17 matches found
CVE-2026-34448
SiYuan is a personal knowledge management system. Prior to version 3.6.2, an attacker who can place a malicious URL in an Attribute View mAsse field can trigger stored XSS when a victim opens the Gallery or Kanban view with “Cover From - Asset Field” enabled. The vulnerable code accepts arbitrary...
CVE-2026-34585
SiYuan is a personal knowledge management system. Prior to version 3.6.2, a vulnerability allows crafted block attribute values to bypass server-side attribute escaping when an HTML entity is mixed with raw special characters. An attacker can embed a malicious IAL value inside a .sy document,...
CVE-2026-34585
SiYuan is a personal knowledge management system. Prior to version 3.6.2, a vulnerability allows crafted block attribute values to bypass server-side attribute escaping when an HTML entity is mixed with raw special characters. An attacker can embed a malicious IAL value inside a .sy document,...
CVE-2026-34448
SiYuan is a personal knowledge management system. Prior to version 3.6.2, an attacker who can place a malicious URL in an Attribute View mAsse field can trigger stored XSS when a victim opens the Gallery or Kanban view with “Cover From - Asset Field” enabled. The vulnerable code accepts arbitrary...
CVE-2026-34585 SiYuan: Stored XSS in imported .sy.zip content leads to arbitrary command execution
SiYuan is a personal knowledge management system. Prior to version 3.6.2, a vulnerability allows crafted block attribute values to bypass server-side attribute escaping when an HTML entity is mixed with raw special characters. An attacker can embed a malicious IAL value inside a .sy document,...
CVE-2026-34585 SiYuan: Stored XSS in imported .sy.zip content leads to arbitrary command execution
SiYuan is a personal knowledge management system. Prior to version 3.6.2, a vulnerability allows crafted block attribute values to bypass server-side attribute escaping when an HTML entity is mixed with raw special characters. An attacker can embed a malicious IAL value inside a .sy document,...
CVE-2026-34585
SiYuan prior to version 3.6.2 is affected. A crafted IAL value inside a .sy document packaged as a .sy.zip can bypass server-side attribute escaping during Import, causing an HTML context break and stored XSS. In the Electron desktop client, this XSS can execute JavaScript with Node/Electron priv...
EUVD-2026-17675
SiYuan is a personal knowledge management system. Prior to version 3.6.2, an attacker who can place a malicious URL in an Attribute View mAsse field can trigger stored XSS when a victim opens the Gallery or Kanban view with “Cover From - Asset Field” enabled. The vulnerable code accepts arbitrary...
CVE-2026-34448
SiYuan prior to 3.6.2 is affected by a stored XSS in the Attribute View Gallery/Kanban rendering: placing a malicious URL in an Asset Field can be injected into an tag without escaping, with the Electron desktop client executing injected code due to nodeIntegration enabled and contextIsolation d...
SiYuan 代码注入漏洞
SiYuan is a privacy-oriented personal knowledge management system developed by SiYuan itself. Versions of SiYuan prior to 3.6.2 contained a code injection vulnerability. This vulnerability stemmed from the possibility that custom block attribute values could bypass server-side attribute escaping,...
EUVD-2020-18619
Malware in sbrugna...
CVE-2020-25989
Privilege escalation via arbitrary file write in pritunl electron client 1.0.1116.6 through v1.2.2550.20. Successful exploitation of the issue may allow an attacker to execute code on the effected system with root privileges...
CVE-2020-25989
Privilege escalation via arbitrary file write in pritunl electron client 1.0.1116.6 through v1.2.2550.20. Successful exploitation of the issue may allow an attacker to execute code on the effected system with root privileges...
Privilege escalation
Privilege escalation via arbitrary file write in pritunl electron client 1.0.1116.6 through v1.2.2550.20. Successful exploitation of the issue may allow an attacker to execute code on the effected system with root privileges...
CVE-2020-25989
The CVE-2020-25989 entry concerns pritunl's Electron client (versions 1.0.1116.6 up to 1.2.2550.20). The issue is a privilege-escalation via arbitrary file write that may allow code execution with root privileges on the affected system. The connected documents confirm the vulnerability class and ...
CVE-2020-25989
Privilege escalation via arbitrary file write in pritunl electron client 1.0.1116.6 through v1.2.2550.20. Successful exploitation of the issue may allow an attacker to execute code on the effected system with root privileges...
Rocket.Chat: XSS in message attachment fileds.
NOTE! Thanks for submitting a report! Please replace all the square sections below with the pertinent details. Remember, the more detail you provide, the easier it is for us to verify and then potentially issue a bounty, so be sure to take your time filling out the report! Summary: There is a...