CVE-2021-47970

CVE-2021-47970 affects Macaron Notes 5.5. A denial-of-service via buffer overflow is triggered by creating a note containing a payload of approximately 350,000 repeated characters pasted into a note field, which crashes the application and stops functionality. The public documents confirm the vul...

CVE-2021-47969 Color Notes 1.4 Denial of Service via Long Character String

Color Notes 1.4 contains a denial of service vulnerability that allows attackers to crash the application by pasting excessively long character strings into note fields. Attackers can generate a payload containing 350,000 repeated characters and paste it twice into a new note to cause the...

EUVD-2021-34826

Color Notes 1.4 contains a denial of service vulnerability that allows attackers to crash the application by pasting excessively long character strings into note fields. Attackers can generate a payload containing 350,000 repeated characters and paste it twice into a new note to cause the...

CVE-2021-47969

Color Notes 1.4 contains a denial of service vulnerability that allows attackers to crash the application by pasting excessively long character strings into note fields. Attackers can generate a payload containing 350,000 repeated characters and paste it twice into a new note to cause the...

CVE-2021-47969

CVE-2021-47969 affects Color Notes 1.4. The vulnerability is a denial of service caused by pasting excessively long character strings into note fields, e.g., a payload of about 350,000 repeated characters pasted twice can make the application stop responding. The available data describe the impac...

PT-2026-41459

Name of the Vulnerable Software and Affected Versions Sticky Notes Widget version 3.0.6 Description A denial of service issue allows attackers to crash the application on iOS devices. This occurs when excessively long character strings are pasted into note fields. Specifically, pasting a payload...

My Notes Safe 安全漏洞

My Notes Safe is a security note-taking app developed by GuiWei, which supports encrypted note storage and privacy protection. Version 5.3 of My Notes Safe has a security vulnerability. This vulnerability stems from allowing attackers to inject excessively long strings into note fields, leading t...

WordPress plugin Sticky Notes Widget 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

PT-2026-41456

Name of the Vulnerable Software and Affected Versions Macaron Notes version 5.5 Description A denial of service issue allows attackers to crash the application by creating notes with excessively long character strings. An attacker can trigger the crash and stop functionality by pasting a payload...

PT-2026-41457

Name of the Vulnerable Software and Affected Versions My Notes Safe version 5.3 Description A denial of service issue allows attackers to crash the application by pasting excessively long character strings into note fields. This is triggered when a payload containing 350,000 repeated characters i...

PT-2026-41455

Name of the Vulnerable Software and Affected Versions Color Notes version 1.4 Description A denial of service issue allows attackers to crash the application by pasting excessively long character strings into note fields. Specifically, pasting a payload containing 350,000 repeated characters twic...

PT-2026-41458

Name of the Vulnerable Software and Affected Versions Sticky Notes & Color Widgets version 1.4.2 Description A denial of service issue allows attackers to crash the application by creating notes with excessively long character strings. By pasting large payloads of repeated characters into note...

CVE-2026-45316 Open WebUI: Read-Only Users Can Toggle Note Pin Status via Incorrect Permission Check (Write via Read-Only Access)

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.3, the POST /api/v1/notes/id/pin endpoint performs a write operation toggling the ispinned field but only checks for read permission. Users with read-only access to a shared note can...

EUVD-2026-30647

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.11, the API /api/v1/notes/noteid endpoint lacks proper authorization checks, allowing authenticated users to retrieve notes belonging to other users by guessing or enumerating UUIDs. Th...

CVE-2026-44523

Note Mark is an open-source note-taking application. Prior to 0.19.4, no minimum length or entropy is enforced on the JWTSECRET configuration value. The application accepts any base64-decodable secret regardless of size, including secrets as short as 1 byte. This vulnerability is fixed in 0.19.4...

@joplin/onenote-converter: Path traversal in OneNote importer allows overwriting arbitrary files

Summary A path traversal vulnerability in the OneNote importer allows overwriting arbitrary files on disk. Details The OneNote converter does not sanitize the names of embedded files before writing them to disk. As a result, it's possible for an attacker to create a malicious .one file that...

CVE-2026-7563 Classified Listing <= 5.3.10 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Modification via add_order_note and send_email_to_user_by_moderator AJAX Actions

The Classified Listing – AI-Powered Classified ads & Business Directory Plugin plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 5.3.10. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it...

SAP NetWeaver AS ABAP OS Command Injection (3730019)

The version of SAP NetWeaver AS ABAP detected on the remote host is affected by an OS command injection vulnerability as referenced in SAP Security Note 3730019: - An OS command injection vulnerability exists in SAP NetWeaver Application Server for ABAP and ABAP Platform. An authenticated attacke...

SAP NetWeaver AS ABAP Reflected XSS (3728690)

The version of SAP NetWeaver AS ABAP detected on the remote host is affected by a reflected cross-site scripting XSS vulnerability as referenced in SAP Security Note 3728690: - A reflected cross-site scripting XSS vulnerability exists in SAP NetWeaver Application Server ABAP Applications based on...

Inadequate Encryption Strength

Overview Affected versions of this package are vulnerable to Inadequate Encryption Strength due to insufficient enforcement of length and entropy requirements for the JWTSECRET configuration value. An attacker can gain unauthorized access to user accounts by forging authentication tokens using we...