Browse all 5 CVE security advisories affecting lakernote. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Lakernote serves as a collaborative note-taking platform primarily used for knowledge sharing and documentation. Historically, it has been susceptible to multiple remote code execution vulnerabilities, cross-site scripting flaws, and privilege escalation issues, as evidenced by its five recorded CVEs. The platform's security posture has been marked by consistent authentication weaknesses and insufficient input validation, leading to several high-severity exploits. While no major public incidents have been documented, the pattern of vulnerabilities suggests ongoing challenges in secure coding practices, particularly in handling user-generated content and access control mechanisms.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2024-5383 | lakernote EasyAdmin upload cross site scripting — EasyAdminCWE-79 | 3.5 | Low | 2024-05-26 |
| CVE-2024-2828 | lakernote EasyAdmin IndexController.java thumbnail server-side request forgery — EasyAdminCWE-918 | 6.3 | Medium | 2024-03-22 |
| CVE-2024-2827 | lakernote EasyAdmin saveReportFile server-side request forgery — EasyAdminCWE-918 | 6.3 | Medium | 2024-03-22 |
| CVE-2024-2826 | lakernote EasyAdmin saveReportFile xml external entity reference — EasyAdminCWE-611 | 6.3 | Medium | 2024-03-22 |
| CVE-2024-2825 | lakernote EasyAdmin saveReportFile path traversal — EasyAdminCWE-24 | 6.3 | Medium | 2024-03-22 |
This page lists every published CVE security advisory associated with lakernote. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.