Lucene search
+L

167 matches found

EUVD
EUVD
added 4 days ago6 views

EUVD-2026-44747

Cherry Studio versions 1.2.2 through 1.9.12, fixed in commit 1518530, contain a remote code execution vulnerability in SearchService that allows remote attackers to execute arbitrary code by delivering malicious JavaScript through controlled search provider content loaded into an Electron...

8.8CVSS6.7AI score0.00438EPSS
Exploits0References3
CVE
CVE
added 4 days ago8 views

CVE-2026-40501

Cherry Studio versions 1.2.2–1.9.12 contain a remote code execution vulnerability in the SearchService due to a nodeIntegration misconfiguration. When an Electron BrowserWindow is created with nodeIntegration enabled and contextIsolation disabled, control over search provider content (provided by...

8.8CVSS6.7AI score0.00438EPSS
Exploits0References3
OSV
OSV
added 4 days ago4 views

CVE-2026-40501 Cherry Studio RCE via SearchService nodeIntegration Misconfiguration

Cherry Studio versions 1.2.2 through 1.9.12, fixed in commit 1518530, contain a remote code execution vulnerability in SearchService that allows remote attackers to execute arbitrary code by delivering malicious JavaScript through controlled search provider content loaded into an Electron...

8.6CVSS6.7AI score0.00438EPSS
Exploits0References6
EUVD
EUVD
added 2026/07/10 7:25 p.m.9 views

EUVD-2026-39123

SiYuan: Stored XSS to RCE via CSS-snippet breakout in renderSnippet...

9.9CVSS6.1AI score0.00307EPSS
Exploits0References2
NVD
NVD
added 2026/07/07 10:16 p.m.10 views

CVE-2026-55408

Koodo Reader is an ebook reader. In version 2.3.0 and earlier, Koodo Reader is vulnerable to remote code execution through malicious EPUB files because the open-book IPC handler enables nodeIntegrationInSubFrames and EPUB chapter content is rendered with unsanitized innerHTML. An attacker can cra...

8.4CVSS0.00188EPSS
Exploits0References1
CVE
CVE
added 2026/07/07 9:2 p.m.12 views

CVE-2026-55408

Summary : CVE-2026-55408 affects Koodo Reader

8.4CVSS6.8AI score0.00188EPSS
Exploits0References1
OSV
OSV
added 2026/07/07 9:2 p.m.7 views

CVE-2026-55408 Koodo Reader: Remote code execution via malicious epub file

Koodo Reader is an ebook reader. In version 2.3.0 and earlier, Koodo Reader is vulnerable to remote code execution through malicious EPUB files because the open-book IPC handler enables nodeIntegrationInSubFrames and EPUB chapter content is rendered with unsanitized innerHTML. An attacker can cra...

8.4CVSS6.8AI score0.00188EPSS
Exploits0References3
NVD
NVD
added 2026/06/24 10:16 p.m.10 views

CVE-2026-54158

SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, the attribute-view database cell renderer genAVValueHTML interpolates cell content raw in four of its branches: text, url, phone, and mAsset. A cell value like or " breaks out of its surrounding tag and runs arbitrary...

9.9CVSS0.00289EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/24 9:19 p.m.5 views

CVE-2026-54158

SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, the attribute-view database cell renderer genAVValueHTML interpolates cell content raw in four of its branches: text, url, phone, and mAsset. A cell value like or " breaks out of its surrounding tag and runs arbitrary...

9.9CVSS6AI score0.00289EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/06/24 9:19 p.m.12 views

CVE-2026-54158

SiYuan CVE-2026-54158: A stored XSS in the attribute-view cell renderer (genAVValueHTML) can break out of its tag with crafted values in text/url/phone/mAsset, potentially leading to RCE in Electron if nodeIntegration is enabled. The issue persists in AV files under the workspace and propagates a...

