Hijack-Everything

**Name of the Vulnerable Software and Affected Versions** VNote versions prior to 3.18.1 **Description** A code execution issue existed in VNote, allowing an attacker to execute arbitrary programs on the victim's system. This could be achieved by using a crafted URI in a note, such as `file:///C:/WINDOWS/system32/cmd.exe` or `file:///C:/WINDOWS/system32/calc.exe`, which references a local executable file. The vulnerability can be exploited by creating and sharing specially crafted notes, potentially leading to further attacks. **Recommendations** For versions prior to 3.18.1, update to version 3.18.1 to resolve the issue. As a temporary workaround, consider avoiding the use of `file:///` links in notes until the update is applied. Restrict access to sharing notes from untrusted sources to minimize the risk of exploitation.