Skip to main content

Notable

3 CVEs product

Monthly

CVE-2022-29281 HIGH This Week

Notable before 1.9.0-beta.8 doesn't effectively prevent the opening of executable files when clicking on a link. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Notable
NVD GitHub
CVSS 3.1
8.8
EPSS
1.5%
CVE-2022-26198 CRITICAL POC Act Now

Notable v1.8.4 does not filter text editing, allowing attackers to execute arbitrary code via a crafted payload injected into the Title text field. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Notable
NVD GitHub
CVSS 3.1
9.8
EPSS
1.6%
CVE-2020-16608 CRITICAL POC Act Now

Notable 1.8.4 allows XSS via crafted Markdown text, with resultant remote code execution (because nodeIntegration in webPreferences is true). Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS RCE Notable
NVD GitHub
CVSS 3.1
9.6
EPSS
4.3%
EPSS 1% CVSS 8.8
HIGH This Week

Notable before 1.9.0-beta.8 doesn't effectively prevent the opening of executable files when clicking on a link. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Notable
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

Notable v1.8.4 does not filter text editing, allowing attackers to execute arbitrary code via a crafted payload injected into the Title text field. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Notable
NVD GitHub
EPSS 4% CVSS 9.6
CRITICAL POC Act Now

Notable 1.8.4 allows XSS via crafted Markdown text, with resultant remote code execution (because nodeIntegration in webPreferences is true). Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS RCE Notable
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy