Export CSV

Products

1 vendor
VendorProductsCVEsKEVAvg EPSSWorst Severity
14010.8%CRITICAL

Related CVEs

4
CVE IDDescriptionSeverityCVSSKEVEPSSPublished
CVE-2026-22810Joplin is an open source note-taking and to-do application that organises notes and lists into notebooks. Versions prior to 3.5.7 contain a path traversal vulnerability in the importer which allows overwriting arbitrary files on disk. The OneNote converter does not sanitize the names of embedded files before writing them to disk. As a result, it's possible for an attacker to create a malicious .one file that includes file names containing ../../, that are then interpreted as part of the target path when extracting attachments from the .one file. This issue has been patched in version 3.5.7.HIGH7.310.8%May 18, 2026
CVE-2022-40277Joplin version 2.8.8 allows an external attacker to execute arbitrary commands remotely on any client that opens a link in a malicious markdown file, via Joplin. This is possible because the application does not properly validate the schema/protocol of existing links in the markdown file before passing them to the 'shell.openExternal' function.HIGH7.8Sep 30, 2022
CVE-2022-35131Joplin v2.8.8 allows attackers to execute arbitrary commands via a crafted payload injected into the Node titles.CRITICAL9.0Jul 25, 2022
CVE-2021-23431The package joplin before 2.3.2 are vulnerable to Cross-site Request Forgery (CSRF) due to missing CSRF checks in various forms.HIGH8.8Aug 24, 2021