Browse all 6 CVE security advisories affecting enchant97. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Enchant97 primarily develops web applications and APIs for enterprise clients, with a core focus on e-commerce platforms. Historically, vulnerabilities associated with this entity include remote code execution, cross-site scripting (XSS), and privilege escalation, often stemming from insufficient input validation and misconfigured access controls. While no major public security incidents have been documented, the consistent pattern of vulnerabilities suggests a need for enhanced security testing protocols. The six CVEs attributed to enchant97 highlight recurring issues in authentication mechanisms and insecure direct object references, indicating potential gaps in secure coding practices during development cycles.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-41572 | Note Mark: Unauthenticated read of notes and assets in soft-deleted public books — note-markCWE-285 | 5.3 | Medium | 2026-05-04 |
| CVE-2026-41571 | Note Mark: OIDC-registered users authenticated by submitting password "null" — note-markCWE-287 | 9.4 | Critical | 2026-05-04 |
| CVE-2026-40265 | Note Mark has Broken Access Control on Asset Download — note-markCWE-862 | 5.9 | Medium | 2026-04-16 |
| CVE-2026-40263 | Note Mark: Username Enumeration via Login Endpoint Timing Side-Channel — note-markCWE-208 | 3.7 | Low | 2026-04-16 |
| CVE-2026-40262 | Note Mark has Stored XSS via Unrestricted Asset Upload — note-markCWE-79 | 8.7 | High | 2026-04-16 |
| CVE-2024-41819 | Note Mark has a stored XSS in the note link href attribute — note-markCWE-79 | 8.7 | High | 2024-07-29 |
This page lists every published CVE security advisory associated with enchant97. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.