PatchSiren

vnotex CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

LOW vnotex CVE published 2026-07-12

CVE-2026-15505

A weakness has been identified in vnotex vnote up to 3.20.1, impacting an unknown function of the file /src/data/extra/web/js/markdownit.js of the YAML Frontmatter component. This manipulation of the argument p_metaData causes cross-site scripting. The attack may be initiated remotely. Users should review and apply vendor patches or updates when available. The vulnerability has a low CVSS score of 2, indi [truncated]