CVE ID :CVE-2026-33955 Published : March 27, 2026, 9:27 p.m. | 24 minutes ago Description :Notesnook is a note-taking app. Prior to version 3.3.11 on Web/Desktop, a cross-site scripting vulnerability stored in the note history comparison viewer can escalate to remote code execution in a desktop application. The issue is triggered when an attacker-controlled note header is displayed using `dangerouslySetInnerHTML` without secure handling. When combined with the full backup and restore feature in the desktop application, this becomes remote code execution because Electron is configured with `nodeIntegration: true` and `contextIsolation: false`. Version 3.3.11 patches the issue. Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...