VIR Vulnerability Intelligence Relay

Package impact

golang Go / github.com/enchant97/note-mark/backend

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Published Description Impact
CVE-2026-44523 critical 10.0 10.0 13d ago Note Mark has a JWT Secret Weakness that allows Full Account Takeover via Token Forgery golang
CVE-2026-41571 critical 9.4 9.4 23d ago Note Mark: OIDC-registered users authenticated by submitting password "null" golang
CVE-2026-44522 high 8.0 13d ago Note Mark: Arbitrary File Write via Path Traversal in Asset Names Leads to Remote Code Execution golang
CVE-2026-41572 medium 5.3 5.3 23d ago Note Mark: Unauthenticated read of notes and assets in soft-deleted public books golang
CVE-2026-40265 unknown 1mo ago Note Mark has Broken Access Control on Asset Download golang
CVE-2026-40263 unknown 1mo ago Note Mark: Username Enumeration via Login Endpoint Timing Side-Channel golang
CVE-2026-40262 unknown 1mo ago Note Mark has Stored XSS via Unrestricted Asset Upload golang