CVE-2026-22810
- EPSS 0.21%
- Veröffentlicht 18.05.2026 20:23:57
- Zuletzt bearbeitet 02.06.2026 17:04:00
Joplin is an open source note-taking and to-do application that organises notes and lists into notebooks. Versions prior to 3.5.7 contain a path traversal vulnerability in the importer which allows overwriting arbitrary files on disk. The OneNote con...
CVE-2024-49362
- EPSS 1.04%
- Veröffentlicht 14.11.2024 18:15:19
- Zuletzt bearbeitet 07.05.2025 14:10:19
Joplin is a free, open source note taking and to-do application. Joplin-desktop has a vulnerability that leads to remote code execution (RCE) when a user clicks on an <a> link within untrusted notes. The issue arises due to insufficient sanitization ...
CVE-2022-40277
- EPSS 0.49%
- Veröffentlicht 30.09.2022 17:15:13
- Zuletzt bearbeitet 20.05.2025 19:15:47
Joplin version 2.8.8 allows an external attacker to execute arbitrary commands remotely on any client that opens a link in a malicious markdown file, via Joplin. This is possible because the application does not properly validate the schema/protocol ...
- EPSS 2.09%
- Veröffentlicht 25.07.2022 21:15:08
- Zuletzt bearbeitet 21.11.2024 07:10:47
Joplin v2.8.8 allows attackers to execute arbitrary commands via a crafted payload injected into the Node titles.
CVE-2021-23431
- EPSS 0.4%
- Veröffentlicht 24.08.2021 08:15:22
- Zuletzt bearbeitet 21.11.2024 05:51:44
The package joplin before 2.3.2 are vulnerable to Cross-site Request Forgery (CSRF) due to missing CSRF checks in various forms.