CVE-2026-44588 SiYuan: URL-encoded title bypasses `escapeAriaLabel`, decoded by `decodeURIComponent` into a tooltip-XSS

SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, he tooltip mouseover handler in app/src/block/popover.ts reads aria-label via getAttribute and passes it through decodeURIComponent before assigning to messageElement.innerHTML in app/src/dialog/tooltip.ts:41. The...

CVE-2026-41421

SiYuan is an open-source personal knowledge management system. Prior to 3.6.5, SiYuan desktop renders notification messages as raw HTML inside an Electron renderer. The notification route POST /api/notification/pushMsg accepts a user-controlled msg value, forwards it through the backend broadcast...

CVE-2023-4030

A vulnerability was reported in BIOS for ThinkPad P14s Gen 2, P15s Gen 2, T14 Gen 2, and T15 Gen 2 that could cause the system to recover to insecure settings if the BIOS becomes corrupt...

PT-2025-48700

Name of the Vulnerable Software and Affected Versions Entrust nShield Connect XC versions through 13.6.11 Entrust nShield 5c versions through 13.6.11 Entrust nShield HSMi versions through 13.6.11 Entrust nShield Connect XC version 13.7 Entrust nShield 5c version 13.7 Entrust nShield HSMi version...

CVE-2025-27093

creationtimestamp| type| source ---|---|--- 2025-10-27 22:59:13+00:00| published-proof-of-concept| https://github.com/BishopFox/sliver/security/advisories/GHSA-q8j9-34qf-7vq7 2025-11-21 12:22:30+00:00| seen| https://threatintel.cc/2025/11/21/sliver-c-insecure-default-network.html 2025-11-21...

EUVD-2006-4487

Malware in sbrugna...

EUVD-2017-16827

Malware in sbrugna...

EUVD-2019-4361

Malware in sbrugna...

EUVD-2007-6685

Malware in sbrugna...

EUVD-2009-3269

Malware in sbrugna...

EUVD-2022-51401

Malicious code in bioql PyPI...

PT-2025-31865 · Unknown · Gitkraken Desktop

Name of the Vulnerable Software and Affected Versions: GitKraken Desktop versions 10.8.0 and 11.1.0 Description: GitKraken Desktop is susceptible to code injection due to misconfigured Electron Fuses. Insecure settings, specifically RunAsNode being enabled and EnableNodeCliInspectArguments not...

CVE-2025-51387

CVE-2025-51387 affects GitKraken Desktop versions 10.8.0 and 11.1.0. The root cause is misconfigured Electron Fuses: RunAsNode is enabled and EnableNodeCliInspectArguments is not disabled, allowing the application to run in Node.js mode. This configuration enables attackers to pass arguments that...

DEBIAN-CVE-2025-53391

The Debian zuluPolkit/CMakeLists.txt file for zuluCrypt through the zulucrypt6.2.0-1 package has insecure PolicyKit allowany/allowinactive/allowactive settings that allow a local user to escalate their privileges to root...

pgjdbc: pgjdbc insecure authentication in channel binding

A connection handling flaw was found in the pgjdbc connection driver in configurations that require channel binding. Connections created with authentication methods that should not allow channel binding permit connections to use channel binding. This flaw allows attackers to position themselves i...

CVE-2025-1863

CVE-2025-1863 affects Yokogawa recorder products with insecure default authentication settings. The default authentication is disabled, enabling network-accessible access to all settings/operations and allowing manipulation of measured values and configurations. Affected products and versions inc...

PT-2025-17258 · Yokogawa Electric · Fx1000 +12

Name of the Vulnerable Software and Affected Versions: Yokogawa Electric Corporation GX10 / GX20 / GP10 / GP20 Paperless Recorders versions R5.04.01 or earlier Yokogawa Electric Corporation GM Data Acquisition System versions R5.05.01 or earlier Yokogawa Electric Corporation DX1000 / DX2000 /...

CVE-2025-23407

Incorrect privilege assignment vulnerability in the WEB UI the setting page exists in Wi-Fi AP UNIT 'AC-WPS-11ac series'. If exploited, a remote attacker who can log in to the product may alter the settings without appropriate privileges...

UniRide Vehicle Booking Management System 1.0 Insecure Settings

UniRide Vehicle Booking Management System version 1.0 suffers from an ignored default credential vulnerability. ============================================================================================================================================= | Title : UniRide Vehicle Booking Managemen...

CVE-2024-20397 Cisco NX-OS Software Image Verification Bypass Vulnerability

A vulnerability in the bootloader of Cisco NX-OS Software could allow an unauthenticated attacker with physical access to an affected device, or an authenticated, local attacker with administrative credentials, to bypass NX-OS image signature verification. This vulnerability is due to insecure...