VYPR

Notable

by notable

CVEs (3)

  • CVE-2022-26198CriMar 27, 2022
    risk 0.64cvss 9.8epss 0.02

    Notable v1.8.4 does not filter text editing, allowing attackers to execute arbitrary code via a crafted payload injected into the Title text field.

  • CVE-2020-16608CriDec 10, 2020
    risk 0.63cvss 9.6epss 0.04

    Notable 1.8.4 allows XSS via crafted Markdown text, with resultant remote code execution (because nodeIntegration in webPreferences is true).

  • CVE-2022-29281HigApr 15, 2022
    risk 0.57cvss 8.8epss 0.01

    Notable before 1.9.0-beta.8 doesn't effectively prevent the opening of executable files when clicking on a link. There is improper validation of the file URI scheme. A hyperlink to an SMB share could lead to execution of an arbitrary program (or theft of NTLM credentials via an…