CVE-2026-39846

CVE-2026-39846 – SiYuan Electron desktop client is affected prior to 3.6.4. A crafted note with table caption content that is stored without safe escaping can be unescaped in rendered HTML, creating a stored XSS sink. Since the desktop renderer runs with nodeIntegration enabled and contextIsolati...

CVE-2026-39846 SiYuan affected by Remote Code Execution in the Electron desktop client via stored XSS in synced table captions

SiYuan is a personal knowledge management system. Prior to 3.6.4, a malicious note synced to another user can trigger remote code execution in the SiYuan Electron desktop client. The root cause is that table caption content is stored without safe escaping and later unescaped into rendered HTML,...

Directory Traversal

Overview org.apache.activemq:activemq-client is a high performance Apache 2.0 licensed Message Broker and JMS 1.1 implementation. Affected versions of this package are vulnerable to Directory Traversal via improper validation of classpath path names in the key parameter during the creation of a...

CVE-2026-31060

UTT Aggressive HiPER 810G v3v1.7.7-171114 was discovered to contain a buffer overflow in the notes parameter of the formGroupConfig function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted input...

PT-2026-31031

Name of the Vulnerable Software and Affected Versions SiYuan versions prior to 3.6.4 Description SiYuan, a personal knowledge management system, is susceptible to remote code execution in the Electron desktop client prior to version 3.6.4. This occurs because table caption content is stored and...

ChurchCRM 安全漏洞

ChurchCRM is an open-source CRM system developed for churches. Versions of ChurchCRM prior to 6.5.3 contained security vulnerabilities. These vulnerabilities stemmed from a storage-oriented cross-site scripting vulnerability in the note editor. This could allow authenticated users with note-addin...

CVE-2026-5568

A vulnerability has been found in Akaunting up to 3.1.21. This issue affects some unknown processing of the component Invoice/Billing. The manipulation of the argument notes leads to cross site scripting. The attack is possible to be carried out remotely. The exploit has been disclosed to the...

EUVD-2026-19255

UTT Aggressive HiPER 810G v3v1.7.7-171114 was discovered to contain a buffer overflow in the notes parameter of the formGroupConfig function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted input...

CVE-2026-31060

UTT Aggressive HiPER 810G v3v1.7.7-171114 was discovered to contain a buffer overflow in the notes parameter of the formGroupConfig function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted input...

CVE-2026-31060

UTT Aggressive HiPER 810G v3v1.7.7-171114 was discovered to contain a buffer overflow in the notes parameter of the formGroupConfig function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted input...

UTT HiPER 810G 安全漏洞

UTT HiPER 810G is a firewall router produced by UTT Corporation. The UTT HiPER 810G v3v1.7.7-171114 version contains a security vulnerability. This vulnerability stems from a buffer overflow in the notes parameter of the formGroupConfig function, which may lead to a denial-of-service attack...

CVE-2026-31060

UTT Aggressive HiPER 810G v3v1.7.7-171114 was discovered to contain a buffer overflow in the notes parameter of the formGroupConfig function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted input...

CVE-2026-31060

The CVE-2026-31060 entry concerns UTT Aggressive HiPER 810G v3v1.7.7-171114. The root cause is a buffer overflow in the notes parameter of the formGroupConfig function, leading to Denial of Service when a crafted input is supplied. Public exposure details are limited to the affected software vers...

PT-2026-30618

UTT Aggressive HiPER 810G v3v1.7.7-171114 was discovered to contain a buffer overflow in the notes parameter of the formGroupConfig function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted input...

CVE-2026-5568

A vulnerability has been found in Akaunting up to 3.1.21. This issue affects some unknown processing of the component Invoice/Billing. The manipulation of the argument notes leads to cross site scripting. The attack is possible to be carried out remotely. The exploit has been disclosed to the...

CVE-2026-5568

CVE-2026-5568 affects Akaunting up to version 3.1.21, specifically the Invoice/Billing processing. The vulnerability arises from the manipulation of the argument notes , enabling a remote cross‑site scripting (XSS) attack. The issue is exploitable remotely and the exploit has been publicly disclo...

CVE-2026-5568 Akaunting Invoice/Billing cross site scripting

A vulnerability has been found in Akaunting up to 3.1.21. This issue affects some unknown processing of the component Invoice/Billing. The manipulation of the argument notes leads to cross site scripting. The attack is possible to be carried out remotely. The exploit has been disclosed to the...

CVE-2026-5568 Akaunting Invoice/Billing cross site scripting

A vulnerability has been found in Akaunting up to 3.1.21. This issue affects some unknown processing of the component Invoice/Billing. The manipulation of the argument notes leads to cross site scripting. The attack is possible to be carried out remotely. The exploit has been disclosed to the...

Akaunting 代码注入漏洞

Akaunting is an application software provided by Akaunting Corporation that offers all the tools needed for online fund management. Versions of Akaunting 3.1.21 and earlier had a code injection vulnerability, which was caused by incorrect handling of the parameter “notes” in the Invoice/Billing...

PT-2026-30139

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel's mac80211 component related to the handling of skb socket buffer memory allocation within the ieee80211 tx prepare skb function. Specifically, the...