prior to version 2.13.3. A remote code execution vulnerability arises when a user clicks a link in a PDF embedded in an untrusted note, because the app does not disable top redirection for note viewer iframes and node integration is enabled. Impact is executi...

9CVSS9.2AI score0.01028EPSS
Exploits1References2Affected Software1
NVD
NVD
added 2024/06/21 5:15 p.m.74 views

CVE-2024-37675

Cross Site Scripting vulnerability in Tessi Docubase Document Management product 5.x allows a remote attacker to execute arbitrary code via the parameter "sectionContent" related to the functionality of adding notes to an uploaded file...

5.4CVSS0.00602EPSS
Exploits1References3
UbuntuCve
UbuntuCve
added 2024/06/10 9:15 p.m.19 views

CVE-2024-27833

An integer overflow was addressed with improved input validation. This issue is fixed in Safari 17.5, iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and iPadOS 17.5, tvOS 17.5, visionOS 1.2. Processing maliciously crafted web content may lead to arbitrary code execution...

8.8CVSS7.2AI score0.00819EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2024/06/04 12:59 p.m.4 views

SUSE CVE-2021-26928

BIRD through 2.0.7 does not provide functionality for password authentication of BGP peers. Because of this, products that use BIRD which may, for example, include Tigera products in some configurations, as well as products of other vendors may have been susceptible to route redirection for Denia...

6.8CVSS7AI score0.01008EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2024/05/27 12:0 a.m.28 views

MantisBT < 2.26.2 Multiple Vulnerabilities

According to its version number, the MantisBT application hosted on the remote web server is prior to 2.26.2. It is, therefore, affected by the following vulnerabilities : - Insufficient access control in the registration and password reset process allows an attacker to reset another user's...

7.3CVSS6.7AI score0.01186EPSS
Exploits1References6
UbuntuCve
UbuntuCve
added 2024/05/22 12:0 a.m.43 views

CVE-2024-5157

Use after free in Scheduling in Google Chrome prior to 125.0.6422.76 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

8.8CVSS7.6AI score0.00772EPSS
Exploits1References1
Packet Storm
Packet Storm
added 2024/05/15 12:0 a.m.585 views

SAP Cloud Connector 2.16.1 Missing Validation

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Tolerating Self-Signed Certificates product: SAP® Cloud Connector vulnerable version: 2.15.0 - 2.16.1 Portable and Installer fixed version: 2.16.2 Portable and Installer...

7.4CVSS7.1AI score0.00544EPSS
Exploits1
Rows per page
Query Builder