CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-0849 – Leanote 2.7.0 - Local File Read
https://notcve.org/view.php?id=CVE-2024-0849
07 Feb 2024 — Leanote version 2.7.0 allows obtaining arbitrary local files. This is possible because the application is vulnerable to LFR. La versión 2.7.0 de Leanote permite obtener archivos locales arbitrarios. Esto es posible porque la aplicación es vulnerable a LFR. • https://fluidattacks.com/advisories/alesso • CWE-20: Improper Input Validation CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-73: External Control of File Name or Path •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2017-1000492
https://notcve.org/view.php?id=CVE-2017-1000492
03 Jan 2018 — Leanote-desktop version v2.5 is vulnerable to a XSS which leads to code execution due to enabled node integration Leanote-desktop v2.5 es vulnerable to XSS, que conduce a la ejecución de código debido a la integración de nodos habilitada. • https://github.com/leanote/desktop-app/commit/a2ed226637f8e66c9b089784b5e58eccf2e2fb30 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •