Leanote-desktop version v2.5 is vulnerable to a XSS which leads to code execution due to enabled node integration
6.1CVSS
6.3AI Score
0.001EPSS
Leanote version 2.7.0 allows obtaining arbitrary local files. This is possible because the application is vulnerable to LFR.
5.5CVSS
5.4AI Score
0.0004EPSS