Lucene search
+L

9 matches found

osv
osv
added 2026/06/25 6:26 p.m.6 views

GO-2026-5085 Note Mark: Unauthenticated read of notes and assets in soft-deleted public books in github.com/enchant97/note-mark/backend

Note Mark: Unauthenticated read of notes and assets in soft-deleted public books in github.com/enchant97/note-mark/backend...

5.3CVSS5.8AI score0.00194EPSS
Exploits0References4
nvd
nvd
added 2026/05/04 6:16 p.m.7 views

CVE-2026-41572

Note Mark is an open-source note-taking application. Prior to version 0.19.3, after a note-mark owner soft-deletes a public book, its notes and uploaded assets stay readable at /api/notes/id, /api/notes/id/content, the slug URL, and the asset endpoints. Unauthenticated callers who hold the note I...

5.3CVSS0.00194EPSS
Exploits0References2
cvelist
cvelist
added 2026/05/04 5:44 p.m.57 views

CVE-2026-41572 Note Mark: Unauthenticated read of notes and assets in soft-deleted public books

Note Mark is an open-source note-taking application. Prior to version 0.19.3, after a note-mark owner soft-deletes a public book, its notes and uploaded assets stay readable at /api/notes/id, /api/notes/id/content, the slug URL, and the asset endpoints. Unauthenticated callers who hold the note I...

5.3CVSS0.00194EPSS
Exploits0References2
vulnrichment
vulnrichment
added 2026/05/04 5:44 p.m.6 views

CVE-2026-41572 Note Mark: Unauthenticated read of notes and assets in soft-deleted public books

Note Mark is an open-source note-taking application. Prior to version 0.19.3, after a note-mark owner soft-deletes a public book, its notes and uploaded assets stay readable at /api/notes/id, /api/notes/id/content, the slug URL, and the asset endpoints. Unauthenticated callers who hold the note I...

5.3CVSS5.7AI score0.00194EPSS
Exploits0References2
cve
cve
added 2026/05/04 5:44 p.m.19 views

CVE-2026-41572

Note Mark (project: Note Mark) contains an authenticated/un-authenticated access flaw prior to version 0.19.3 where, after a public book is soft-deleted, notes and uploaded assets remain readable via /api/notes/{id}, /api/notes/{id}/content, the slug path, and asset endpoints. Root cause: GORM’s ...

5.3CVSS5.7AI score0.00194EPSS
Exploits0References2
osv
osv
added 2026/05/04 5:44 p.m.3 views

CVE-2026-41572 Note Mark: Unauthenticated read of notes and assets in soft-deleted public books

Note Mark is an open-source note-taking application. Prior to version 0.19.3, after a note-mark owner soft-deletes a public book, its notes and uploaded assets stay readable at /api/notes/id, /api/notes/id/content, the slug URL, and the asset endpoints. Unauthenticated callers who hold the note I...

5.3CVSS5.9AI score0.00194EPSS
Exploits0References4
snyk
snyk
added 2026/04/25 11:40 p.m.3 views

Improper Authorization

Overview Affected versions of this package are vulnerable to Improper Authorization via the GetNoteByID function. An attacker can access notes and assets from soft-deleted public books by directly querying endpoints with known note IDs or slug paths, even after the book has been deleted. This...

6.9CVSS5.7AI score0.00194EPSS
Exploits0References2
osv
osv
added 2026/04/25 11:40 p.m.6 views

GHSA-3GR9-485J-V4XF Note Mark: Unauthenticated read of notes and assets in soft-deleted public books

Summary After a note-mark owner soft-deletes a public book, its notes and uploaded assets stay readable at /api/notes/id, /api/notes/id/content, the slug URL, and the asset endpoints. Unauthenticated callers who hold the note ID or the slug path retain access. GORM's soft-delete scope does not...

5.3CVSS5.8AI score0.00194EPSS
Exploits0References5
github
github
added 2026/04/25 11:40 p.m.23 views

Note Mark: Unauthenticated read of notes and assets in soft-deleted public books

Summary After a note-mark owner soft-deletes a public book, its notes and uploaded assets stay readable at /api/notes/id, /api/notes/id/content, the slug URL, and the asset endpoints. Unauthenticated callers who hold the note ID or the slug path retain access. GORM's soft-delete scope does not...

5.3CVSS5.8AI score0.00194EPSS
Exploits0References5Affected Software1
Rows per page
Query Builder