EUVD-2026-31001

Joplin is an open source note-taking and to-do application that organises notes and lists into notebooks. Versions 3.5.2 and prior contain a logic error in the delta API that allows share recipients to download notes that are no longer shared with them, related to but not fully fixed by the prior...

GHSA-J6W6-986J-2M2M Open WebUI Vulnerable to Cross-Site Request Forgery (CSRF) via Image URL Manipulation

Summary An application-wide Cross-Site Request Forgery CSRF vulnerability was found Open-WebUl's image uploading functionality. An attacker can set an image URL to a malicious endpoint, allowing them to perform actions on behalf of a victim user. Any authenticated user can exploit this...

GHSA-JX2X-J75F-XQ3J Open WebUI: Read-Only Users Can Toggle Note Pin Status via Incorrect Permission Check (Write via Read-Only Access)

Summary The POST /api/v1/notes/id/pin endpoint performs a write operation toggling the ispinned field but only checks for read permission. Users with read-only access to a shared note can pin/unpin it, which is a state-modifying action that should require write permission. All other write endpoin...

PT-2026-41170

Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.9.3 Description An application-wide Cross-Site Request Forgery CSRF issue exists in the image uploading functionality. An attacker can set an image URL to a malicious endpoint, causing any authenticated user who...

SAMSUNG Notes Information Disclosure Vulnerability

SAMSUNG Notes is a software application from Samsung South Korea. It is used to provide a record function. SAMSUNG Notes has an information disclosure vulnerability that can be exploited by an attacker to access shared notes...

CVE-2025-21057

Use of implicit intent for sensitive communication in Samsung Notes prior to version 4.4.30.63 allows local attackers to access shared notes...

CVE-2025-55200

BigBlueButton is an open-source virtual classroom. In versions prior to 3.0.13, the "Shared Notes" feature contains a Stored Cross-Site Scripting XSS vulnerability with the input location being the "Username" field and the output location on the "Shared Notes" page, when a user with a malicious...

CVE-2025-21057

Use of implicit intent for sensitive communication in Samsung Notes prior to version 4.4.30.63 allows local attackers to access shared notes...

EUVD-2025-33676

Use of implicit intent for sensitive communication in Samsung Notes prior to version 4.4.30.63 allows local attackers to access shared notes...

CVE-2025-21057

Use of implicit intent for sensitive communication in Samsung Notes prior to version 4.4.30.63 allows local attackers to access shared notes...

CVE-2025-21057

CVE-2025-21057 affects Samsung Notes with vulnerable versions prior to 4.4.30.63. The root cause is use of implicit intents for sensitive communication, enabling a local attacker to access shared notes. The issue is documented across multiple sources (NVD, RH, CNVD, and PT Security) confirming th...

CVE-2025-21057

Use of implicit intent for sensitive communication in Samsung Notes prior to version 4.4.30.63 allows local attackers to access shared notes...

PT-2025-41517

Name of the Vulnerable Software and Affected Versions Samsung Notes versions prior to 4.4.30.63 Description A flaw exists in Samsung Notes due to the use of implicit intents for sensitive communication. This allows a local attacker to access shared notes. Recommendations Update Samsung Notes to...

SAMSUNG Notes 安全漏洞

SAMSUNG Notes is a software application from Samsung South Korea. It is used to provide a record function. SAMSUNG Notes has an information disclosure vulnerability that can be exploited by an attacker to access shared notes...

CVE-2025-55200

BigBlueButton is an open-source virtual classroom. In versions prior to 3.0.13, the "Shared Notes" feature contains a Stored Cross-Site Scripting XSS vulnerability with the input location being the "Username" field and the output location on the "Shared Notes" page, when a user with a malicious...

EUVD-2025-33584

BigBlueButton is an open-source virtual classroom. In versions prior to 3.0.13, the "Shared Notes" feature contains a Stored Cross-Site Scripting XSS vulnerability with the input location being the "Username" field and the output location on the "Shared Notes" page, when a user with a malicious...

CVE-2025-55200 BigBlueButton vulnerable to Stored XSS via name of user at Shared Notes

BigBlueButton is an open-source virtual classroom. In versions prior to 3.0.13, the "Shared Notes" feature contains a Stored Cross-Site Scripting XSS vulnerability with the input location being the "Username" field and the output location on the "Shared Notes" page, when a user with a malicious...

CVE-2025-55200 BigBlueButton vulnerable to Stored XSS via name of user at Shared Notes

BigBlueButton is an open-source virtual classroom. In versions prior to 3.0.13, the "Shared Notes" feature contains a Stored Cross-Site Scripting XSS vulnerability with the input location being the "Username" field and the output location on the "Shared Notes" page, when a user with a malicious...

CVE-2025-55200 BigBlueButton vulnerable to Stored XSS via name of user at Shared Notes

BigBlueButton is an open-source virtual classroom. In versions prior to 3.0.13, the "Shared Notes" feature contains a Stored Cross-Site Scripting XSS vulnerability with the input location being the "Username" field and the output location on the "Shared Notes" page, when a user with a malicious...

CVE-2025-55200

BigBlueButton has a Stored XSS vulnerability in the Shared Notes feature prior to version 3.0.13. The issue arises from unsafely handling the Username field, allowing a low-privilege user to inject arbitrary JavaScript that can execute in the context of higher-privileged users (e.g., Admins) who ...