CVE-2026-44553 Open WebUI: Stale Admin Role in Socket.IO Session Pool Enables Post-Demotion Cross-User Note Access

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, administrative role changes and user deletions do not iterate SESSIONPOOL to disconnect affected sessions. As a result, a user whose admin role has been revoked retains admin...

CVE-2026-23482

Blinko is an AI-powered card note-taking project. Prior to version 1.8.4, the file server endpoint does not perform permission checks on the temp/ path and does not filter path traversal sequences, allowing unauthorized attackers to read arbitrary files on the server. When scheduled backup tasks...

CVE-2026-23482

Blinko is an AI-powered card note-taking project. Prior to version 1.8.4, the file server endpoint does not perform permission checks on the temp/ path and does not filter path traversal sequences, allowing unauthorized attackers to read arbitrary files on the server. When scheduled backup tasks...

CVE-2026-23482

Blinko (AI-powered card note-taking project) before version 1.8.4 exposes a file server endpoint that does not enforce permission checks on the temp/ path and does not filter path traversal sequences. This allows unauthenticated attackers to read arbitrary files on the server. When scheduled back...

CVE-2025-12071

The Frontend User Notes plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.1.0 via the 'funpajaxmodifynotes' AJAX endpoint due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with...

CVE-2025-12071

The Frontend User Notes plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.1.0 via the 'funpajaxmodifynotes' AJAX endpoint due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with...

WordPress plugin Frontend User Notes 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

PT-2026-20218

Name of the Vulnerable Software and Affected Versions Frontend User Notes plugin for WordPress versions up to and including 2.1.0 Description The Frontend User Notes plugin for WordPress contains a flaw that allows authenticated attackers with Subscriber-level access or higher to modify notes tha...

WordPress Frontend User Notes plugin <= 2.1.0 - Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary Note Modification vulnerability

Insecure Direct Object Reference to Authenticated Subscriber+ Arbitrary Note Modification vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin Frontend User Notes versions = 2.1.0...

EUVD-2025-31268

Malicious code in bioql PyPI...

CVE-2025-60136

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in cartpauj User Notes user-notes allows Stored XSS.This issue affects User Notes: from n/a through = 1.0.2...

WordPress User Notes plugin <= 1.0.2 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Nabil Irawan in WordPress Plugin User Notes versions = 1.0.2...

CVE-2025-60136

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in cartpauj User Notes user-notes allows Stored XSS.This issue affects User Notes: from n/a through = 1.0.2...

CVE-2025-60136 WordPress User Notes plugin <= 1.0.2 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in cartpauj User Notes user-notes allows Stored XSS.This issue affects User Notes: from n/a through = 1.0.2...

CVE-2025-60136

CVE-2025-60136 is a Stored XSS vulnerability in WordPress plugin User Notes (versions up to 1.0.2). It arises from improper input neutralization during web page generation. The CVSS 3.1 score is 5.9 (Medium) with vector AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L; exploit requires high privileges and use...

CVE-2025-60136 WordPress User Notes plugin <= 1.0.2 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in cartpauj User Notes user-notes allows Stored XSS.This issue affects User Notes: from n/a through = 1.0.2...

PT-2025-39579

Name of the Vulnerable Software and Affected Versions cartpauj User Notes versions through 1.0.2 Description The software contains a flaw due to improper handling of user-supplied data when creating web pages, leading to a Stored Cross-site Scripting XSS condition. This allows an attacker to inje...

WordPress plugin User Notes 跨站脚本漏洞

WordPress and the WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripti...

GHSA-GHX2-6V4G-9WMM usememos/memos makes Incorrect Use of Privileged APIs

In usememos/memos 0.9.0 and prior, a user with login permission can delete all notes of the whole application via API DELETE https://demo.usememos.com/api/memo/$idnote. The vulnerability will lose all user notes data throughout the system, causing damage to user data...

CVE-2019-16686

Dolibarr 9.0.5 has stored XSS in a User Note section to note.php. A user with no privileges can inject script to attack the admin...