Note Mark 安全漏洞

Note Mark is a web-based Markdown note-taking application developed by Leo Spratt. Versions of Note Mark prior to 0.19.1 contained a security vulnerability. This vulnerability stemmed from the login endpoint only performing bcrypt password verification when a username was provided. This allowed...

CVE-2026-40265 Note Mark has Broken Access Control on Asset Download

Note Mark is an open-source note-taking application. In versions 0.19.1 and prior, the asset download endpoint at /api/notes/noteID/assets/assetID is registered without authentication middleware, and the backend query does not verify ownership or book visibility. An unauthenticated user who knows...

CVE-2026-40263

The connected PT Security disclosures confirm CVE-2026-40263 corresponds to a Username Enumeration flaw via the login endpoint in Note Mark. Affected component is the login/authentication flow; the underlying issue is CWE-208 (Username Enumeration). PT notes that Note Mark versions prior to 0.19....

CVE-2026-40263 Note Mark: Username Enumeration via Login Endpoint Timing Side-Channel

Note Mark is an open-source note-taking application. In versions 0.19.1 and prior, the login endpoint performs bcrypt password verification only when the supplied username exists, returning immediately for nonexistent usernames. This timing discrepancy allows unauthenticated attackers to enumerat...

CVE-2026-24888

Maker.js is a 2D vector line drawing and shape modeling for CNC and laser cutters. In versions up to and including 0.19.1, the makerjs.extendObject function copies properties from source objects without proper validation, potentially exposing applications to security risks. The function lacks...

Maker.js security vulnerabilities

Maker.js is a two-dimensional vector drawing and shape modeling tool open-sourced by Microsoft. Versions of Maker.js prior to 0.19.1 contain security vulnerabilities. These vulnerabilities stem from the makerjs.extendObject function, which lacks proper validation when copying object properties...

Denial of Service (DoS)

Overview Affected versions of this package are vulnerable to Denial of Service DoS via the Vector.ReadFrom function. An attacker can cause excessive memory allocation and application crashes by providing maliciously crafted input data containing large length fields. This can result in denial of...

Denial of Service (DoS)

Overview Affected versions of this package are vulnerable to Denial of Service DoS via the Vector.ReadFrom function. An attacker can cause excessive memory allocation and application crashes by providing maliciously crafted input data containing large length fields. This can result in denial of...

EUVD-2018-12922

Malware in sbrugna...

EUVD-2024-0411

Malicious code in bioql PyPI...

SUSE CVE-2025-54409

AIDE is an advanced intrusion detection environment. From versions 0.13 to 0.19.1, there is a null pointer dereference vulnerability in AIDE. An attacker can crash the program during report printing or database listing after setting extended file attributes with an empty attribute value or with a...

PT-2024-2630 · Cloudflare · Cloudflare Quiche

Name of the Vulnerable Software and Affected Versions: Cloudflare Quiche versions 0.19.1 through 0.20.0 Description: The issue is related to an unlimited resource allocation vulnerability, causing a rapid increase in memory usage of the system running the quiche server or client. A remote attacke...

Lemmy Authorization Issues Vulnerability

Lemmy is Lemmy open source free software for building social news aggregators and web forums. An authorization issue vulnerability exists in Lemmy version 0.17.0 through versions prior to 0.19.1, which stems from the fact that any authenticated user can gain access to arbitrary private message...

SUSE CVE-2018-20363

LibRaw::raw2image in librawcxx.cpp in LibRaw 0.19.1 has a NULL pointer dereference...

UBUNTU-CVE-2018-5817

A type confusion error within the "unpackedloadraw" function within LibRaw versions prior to 0.19.1 internal/dcrawcommon.cpp can be exploited to trigger an infinite loop...

LibRaw 'raw2image' function null pointer backreference vulnerability

LibRaw is a C++ library developed by the LibRaw team for processing RAW CRW/CR2, NEF, RAF, DNG and others format images. A null pointer back-reference vulnerability exists in the 'raw2image' function of the librawcxx.cpp file in LibRaw version 0.19.1. An attacker can exploit this vulnerability to...

LibRaw stack buffer overflow vulnerability (CNVD-2018-26473)

LibRaw is a C++ library developed by the LibRaw team for processing RAW CRW/CR2, NEF, RAF, DNG and others format images. A stack-based buffer overflow vulnerability exists in the 'parsemakernote' function of the dcrawcommon.cpp file in LibRaw version 0.19.1. An attacker can exploit this...

LibRaw 'copy_bayer' function null pointer backreference vulnerability

LibRaw is a C++ library developed by the LibRaw team for processing RAW CRW/CR2, NEF, RAF, DNG and others format images. A null pointer back-reference vulnerability exists in the 'copybayer' function of the librawcxx.cpp file in LibRaw version 0.19.1. An attacker can exploit this vulnerability to...

UBUNTU-CVE-2018-20364

LibRaw::copybayer in librawcxx.cpp in LibRaw 0.19.1 has a NULL pointer dereference...

UBUNTU-CVE-2018-20363

LibRaw::raw2image in librawcxx.cpp in LibRaw 0.19.1 has a NULL pointer dereference...