| CVE |
Severity |
CVSS |
Risk |
Published |
Description |
Impact |
| CVE-2026-44523 |
critical |
10.0 |
10.0 |
13d ago |
Note Mark has a JWT Secret Weakness that allows Full Account Takeover via Token Forgery |
|
| CVE-2026-41571 |
critical |
9.4 |
9.4 |
23d ago |
Note Mark: OIDC-registered users authenticated by submitting password "null" |
|
| CVE-2026-44522 |
high |
— |
8.0 |
13d ago |
Note Mark: Arbitrary File Write via Path Traversal in Asset Names Leads to Remote Code Execution |
|
| CVE-2026-41572 |
medium |
5.3 |
5.3 |
23d ago |
Note Mark: Unauthenticated read of notes and assets in soft-deleted public books |
|