CVE-2026-33976 Notesnook vulnerable to RCE via stored XSS in Web Clipper rendering

Notesnook is a note-taking app. Prior to version 3.3.11 on Web/Desktop and 3.3.17 on Android/iOS, a stored XSS in the Web Clipper rendering flow can be escalated to remote code execution in the desktop app. The root cause is that the clipper preserves attacker-controlled attributes from the sourc...

@qaios/runner (>=0.1.0 <=0.1.3), @web-desktop-environment/development-edition-server (>=0.0.4 <=2.0.0-alpha.11) +1 more potentially affected by CVE-2025-47269 via code-server (>=3.12.0 <=4.5.1)

code-server NPM version =3.12.0, =0.1.0, =0.0.4, =1.0.1, =2.0.0-alpha.11 Source cves: CVE-2025-47269 Source advisory: OSV:GHSA-P483-WPFP-42CJ...

@web-desktop-environment/development-edition-server (>=0.0.4 <=1.0.2), @web-desktop-environment/pack-dev (>=1.0.1 <=1.0.2) potentially affected by CVE-2023-26114 via code-server (>=3.12.0 <=3.9.3)

code-server NPM version =3.12.0, =0.0.4, =1.0.1, =1.0.2 Source cves: CVE-2023-26114 Source advisory: OSV:GHSA-FRJG-G767-7363...

Matrix clients -- several vulnerabilities

Matrix developers report: Today we are releasing security updates to libolm, matrix-js-sdk, and several clients including Element Web / Desktop. Users are encouraged to upgrade as soon as possible. These releases mitigate a buffer overflow in olmsessiondescribe, a libolm debugging function used b...

BlackBerry Enterprise Server Web Desktop Manager XSS (KB26296)

The version of BlackBerry Enterprise Server on the remote host reportedly contains a cross-site scripting vulnerability in its Web Desktop Manager component. An attacker may be able to leverage this issue to execute arbitrary script code in the browser of an authenticated user in the context of t...

CVE-2011-0286

CVE-2011-0286 is an XSS vulnerability in the BlackBerry Web Desktop Manager component of BlackBerry BES/BES Express (versions before 5.0.2 MR5, 5.0.3 before MR1, and 5.0.1–5.0.2 for BES Express). The issue arises from the displayErrorMessage parameter in the ManageDevices action, allowing remote ...

Groupmax World Wide Web Desktop Cross-Site Scripting Vulnerability

Overview Groupmax World Wide Web Desktop is vulnerable to cross-site scripting. Impact A remote attacker could execute arbitrary scripts on the affected system. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take appropriate action...

Groupmax World Wide Web Desktop/BUNSHOKANRI(=DocumentManagement) Cross-Site Scripting Vulnerability

Overview A cross-site scripting vulnerability has been found in the Groupmax World Wide Web Desktop/BUNSHOKANRI =DocumentManagement. Impact A remote attacker could execute malicious scripts. Solution Please refer to the 'Vendor Information' section for official countermesure and take appropriate...

CVE-2006-1574

Technical details about CVE-2006-1574 are not publicly available in the provided connected documents; monitor for updates.