Vulnerabilidades em enchant97
8 resultadosCVE-2024-41819HIGHNote Mark has a stored XSS in the note link href attributeEPSS 0.8%CVE-2026-44522HIGHNote Mark: Arbitrary File Write via Path Traversal in Asset Names Leading to Remote Code ExecutionEPSS 0.5%CVE-2026-40265MEDIUMNote Mark has Broken Access Control on Asset DownloadEPSS 0.4%CVE-2026-40262HIGHNote Mark has Stored XSS via Unrestricted Asset UploadEPSS 0.3%CVE-2026-41571CRITICALNote Mark: OIDC-registered users authenticated by submitting password "null"EPSS 0.3%CVE-2026-40263LOWNote Mark: Username Enumeration via Login Endpoint Timing Side-ChannelEPSS 0.2%CVE-2026-41572MEDIUMNote Mark: Unauthenticated read of notes and assets in soft-deleted public booksEPSS 0.2%CVE-2026-44523CRITICALNote Mark: JWT Secret Weakness allows Full Account Takeover via token forgeryEPSS 0.1%