CVE-2026-22810

CVE-2026-22810 affects Joplin prior to 3.5.7, via a path traversal vulnerability in the OneNote importer. The OneNote converter does not sanitize embedded file names when writing attachments, allowing file names containing ../../ to influence the target path and overwrite arbitrary files on disk....

@joplin/onenote-converter: Path traversal in OneNote importer allows overwriting arbitrary files

Summary A path traversal vulnerability in the OneNote importer allows overwriting arbitrary files on disk. Details The OneNote converter does not sanitize the names of embedded files before writing them to disk. As a result, it's possible for an attacker to create a malicious .one file that...

PT-2023-4775 · Microsoft · Office Onenote

Name of the Vulnerable Software and Affected Versions: Microsoft OneNote affected versions not specified Description: The issue is related to errors in the representation of information by the user interface, which can be exploited by a remote attacker to conduct spoofing attacks. This allows...

Apache Tika Memory Overflow Vulnerability (CNVD-2020-33326)

Apache Tika is the United States Apache Apache Software Foundation, an integrated POI using Java programs to provide MicrosoftOffice format documents read and write functions of the open-source library, Pdfbox read and create PDF documents pure Java class library and for text extraction work to...

Update for Microsoft OneNote 2010 (KB2288640), 32-Bit Edition

Update for Microsoft OneNote 2010 KB2288640, 32-Bit Edition...