3 matches found
CVE-2026-55570
Technical details are not publicly available in the provided documents. Monitor for updates.
CVE-2026-41421 SiYuan Desktop Notification XSS Leads to Electron RCE
SiYuan is an open-source personal knowledge management system. Prior to 3.6.5, SiYuan desktop renders notification messages as raw HTML inside an Electron renderer. The notification route POST /api/notification/pushMsg accepts a user-controlled msg value, forwards it through the backend broadcast...
CVE-2021-33041
vmd through 1.34.0 allows 'div class="markdown-body"' XSS, as demonstrated by Electron remote code execution via require'childprocess'.execSync'calc.exe' on Windows and a similar attack on macOS...