4 matches found
CVE-2026-41572 Note Mark: Unauthenticated read of notes and assets in soft-deleted public books
Note Mark is an open-source note-taking application. Prior to version 0.19.3, after a note-mark owner soft-deletes a public book, its notes and uploaded assets stay readable at /api/notes/id, /api/notes/id/content, the slug URL, and the asset endpoints. Unauthenticated callers who hold the note I...
PT-2026-23147
Name of the Vulnerable Software and Affected Versions Theater for WordPress versions prior to 0.19 Description The software contains a flaw due to improper neutralization of input during web page generation, leading to a Cross-site Scripting issue. This allows for Stored XSS attacks...
CVE-2025-69331 WordPress Theater for WordPress plugin <= 0.19 - Broken Access Control vulnerability
Missing Authorization vulnerability in Jeroen Schmit Theater for WordPress theatre allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Theater for WordPress: from n/a through = 0.19...
CVE-2024-12215
In kedro-org/kedro version 0.19.8, the pullpackage API function allows users to download and extract micro packages from the Internet. However, the function projectwheelmetadata within the code path can execute the setup.py file inside the tar file, leading to remote code execution RCE by running...