Several critical security vulnerabilities are tracked under this ID:
: A critical path-traversal vulnerability (CVSS 10.0) in the Assemblyline 4 Service Client . It allows remote attackers to perform arbitrary file writes by crafting a malicious SHA-256 value. 24028 rar
: A Cross-Site Scripting (XSS) flaw in the Joplin note-taking app . This stems from how the app's HTML sanitizer handles comments compared to browsers, potentially allowing arbitrary JavaScript execution. potentially allowing arbitrary JavaScript execution.