EUVD-2021-34828

My Notes Safe 5.3 contains a denial of service vulnerability that allows attackers to crash the application by pasting excessively long character strings into note fields. Attackers can generate a payload containing 350000 repeated characters and paste it twice into a new note to trigger an...

CVE-2021-47970

CVE-2021-47970 affects Macaron Notes 5.5. A denial-of-service via buffer overflow is triggered by creating a note containing a payload of approximately 350,000 repeated characters pasted into a note field, which crashes the application and stops functionality. The public documents confirm the vul...

EUVD-2021-34829

Macaron Notes 5.5 contains a denial of service vulnerability that allows attackers to crash the application by creating notes with excessively long character strings. Attackers can generate a payload containing 350000 repeated characters and paste it into a note field to trigger application crash...

CVE-2021-47970

Macaron Notes 5.5 contains a denial of service vulnerability that allows attackers to crash the application by creating notes with excessively long character strings. Attackers can generate a payload containing 350000 repeated characters and paste it into a note field to trigger application crash...

CVE-2021-47970 Macaron Notes 5.5 Denial of Service via Buffer Overflow

Macaron Notes 5.5 contains a denial of service vulnerability that allows attackers to crash the application by creating notes with excessively long character strings. Attackers can generate a payload containing 350000 repeated characters and paste it into a note field to trigger application crash...

CVE-2021-47970 Macaron Notes 5.5 Denial of Service via Buffer Overflow

Macaron Notes 5.5 contains a denial of service vulnerability that allows attackers to crash the application by creating notes with excessively long character strings. Attackers can generate a payload containing 350000 repeated characters and paste it into a note field to trigger application crash...

EUVD-2021-34826

Color Notes 1.4 contains a denial of service vulnerability that allows attackers to crash the application by pasting excessively long character strings into note fields. Attackers can generate a payload containing 350,000 repeated characters and paste it twice into a new note to cause the...

CVE-2021-47969 Color Notes 1.4 Denial of Service via Long Character String

Color Notes 1.4 contains a denial of service vulnerability that allows attackers to crash the application by pasting excessively long character strings into note fields. Attackers can generate a payload containing 350,000 repeated characters and paste it twice into a new note to cause the...

CVE-2021-47969

CVE-2021-47969 affects Color Notes 1.4. The vulnerability is a denial of service caused by pasting excessively long character strings into note fields, e.g., a payload of about 350,000 repeated characters pasted twice can make the application stop responding. The available data describe the impac...

CVE-2021-47969

Color Notes 1.4 contains a denial of service vulnerability that allows attackers to crash the application by pasting excessively long character strings into note fields. Attackers can generate a payload containing 350,000 repeated characters and paste it twice into a new note to cause the...

PT-2026-41457

Name of the Vulnerable Software and Affected Versions My Notes Safe version 5.3 Description A denial of service issue allows attackers to crash the application by pasting excessively long character strings into note fields. This is triggered when a payload containing 350,000 repeated characters i...

My Notes Safe 安全漏洞

My Notes Safe is a security note-taking app developed by GuiWei, which supports encrypted note storage and privacy protection. Version 5.3 of My Notes Safe has a security vulnerability. This vulnerability stems from allowing attackers to inject excessively long strings into note fields, leading t...

WordPress plugin Sticky Notes Widget 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

PT-2026-41455

Name of the Vulnerable Software and Affected Versions Color Notes version 1.4 Description A denial of service issue allows attackers to crash the application by pasting excessively long character strings into note fields. Specifically, pasting a payload containing 350,000 repeated characters twic...

PT-2026-41458

Name of the Vulnerable Software and Affected Versions Sticky Notes & Color Widgets version 1.4.2 Description A denial of service issue allows attackers to crash the application by creating notes with excessively long character strings. By pasting large payloads of repeated characters into note...

PT-2026-41459

Name of the Vulnerable Software and Affected Versions Sticky Notes Widget version 3.0.6 Description A denial of service issue allows attackers to crash the application on iOS devices. This occurs when excessively long character strings are pasted into note fields. Specifically, pasting a payload...

PT-2026-41456

Name of the Vulnerable Software and Affected Versions Macaron Notes version 5.5 Description A denial of service issue allows attackers to crash the application by creating notes with excessively long character strings. An attacker can trigger the crash and stop functionality by pasting a payload...

CVE-2026-45316 Open WebUI: Read-Only Users Can Toggle Note Pin Status via Incorrect Permission Check (Write via Read-Only Access)

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.3, the POST /api/v1/notes/id/pin endpoint performs a write operation toggling the ispinned field but only checks for read permission. Users with read-only access to a shared note can...

EUVD-2026-30647

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.11, the API /api/v1/notes/noteid endpoint lacks proper authorization checks, allowing authenticated users to retrieve notes belonging to other users by guessing or enumerating UUIDs. Th...

CVE-2026-44523

Note Mark is an open-source note-taking application. Prior to 0.19.4, no minimum length or entropy is enforced on the JWTSECRET configuration value. The application accepts any base64-decodable secret regardless of size, including secrets as short as 1 byte. This vulnerability is fixed in 0.19.4...