📦 Joplin

CVE-2022-23340 is a critical remote code execution vulnerability in Joplin note-taking software. Attackers can execute arbitrary system commands by injecting malicious code into search results, affect...

This privilege escalation vulnerability in Joplin server allows non-admin users to modify their own user accounts via the PATCH /api/users/:id endpoint to set the is_admin field to 1, granting themsel...

This is a cross-site scripting (XSS) vulnerability in Joplin's Rich Text Editor caused by differences between Joplin's HTML sanitizer and browser comment handling. Attackers can execute arbitrary Java...

This vulnerability in Joplin allows attackers to execute arbitrary code on a user's system by injecting malicious JavaScript into note titles. Users who receive notes from untrusted sources and use Ct...

This vulnerability in Joplin note-taking app allows attackers to achieve remote code execution on Windows systems by exploiting unfiltered URI schemes in the openExternal function. All Joplin users on...

Joplin desktop application has a remote code execution vulnerability where clicking malicious links in untrusted notes can execute arbitrary shell commands. This affects all Joplin desktop users who o...

Joplin note-taking application has a cross-site scripting (XSS) vulnerability where pasting untrusted HTML into the rich text editor can execute arbitrary JavaScript. This JavaScript can access NodeJS...

This vulnerability in Joplin note-taking application allows remote code execution when users click on links within PDFs attached to untrusted notes. Attackers can execute arbitrary shell commands on t...