Enchant97 Note-mark
8 CVEs affecting Enchant97 Note-mark. Latest disclosed: 2026-05-14. Critical: 2, High: 2.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-44523 | Critical | 10.0 | 2026-05-14 | Note Mark is an open-source note-taking application. Prior to 0.19.4, no minimum length or entropy is enforced on the JWT_SECRET configuration value. The appli… |
CVE-2026-41571 | Critical | 9.4 | 2026-05-04 | Note Mark is an open-source note-taking application. In version 0.19.2, IsPasswordMatch in backend/db/models.go falls back to a hard-coded bcrypt("null") place… |
CVE-2026-40262 | High | 8.7 | 2026-04-16 | Note Mark is an open-source note-taking application. In versions 0.19.1 and prior, the asset delivery handler serves uploaded files inline and relies on magic-… |
CVE-2024-41819 | High | 8.7 | 2024-07-29 | Note Mark is a web-based Markdown notes app. A stored cross-site scripting (XSS) vulnerability in Note Mark allows attackers to execute arbitrary web scripts v… |
CVE-2026-40265 | Medium | 5.9 | 2026-04-16 | Note Mark is an open-source note-taking application. In versions 0.19.1 and prior, the asset download endpoint at /api/notes/{noteID}/assets/{assetID} is regis… |
CVE-2026-41572 | Medium | 5.3 | 2026-05-04 | Note Mark is an open-source note-taking application. Prior to version 0.19.3, after a note-mark owner soft-deletes a public book, its notes and uploaded assets… |
CVE-2026-40263 | Low | 3.7 | 2026-04-16 | Note Mark is an open-source note-taking application. In versions 0.19.1 and prior, the login endpoint performs bcrypt password verification only when the suppl… |
CVE-2026-44522 | | 2026-05-14 | Note Mark is an open-source note-taking application. From 0.13.0 to before 0.19.4, the Note Mark application allows authenticated users to upload assets to not… |