The vulnerability exists in NoteMark version 0.13.0 and below. By injecting a malicious payload into a note and rendering it using the 'Rendered' tab, an attacker can execute arbitrary JavaScript code in the context of the user's session.
A Remote Code Execution (RCE) vulnerability was found in the DICOM file import process of Invesalius 3. This vulnerability affects versions 3.1.99991 to 3.1.99998. By utilizing a specially crafted DICOM file, an attacker can execute arbitrary code on the victim's system.