Lucene search
K

157 matches found

EUVD
EUVD
added 2026/03/24 3:2 p.m.3 views

EUVD-2026-14907

Vikunja is an open-source self-hosted task management platform. Starting in version 0.21.0 and prior to version 2.2.0, the Vikunja Desktop Electron wrapper enables nodeIntegration in the renderer process without contextIsolation or sandbox. This means any cross-site scripting XSS vulnerability in...

6.5CVSS6.4AI score0.00385EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/03/24 3:2 p.m.3 views

CVE-2026-33334 Vikunja Desktop: Any frontend XSS escalates to Remote Code Execution due to nodeIntegration

Vikunja is an open-source self-hosted task management platform. Starting in version 0.21.0 and prior to version 2.2.0, the Vikunja Desktop Electron wrapper enables nodeIntegration in the renderer process without contextIsolation or sandbox. This means any cross-site scripting XSS vulnerability in...

6.5CVSS6.4AI score0.00385EPSS
Exploits0References2
CVE
CVE
added 2026/03/24 3:2 p.m.21 views

CVE-2026-33334

Summary (CVE-2026-33334): Vikunja Desktop Electron wrapper prior to 2.2.0 enables nodeIntegration in the renderer without contextIsolation or sandbox, turning any web frontend XSS into full remote code execution on the victim’s machine. Affected range: Vikunja 0.21.0 through 2.1.x (up to

9.6CVSS6.4AI score0.00385EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/24 12:0 a.m.7 views

PT-2026-27444

Vikunja is an open-source self-hosted task management platform. Starting in version 0.21.0 and prior to version 2.2.0, the Vikunja Desktop Electron wrapper enables nodeIntegration in the main BrowserWindow and does not restrict same-window navigations. An attacker who can place a link in...

6.5CVSS6.8AI score0.01115EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/03/24 12:0 a.m.8 views

PT-2026-27442

Vikunja is an open-source self-hosted task management platform. Starting in version 0.21.0 and prior to version 2.2.0, the Vikunja Desktop Electron wrapper enables nodeIntegration in the renderer process without contextIsolation or sandbox. This means any cross-site scripting XSS vulnerability in...

6.5CVSS6.4AI score0.00385EPSS
Exploits0References3
OSV
OSV
added 2026/03/20 8:11 a.m.2 views

CVE-2026-33066 SiYuan has Stored XSS to RCE via Unsanitized Bazaar README Rendering

SiYuan is a personal knowledge management system. In versions 3.6.0 and below, the backend renderREADME function uses lute.New without calling SetSanitizetrue, allowing raw HTML embedded in Markdown to pass through unmodified. The frontend then assigns the rendered HTML to innerHTML without any...

5.3CVSS6.5AI score0.00584EPSS
Exploits1References4
NVD
NVD
added 2026/03/19 10:16 p.m.8 views

CVE-2026-32751

SiYuan is a personal knowledge management system. In versions 3.6.0 and below, the mobile file tree MobileFiles.ts renders notebook names via innerHTML without HTML escaping when processing renamenotebook WebSocket events. The desktop version Files.ts properly uses escapeHtml for the same...

9CVSS0.00796EPSS
Exploits1References3
OSV
OSV
added 2026/03/18 4:9 p.m.4 views

GHSA-MVPM-V6Q4-M2PF SiYuan has Stored XSS to RCE via Unsanitized Bazaar Package Metadata

Stored XSS to RCE via Unsanitized Bazaar Package Metadata Summary SiYuan's Bazaar community marketplace renders package metadata fields displayName, description using template literals without HTML escaping. A malicious package author can inject arbitrary HTML/JavaScript into these fields, which...

5.3CVSS6.5AI score0.00549EPSS
Exploits2References3
Github Security Blog
Github Security Blog
added 2026/03/16 8:43 p.m.9 views

SiYuan Vulnerable to Remote Code Execution via Malicious Bazaar Package — Marketplace XSS

Remote Code Execution via Malicious Bazaar Package — Marketplace XSS Summary SiYuan's Bazaar community marketplace renders plugin/theme/template metadata and README content without sanitization. A malicious package author can achieve RCE on any user who browses the Bazaar by: 1. Package metadata...

6.6AI score
Exploits0References2Affected Software1
OSV
OSV
added 2026/03/16 6:47 p.m.4 views

GHSA-QR46-RCV3-4HQ3 SiYuan Vulnerable to Remote Code Execution via Stored XSS in Notebook Name - Mobile Interface

Remote Code Execution via Stored XSS in Notebook Name - Mobile Interface Summary SiYuan's mobile file tree MobileFiles.ts renders notebook names via innerHTML without HTML escaping when processing renamenotebook WebSocket events. The desktop version Files.ts properly uses escapeHtml for the same...

5.1CVSS6.6AI score0.00796EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2026/03/16 12:0 a.m.6 views

PT-2026-25826

Name of the Vulnerable Software and Affected Versions SiYuan versions 3.6.0 and below SiYuan versions prior to 3.6.1 Description SiYuan is a personal knowledge management system. The mobile file tree component MobileFiles.ts renders notebook names using innerHTML without proper HTML escaping when...

9CVSS6AI score0.00796EPSS
Exploits1References9
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2020-8569

Malware in sbrugna...

9.6CVSS9.1AI score0.0434EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2020-18783

Malware in sbrugna...

9.6CVSS9.2AI score0.01913EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2018-1933

Malware in sbrugna...

6.1CVSS6.3AI score0.01203EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2019-8356

Malware in sbrugna...

9.8CVSS9.2AI score0.00765EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2017-1605

Malware in sbrugna...

6.1CVSS6.3AI score0.01044EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2020-18784

Malware in sbrugna...

9.6CVSS9.2AI score0.01913EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.0 views

EUVD-2022-4421

Malicious code in bioql PyPI...

6.1CVSS6.2AI score0.01108EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/05/23 9:18 a.m.6 views

CVE-2024-3166

A Cross-Site Scripting XSS vulnerability exists in mintplex-labs/anything-llm, affecting both the desktop application version 1.2.0 and the latest version of the web application. The vulnerability arises from the application's feature to fetch and embed content from websites into workspaces, whic...

9.6CVSS6.6AI score0.00962EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 11:41 p.m.2 views

CVE-2022-41709

Markdownify version 1.4.1 allows an external attacker to execute arbitrary code remotely on any client attempting to view a malicious markdown file through Markdownify. This is possible because the application has the "nodeIntegration" option enabled...

7.8CVSS7.8AI score0.00426EPSS
Exploits1References1
Rows per page
Query Builder