PT-2023-22624 · Unknown · Guangdong Pythagorean Oa Office System

Name of the Vulnerable Software and Affected Versions: Guangdong Pythagorean OA Office System versions up to 4.50.31 Description: A vulnerability has been found in the Guangdong Pythagorean OA Office System, affecting unknown code of the file /note/index/delete. The manipulation of the id argumen...

Guangdong Pythagorean OA Office System 跨站请求伪造漏洞

Guangdong Pythagorean OA Office System Gougu OA is a practical enterprise office system of China Gouguopen open source gouguopen open source . A cross-site request forgery vulnerability exists in Guangdong Pythagorean OA Office System versions prior to 4.50.31. The vulnerability stems from the...

CVE-2023-31874

Yank Note YN 3.52.1 allows execution of arbitrary code when a crafted file is opened, e.g., via nodeRequire'childprocess'...

CVE-2023-31874

Yank Note YN 3.52.1 allows execution of arbitrary code when a crafted file is opened, e.g., via nodeRequire'childprocess'...

CVE-2023-31874

Yank Note YN 3.52.1 allows execution of arbitrary code when a crafted file is opened, e.g., via nodeRequire'childprocess'...

Code injection

Yank Note YN 3.52.1 allows execution of arbitrary code when a crafted file is opened, e.g., via nodeRequire'childprocess'...

CVE-2023-31874

Yank Note YN 3.52.1 allows execution of arbitrary code when a crafted file is opened, e.g., via nodeRequire'childprocess'...

PT-2023-23501 · Yank Note · Yank Note

Name of the Vulnerable Software and Affected Versions: Yank Note YN version 3.52.1 Description: The issue allows for the execution of arbitrary code when a crafted file is opened. This can be achieved, for example, via nodeRequire'child process'. Recommendations: For Yank Note YN version 3.52.1,...

CVE-2023-31874

CVE-2023-31874 affects Yank Note (YN) v3.52.1. The vulnerability allows execution of arbitrary code when opening a crafted file, driven by the app’s use of nodeRequire('child_process') in an Electron-based environment. Reported exploits/PoCs exist (e.g., PacketStorm/Exploit-DB materials), confirm...

CVE-2023-31874

Yank Note YN 3.52.1 allows execution of arbitrary code when a crafted file is opened, e.g., via nodeRequire'childprocess'...

CVE-2023-33188

Omni-notes is an open source note-taking application for Android. The Omni-notes Android app had an insufficient path validation vulnerability when displaying the details of a note received through an externally-provided intent. The paths of the note's attachments were not properly validated,...

Design/Logic Flaw

Omni-notes is an open source note-taking application for Android. The Omni-notes Android app had an insufficient path validation vulnerability when displaying the details of a note received through an externally-provided intent. The paths of the note's attachments were not properly validated,...

Rheinmetall attacked by BlackBasta ransomware

On Friday May 19, 2023, the German arms producer Rheinmetall acknowledged a cyber-incident at one of its subsidiaries in the private sector. The BlackBasta ransomware group has already claimed responsibility for the attack through its leak-site. Entry for Rheinmetall on BlackBasta leak site...

CVE-2023-2865

A vulnerability was found in SourceCodester Theme Park Ticketing System 1.0. It has been classified as critical. This affects an unknown part of the file printticket.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. It is possible to initiate...

Yank Note 3.52.1 Arbitrary Code Execution

Exploit Title: Yank Note v3.52.1 Electron - Arbitrary Code Execution Date: 2023-04-27 Exploit Author: 8bitsec CVE: CVE-2023-31874 Vendor Homepage: yank-note.com Software Link: https://github.com/purocean/yn Version: 3.52.1 Tested on: Ubuntu 22.04 | Mac OS 13 Release Date: 2023-04-27 Product &...

Yank Note v3.52.1 (Electron) - Arbitrary Code Execution

Exploit Title: Yank Note v3.52.1 Electron - Arbitrary Code Execution Date: 2023-04-27 Exploit Author: 8bitsec CVE: CVE-2023-31874 Vendor Homepage: yank-note.com Software Link: https://github.com/purocean/yn Version: 3.52.1 Tested on: Ubuntu 22.04 | Mac OS 13 Release Date: 2023-04-27 Product &...

Yank Note v3.52.1 (Electron) - Arbitrary Code Execution Vulnerability

Exploit Title: Yank Note v3.52.1 Electron - Arbitrary Code Execution Exploit Author: 8bitsec CVE: CVE-2023-31874 Vendor Homepage: yank-note.com Software Link: https://github.com/purocean/yn Version: 3.52.1 Tested on: Ubuntu 22.04 | Mac OS 13 Release Date: 2023-04-27 Product & Service Introduction...

Yank Note 安全漏洞

Yank Note is a highly extensible Markdown editor by purocean individual developers in China. A security vulnerability exists in Yank Note v3.52.1, which allows users to execute arbitrary code by opening a specially crafted file...

Leaked Babuk ransomware builder code lives on as RA Group

The bones of long gone ransomware group Babuk continue to rattle in the breeze, in the form of reused code. Researchers from Cisco Talos have named this new team the "RA Group", a ransomware collective which may have only been up and running since last month. Babuk famously threatened to leak law...

CVE-2022-34461

DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none...