Page 276 of 45564 results (0.071 seconds)

CVSS: 8.2EPSS: 0%CPEs: 1EXPL: 0

A Cross-site Scripting (XSS) vulnerability allows pasting untrusted data into the rich text editor to execute arbitrary code. ... As such, the `onload` attribute of pasted images can execute arbitrary code. • https://github.com/laurent22/joplin/security/advisories/GHSA-m59c-9rrj-c399 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 8.9EPSS: 0%CPEs: 1EXPL: 0

A remote code execution (RCE) vulnerability in affected versions allows clicking on a link in a PDF in an untrusted note to execute arbitrary shell commands. Clicking links in PDFs allows for arbitrary code execution because Joplin desktop: 1. has not disabled top redirection for note viewer iframes, and 2. and has node integration enabled. This is a remote code execution vulnerability that impacts anyone who attaches untrusted PDFs to notes and has the icon enabled. ... Una vulnerabilidad de ejecución remota de código (RCE) en las versiones afectadas permite hacer clic en un enlace en un PDF en una nota que no es de confianza para ejecutar comandos de shell arbitrarios. • https://developer.mozilla.org/en-US/docs/Web/HTML/Element/iframe#sandbox https://github.com/laurent22/joplin/security/advisories/GHSA-g8qx-5vcm-3x59 • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 7.3EPSS: 0%CPEs: 13EXPL: 0

An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://support.eset.com/ca8674 • CWE-269: Improper Privilege Management •

CVSS: 5.3EPSS: 0%CPEs: -EXPL: 0

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Alpine Halo9 devices. ... An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the device. •

CVSS: 7.5EPSS: 0%CPEs: -EXPL: 0

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Wyze Cam v3 IP cameras. ... An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. •