Lucene search
K

4 matches found

RedhatCVE
RedhatCVE
added 2026/04/18 7:22 a.m.6 views

CVE-2026-40262

Note Mark is an open-source note-taking application. In versions 0.19.1 and prior, the asset delivery handler serves uploaded files inline and relies on magic-byte detection for content type, which does not identify text-based formats such as HTML, SVG, or XHTML. These files are served with an...

8.7CVSS5.7AI score0.00309EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/16 11:51 p.m.3 views

CVE-2026-40262

Note Mark is an open-source note-taking application. In versions 0.19.1 and prior, the asset delivery handler serves uploaded files inline and relies on magic-byte detection for content type, which does not identify text-based formats such as HTML, SVG, or XHTML. These files are served with an...

8.7CVSS5.8AI score0.00309EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2026/04/16 11:51 p.m.27 views

CVE-2026-40262 Note Mark has Stored XSS via Unrestricted Asset Upload

Note Mark is an open-source note-taking application. In versions 0.19.1 and prior, the asset delivery handler serves uploaded files inline and relies on magic-byte detection for content type, which does not identify text-based formats such as HTML, SVG, or XHTML. These files are served with an...

8.7CVSS0.00309EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/03/26 3:0 p.m.13 views

CVE-2026-33172

Statamic is a Laravel and Git powered content management system CMS. Prior to versions 5.73.14 and 6.7.0, a stored XSS vulnerability in SVG asset reuploads allows authenticated users with asset upload permissions to bypass SVG sanitization and inject malicious JavaScript that executes when the...

8.7CVSS5.7AI score0.00325EPSS
Exploits0References1
Rows per page
Query Builder