9.9CVSS6AI score0.00289EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/24 9:14 p.m.21 views

CVE-2026-54067 SiYuan: Stored XSS to RCE via CSS-snippet <style> breakout in renderSnippet()

SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, CSS snippet body containing breaks out of its surrounding tag when renderSnippet interpolates it via insertAdjacentHTML. A payload like runs arbitrary JavaScript in the renderer. On Electron desktop builds the renderer...

9.9CVSS0.00307EPSS
Exploits0References1
OSV
OSV
added 2026/06/24 9:14 p.m.4 views

CVE-2026-54067 SiYuan: Stored XSS to RCE via CSS-snippet <style> breakout in renderSnippet()

SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, CSS snippet body containing breaks out of its surrounding tag when renderSnippet interpolates it via insertAdjacentHTML. A payload like runs arbitrary JavaScript in the renderer. On Electron desktop builds the renderer...

9.9CVSS6.1AI score0.00307EPSS
Exploits0References3
NVD
NVD
added 2026/06/21 2:16 p.m.14 views

CVE-2026-56395

SiYuan before v3.6.1 fails to sanitize package metadata and README content in the Bazaar marketplace, allowing malicious package authors to inject arbitrary HTML and JavaScript. Attackers can achieve remote code execution on any user browsing the Bazaar by embedding XSS payloads in package...

9.6CVSS0.00391EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/21 1:27 p.m.8 views

CVE-2026-56397

SiYuan before v3.6.1 fails to sanitize package metadata and README content in the Bazaar marketplace, allowing malicious package authors to inject arbitrary HTML and JavaScript. Attackers can achieve remote code execution on any user browsing the Bazaar by embedding XSS payloads in package...

9.6CVSS6.7AI score0.00391EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/21 1:27 p.m.10 views

EUVD-2026-38161

SiYuan before v3.6.1 fails to sanitize package metadata and README content in the Bazaar marketplace, allowing malicious package authors to inject arbitrary HTML and JavaScript. Attackers can achieve remote code execution on any user browsing the Bazaar by embedding XSS payloads in package...

9.6CVSS6.7AI score0.00391EPSS
Exploits0References2
CVE
CVE
added 2026/06/21 1:27 p.m.34 views

CVE-2026-56395

SiYuan exposes a vulnerability (CVE-2026-56395) where SieYuan versions prior to 3.6.1 fail to sanitize Bazaar marketplace metadata and README content, enabling arbitrary HTML/JavaScript injection. The underlying issue is improper sanitization of package displayName, description, or README fields,...

9.6CVSS6.7AI score0.00391EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/21 1:27 p.m.8 views

CVE-2026-56395

SiYuan before v3.6.1 fails to sanitize package metadata and README content in the Bazaar marketplace, allowing malicious package authors to inject arbitrary HTML and JavaScript. Attackers can achieve remote code execution on any user browsing the Bazaar by embedding XSS payloads in package...

9.6CVSS6.7AI score0.00391EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/21 1:27 p.m.37 views

CVE-2026-56395 SiYuan - Remote Code Execution via Malicious Bazaar Package Metadata and README

SiYuan before v3.6.1 fails to sanitize package metadata and README content in the Bazaar marketplace, allowing malicious package authors to inject arbitrary HTML and JavaScript. Attackers can achieve remote code execution on any user browsing the Bazaar by embedding XSS payloads in package...

9.6CVSS0.00391EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/21 12:0 a.m.26 views

PT-2026-51236

Name of the Vulnerable Software and Affected Versions SiYuan versions prior to 3.6.1 Description SiYuan fails to sanitize package metadata and README content within the Bazaar marketplace. This allows malicious authors to inject arbitrary HTML and JavaScript into the displayName, description, or...

9.6CVSS6.7AI score0.00391EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2026/06/05 7:20 p.m.10 views

CVE-2026-41421

SiYuan is an open-source personal knowledge management system. Prior to 3.6.5, SiYuan desktop renders notification messages as raw HTML inside an Electron renderer. The notification route POST /api/notification/pushMsg accepts a user-controlled msg value, forwards it through the backend broadcast...

8.8CVSS5.7AI score0.00134EPSS
Exploits0References1
Rows per page
Query Builder