27 matches found
CVE-2026-33976
Notesnook is a note-taking app. Prior to version 3.3.11 on Web/Desktop and 3.3.17 on Android/iOS, a stored XSS in the Web Clipper rendering flow can be escalated to remote code execution in the desktop app. The root cause is that the clipper preserves attacker-controlled attributes from the sourc...
CVE-2026-33976
Notesnook is a note-taking app. Prior to version 3.3.11 on Web/Desktop and 3.3.17 on Android/iOS, a stored XSS in the Web Clipper rendering flow can be escalated to remote code execution in the desktop app. The root cause is that the clipper preserves attacker-controlled attributes from the sourc...
EUVD-2026-16874
Notesnook is a note-taking app. Prior to version 3.3.11 on Web/Desktop and 3.3.17 on Android/iOS, a stored XSS in the Web Clipper rendering flow can be escalated to remote code execution in the desktop app. The root cause is that the clipper preserves attacker-controlled attributes from the sourc...
CVE-2026-33976 Notesnook vulnerable to RCE via stored XSS in Web Clipper rendering
Notesnook is a note-taking app. Prior to version 3.3.11 on Web/Desktop and 3.3.17 on Android/iOS, a stored XSS in the Web Clipper rendering flow can be escalated to remote code execution in the desktop app. The root cause is that the clipper preserves attacker-controlled attributes from the sourc...
CVE-2026-33976
Notesnook stores attacker-controlled attributes from a source page into web-clip HTML during Web Clipper rendering. When a clip is later opened, Notesnook renders this HTML in a same-origin, unsandboxed iframe via contentDocument.write, allowing event-handler attributes (onload, onclick, onmouseo...
CVE-2026-33976 Notesnook vulnerable to RCE via stored XSS in Web Clipper rendering
Notesnook is a note-taking app. Prior to version 3.3.11 on Web/Desktop and 3.3.17 on Android/iOS, a stored XSS in the Web Clipper rendering flow can be escalated to remote code execution in the desktop app. The root cause is that the clipper preserves attacker-controlled attributes from the sourc...
CVE-2026-33976 Notesnook vulnerable to RCE via stored XSS in Web Clipper rendering
Notesnook is a note-taking app. Prior to version 3.3.11 on Web/Desktop and 3.3.17 on Android/iOS, a stored XSS in the Web Clipper rendering flow can be escalated to remote code execution in the desktop app. The root cause is that the clipper preserves attacker-controlled attributes from the sourc...
CVE-2026-33976
Notesnook is a note-taking app. Prior to version 3.3.11 on Web/Desktop and 3.3.17 on Android/iOS, a stored XSS in the Web Clipper rendering flow can be escalated to remote code execution in the desktop app. The root cause is that the clipper preserves attacker-controlled attributes from the sourc...
Notesnook 代码注入漏洞
Notesnook is an end-to-end encrypted note application developed by Streetwriters. There were code injection vulnerabilities in versions of Notesnook Web/Desktop prior to 3.3.11, as well as in versions for Android/iOS prior to 3.3.17. These vulnerabilities stemmed from a stored-xss vulnerability...
PT-2026-28580
Name of the Vulnerable Software and Affected Versions Notesnook versions prior to 3.3.11 Web/Desktop Notesnook versions prior to 3.3.17 Android/iOS Description Notesnook is a note-taking app. Prior to versions 3.3.11 Web/Desktop and 3.3.17 Android/iOS, a stored Cross-Site Scripting XSS issue exis...
EUVD-2019-4186
Malware in sbrugna...
CVE-2024-23745
In Notion Web Clipper 1.0.37, a .nib file is susceptible to the Dirty NIB attack. NIB files can be manipulated to execute arbitrary commands. Additionally, even if a NIB file is modified within an application, Gatekeeper may still permit the execution of the application, enabling the execution of...
CVE-2024-23745
In Notion Web Clipper 1.0.37, a .nib file is susceptible to the Dirty NIB attack. NIB files can be manipulated to execute arbitrary commands. Additionally, even if a NIB file is modified within an application, Gatekeeper may still permit the execution of the application, enabling the execution of...
CVE-2024-23745
In Notion Web Clipper 1.0.37, a .nib file is susceptible to the Dirty NIB attack. NIB files can be manipulated to execute arbitrary commands. Additionally, even if a NIB file is modified within an application, Gatekeeper may still permit the execution of the application, enabling the execution of...
Design/Logic Flaw
In Notion Web Clipper 1.0.37, a .nib file is susceptible to the Dirty NIB attack. NIB files can be manipulated to execute arbitrary commands. Additionally, even if a NIB file is modified within an application, Gatekeeper may still permit the execution of the application, enabling the execution of...
CVE-2024-23745
In Notion Web Clipper 1.0.37, a .nib file is susceptible to the Dirty NIB attack. NIB files can be manipulated to execute arbitrary commands. Additionally, even if a NIB file is modified within an application, Gatekeeper may still permit the execution of the application, enabling the execution of...
CVE-2024-23745
Notion Web Clipper 1.0.3(7) is affected by the Dirty NIB vulnerability: a manipulated .nib file can lead to arbitrary commands execution within the app’s context. The root cause is described as incorrect caching of file signatures on macOS, and Gatekeeper may still allow execution even after NIB ...
CVE-2024-23745
In Notion Web Clipper 1.0.37, a .nib file is susceptible to the Dirty NIB attack. NIB files can be manipulated to execute arbitrary commands. Additionally, even if a NIB file is modified within an application, Gatekeeper may still permit the execution of the application, enabling the execution of...
Notion Web Clipper Command Injection Vulnerability
Notion is an application from Notion that integrates notes, knowledge base, data forms, Kanban, calendars, and many other capabilities into one application. A command injection vulnerability exists in Notion Web Clipper version 1.0.3, which stems from a NIB file that can be manipulated to execute...
PT-2024-20053 · Notion · Notion Web Clipper
Name of the Vulnerable Software and Affected Versions: Notion Web Clipper version 1.0.37 Description: The Notion Web Clipper is susceptible to the Dirty NIB attack, where .nib files can be manipulated to execute arbitrary commands. Even if a .nib file is modified within an application, Gatekeeper...