VIR Vulnerability Intelligence Relay

Package impact

golang Go / github.com/enchant97/note-mark/backend

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2026-44523 critical 10.0 10.0 20d ago Note Mark has a JWT Secret Weakness that allows Full Account Takeover via Token Forgery
CVE-2026-41571 critical 9.4 9.4 1mo ago Note Mark: OIDC-registered users authenticated by submitting password "null"
CVE-2026-44522 high 8.0 20d ago Note Mark: Arbitrary File Write via Path Traversal in Asset Names Leads to Remote Code Execution
CVE-2026-41572 medium 5.3 5.3 1mo ago Note Mark: Unauthenticated read of notes and assets in soft-deleted public books
CVE-2026-40265 unknown 2mo ago Note Mark has Broken Access Control on Asset Download
CVE-2026-40263 unknown 2mo ago Note Mark: Username Enumeration via Login Endpoint Timing Side-Channel
CVE-2026-40262 unknown 2mo ago Note Mark has Stored XSS via Unrestricted Asset Upload