3126 matches found
CVE-2024-41819
CVE-2024-41819 concerns Note Mark, a web-based Markdown notes app. The vulnerability is a stored XSS in the URL value of a link embedded in markdown content, allowing arbitrary web scripts to run when a user interacts with the rendered note. Affected versions are prior to 0.13.1; remediation is t...
CVE-2024-41819 Note Mark has a stored XSS in the note link href attribute
Note Mark is a web-based Markdown notes app. A stored cross-site scripting XSS vulnerability in Note Mark allows attackers to execute arbitrary web scripts via a crafted payload injected into the URL value of a link in the markdown content. This vulnerability is fixed in 0.13.1...
PT-2024-29585
Name of the Vulnerable Software and Affected Versions Note Mark versions prior to 0.13.1 Description A stored cross-site scripting issue allows attackers to execute arbitrary web scripts via a crafted payload injected into the URL value of a link in the markdown content. Recommendations For...
Note Mark 安全漏洞
Note Mark is a web-based Markdown note-taking application from the individual developer Leo Spratt. A security vulnerability exists in Note Mark version 0.13.0 and prior versions. An attacker could exploit this vulnerability to execute arbitrary web script by injecting a specially crafted payload...
OPENSUSE-SU-2024:0226-1 Security update for gh
This update for gh fixes the following issues: Update to version 2.53.0: CVE-2024-6104: gh: hashicorp/go-retryablehttp: url might write sensitive information to log file boo1227035 Disable TestGetTrustedRoot/successfullyverifiesTUFroot test due to https://github.com/cli/cli/issues/8928 Rename...
owlwisemarketing.com.xx3.kz Cross Site Scripting vulnerability OBB-3947284
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
CVE-2024-6387: Remote Unauthorized Code Execution Vulnerability in openSSH server (regreSSHion)
OpenSSH contains a remote code execution RCE vulnerability, exploitable by an unauthenticated attacker through a race condition. Successful exploitation can allow for the remote execution of arbitrary code. Note: This flaw has been demonstrated to be exploitable remotely on glibc-based Linux...
CVE-2024-39904
VNote is a note-taking platform. Prior to 3.18.1, a code execution vulnerability existed in VNote, which allowed an attacker to execute arbitrary programs on the victim's system. A crafted URI can be used in a note to perform this attack using file:/// as a link. For example,...
CVE-2024-39904 Code Execution Vulnerability via Local File Path Traversal in Vnote
VNote is a note-taking platform. Prior to 3.18.1, a code execution vulnerability existed in VNote, which allowed an attacker to execute arbitrary programs on the victim's system. A crafted URI can be used in a note to perform this attack using file:/// as a link. For example,...
CVE-2024-39904 Code Execution Vulnerability via Local File Path Traversal in Vnote
VNote is a note-taking platform. Prior to 3.18.1, a code execution vulnerability existed in VNote, which allowed an attacker to execute arbitrary programs on the victim's system. A crafted URI can be used in a note to perform this attack using file:/// as a link. For example,...
CVE-2024-39904 Code Execution Vulnerability via Local File Path Traversal in Vnote
VNote is a note-taking platform. Prior to 3.18.1, a code execution vulnerability existed in VNote, which allowed an attacker to execute arbitrary programs on the victim's system. A crafted URI can be used in a note to perform this attack using file:/// as a link. For example,...
VNote Security Vulnerability
VNote is an open source cross-platform Markdown note-taking tool from VNote Open Source. A security vulnerability exists in VNote versions prior to 3.18.1, which stems from the presence of a code execution vulnerability that could allow an attacker to execute arbitrary programs on the victim's...
CVE-2023-39517
Joplin (note-taking app) has a documented XSS vulnerability (CVE-2023-39517) in affected versions where clicking an untrusted image link can execute shell commands. The HTML sanitizer in packages/renderer/htmlUtils.ts::sanitizeHtml preserves and links, but does not remove target or href attribu...
CVE-2023-45673
CVE-2023-45673 affects Joplin desktop prior to version 2.13.3. A remote code execution vulnerability arises when a user clicks a link in a PDF embedded in an untrusted note, because the app does not disable top redirection for note viewer iframes and node integration is enabled. Impact is executi...
CVE-2024-37675
Cross Site Scripting vulnerability in Tessi Docubase Document Management product 5.x allows a remote attacker to execute arbitrary code via the parameter "sectionContent" related to the functionality of adding notes to an uploaded file...
CVE-2024-27833
An integer overflow was addressed with improved input validation. This issue is fixed in Safari 17.5, iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and iPadOS 17.5, tvOS 17.5, visionOS 1.2. Processing maliciously crafted web content may lead to arbitrary code execution...
SUSE CVE-2021-26928
BIRD through 2.0.7 does not provide functionality for password authentication of BGP peers. Because of this, products that use BIRD which may, for example, include Tigera products in some configurations, as well as products of other vendors may have been susceptible to route redirection for Denia...
MantisBT < 2.26.2 Multiple Vulnerabilities
According to its version number, the MantisBT application hosted on the remote web server is prior to 2.26.2. It is, therefore, affected by the following vulnerabilities : - Insufficient access control in the registration and password reset process allows an attacker to reset another user's...
CVE-2024-5157
Use after free in Scheduling in Google Chrome prior to 125.0.6422.76 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...
SAP Cloud Connector 2.16.1 Missing Validation
SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Tolerating Self-Signed Certificates product: SAP® Cloud Connector vulnerable version: 2.15.0 - 2.16.1 Portable and Installer fixed version: 2.16.2 Portable and Installer...