CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

8 matches found

CNNVD•added 2026/04/16 12:0 a.m.•7 views

SiYuan 安全漏洞

SiYuan is an open-source privacy-oriented personal knowledge management system developed by SiYuan itself. Versions of SiYuan 3.6.3 and earlier contained security vulnerabilities. These vulnerabilities stemmed from Mermaid charts being rendered with a relaxed security level, and the generated SVG...

9CVSS5.9AI score0.00055EPSS

Exploits0References1

CNNVD•added 2026/03/25 12:0 a.m.•3 views

GitLab 跨站脚本漏洞

GitLab is an end-to-end software development platform provided by the American company GitLab. It includes built-in features such as version control, issue tracking, code review, and CI/CD Continuous Integration and Delivery. Versions of GitLab CE/EE prior to 18.8.7, 18.9.3, and 18.10.1 contained...

5.4CVSS6AI score0.00042EPSS

Exploits0References4

CNNVD•added 2026/03/13 12:0 a.m.•4 views

OneUptime 跨站脚本漏洞

OneUptime is a comprehensive open-source solution developed by OneUptime. It is used to monitor and manage your online services. Versions of OneUptime prior to 10.0.23 contained a cross-site scripting vulnerability. This vulnerability stemmed from the Markdown viewer component rendering Mermaid...

7.6CVSS5.6AI score0.00053EPSS

Exploits1References1

CNNVD•added 2026/03/03 12:0 a.m.•4 views

dify 跨站脚本漏洞

dify is an open-source LLM application development platform developed by LangGenius. Versions of dify prior to 1.11.2 had a cross-site scripting vulnerability. This vulnerability stemmed from the relaxed security settings when Mermaid charts were rendered in chat messages, potentially leading to...

5.4CVSS5.6AI score0.00012EPSS

Exploits1References3

CNNVD•added 2026/02/13 12:0 a.m.•3 views

beautiful-mermaid 跨站脚本漏洞

Beautiful-Mermaid is a visualization AI assistant tool developed by Craft Docs. Versions of Beautiful-Mermaid prior to 0.1.3 had a cross-site scripting vulnerability. This vulnerability stemmed from an SVG attribute injection issue, which could lead to cross-site scripting attacks when rendering...

5.3CVSS5.6AI score0.00033EPSS

Exploits0References4

NVD•added 2025/09/09 9:15 p.m.•3 views

CVE-2025-58768

DeepChat is a smart assistant uses artificial intelligence. Prior to version 0.3.5, in the Mermaid chart rendering component, there is a risky operation of directly using innerHTML to set user content. Therefore, any malicious content rendered via Mermaid will directly trigger the exploit chain,...

9.6CVSS0.0022EPSS

Exploits1References1

CNVD•added 2025/08/27 12:0 a.m.•3 views

JetBrains YouTrack Cross-Site Scripting Vulnerability

JetBrains YouTrack is a project management tool developed by the Czech company JetBrains. JetBrains YouTrack suffers from a cross-site scripting vulnerability that stems from the content of Mermaid charts, no details of the vulnerability are provided at this time...

8.7CVSS6.2AI score0.00094EPSS

Exploits0References1

CNNVD•added 2025/08/20 12:0 a.m.•2 views

JetBrains YouTrack 跨站脚本漏洞

8.7CVSS5.9AI score0.00094EPSS

Exploits0References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by