Lucene search
K

4 matches found

NVD
NVD
added 2026/06/24 10:16 p.m.9 views

CVE-2026-55570

SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, it does not escape the untrusted fields name, version, author, description when they are serialized into the data-obj HTML attribute of each marketplace card. Because the attribute is single-quoted and the value is...

9CVSS0.00327EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.9 views

PT-2026-52107

Name of the Vulnerable Software and Affected Versions SiYuan versions prior to 3.7.0 Description An unauthenticated remote attacker can read arbitrary files within the WorkspaceDir when the system is in publish mode, which is an anonymous read-only HTTP endpoint. This is achieved by using...

7.5CVSS6.2AI score0.01892EPSS
Exploits0References8
CVE
CVE
added 2026/05/14 6:19 p.m.17 views

CVE-2026-45148

SiYuan (open-source personal knowledge management) before v3.7.0 has broken access control in publish-mode, allowing Readers to enumerate metadata across documents via the searchAsset, searchTag, searchWidget, and searchTemplate endpoints. The issue arises when a publish-mode RoleReader accesses ...

4.3CVSS5.8AI score0.00221EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/11 6:32 p.m.32 views

CVE-2026-42870 WeGIA: Cross-Site Scripting (XSS) Stored endpoint 'informacao_adicional.php' parameter 'descricao'

WeGIA is a web manager for charitable institutions. In versions prior to 3.7.0, a Stored Cross-Site Scripting XSS flaw was identified at the following endpoint: funcionario/profilefuncionario.php?idfuncionario=2. By injecting a malicious payload into the 'Description' Descrição field and saving t...

6.4CVSS0.00281EPSS
Exploits0References1
Rows per page
Query Builder