CVE-2026-54759

SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, Lute's HTML sanitizer does not remove elements. Combined with the SiYuan Electron client's permissive security configuration, an attacker can include a malicious in a Bazaar package README that executes arbitrary...

CVE-2026-54070

SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, renderPackageREADME in kernel/bazaar/readme.go renders a Bazaar package README from Markdown to HTML with the lute engine and SetSanitizetrue. The lute sanitizer is an event-handler blocklist: allowAttr rejects only...

CVE-2026-52816

Gogs is an open source self-hosted Git service. Prior to 0.14.3, the Jupyter Notebook ipynb sanitizer endpoint at POST /-/api/sanitizeipynb allows arbitrary data: URIs without proper restrictions, potentially leading to Cross-Site Scripting XSS. The endpoint uses bluemonday.UGCPolicy with...

CVE-2026-52816

Gogs exposes an unauthenticated REST endpoint POST /-/api/sanitize_ipynb that uses bluemonday.UGCPolicy with AllowURLSchemes("data"), allowing all data: URIs (including data:text/html). This enables a registered user to craft payloads that survive sanitization and execute XSS when rendered in oth...

CVE-2026-50129

CVE-2026-50129 affects Mastodon before versions 4.5.11, 4.4.18, and 4.3.24. The issue is a DoS caused by an uncaught exception in the math sanitizer’s MATH_TRANSFORMER due to missing exception handling; malformed nodes can crash the server or disrupt services depending on the action and interact...

CVE-2026-50129

Mastodon is a free, open-source social network server based on ActivityPub. Prior to 4.5.11, 4.4.18, and 4.3.24, a DoS can be triggered by Uncaught Exception vulerability, due to missing exception handling in the math sanitizer. Malformed nodes can result in a DoS of a whole server or targeted...

EUVD-2026-38870

In the Linux kernel, the following vulnerability has been resolved: netfilter: conntrack: remove sprintf usage Replace it with scnprintf, the buffer sizes are expected to be large enough to hold the result, no need for snprintf+overflow check. Increase buffer size in manglecontentlen while at it...

Stirling-PDF SSRF via Markdown

Stirling-PDF is a locally hosted web application that performs various operations on PDF files. Prior to version 1.1.0, when using the /api/v1/convert/markdown/pdf endpoint to convert Markdown to PDF, the backend calls a third-party tool to process it and includes a sanitizer for security...

Stirling-PDF < 1.1.0 - Server-Side Request Forgery

Stirling-PDF 1.1.0 contains a server side request forgery caused by bypassing the sanitizer in the /api/v1/convert/html/pdf endpoint when processing HTML to PDF conversion, letting attackers perform SSRF, exploit requires local access. id: CVE-2025-55150 info: name: Stirling-PDF 1.1.0 - Server-Si...

SiYuan <= v3.5.9 - Cross Site Scripting

SiYuan v3.5.10 contains a reflected XSS caused by improper sanitization of javascript: href attributes allowing ASCII control characters to bypass prefix checks in SVG sanitizer, letting unauthenticated attackers execute JavaScript via /api/icon/getDynamicIcon. id: CVE-2026-31809 info: name: SiYu...

Gogs's Unauthenticated Jupyter Notebook (ipynb) Sanitizer allows arbitrary data: URIs leading to XSS

Summary The Jupyter Notebook ipynb sanitizer endpoint at POST /-/api/sanitizeipynb allows arbitrary data: URIs without proper restrictions, potentially leading to Cross-Site Scripting XSS. The endpoint uses bluemonday.UGCPolicy with p.AllowURLSchemes"data" which permits all data URI schemes...

PT-2026-51634

Name of the Vulnerable Software and Affected Versions Gogs versions prior to 0.14.3 Description The Jupyter Notebook ipynb sanitizer endpoint at 'POST /-/api/sanitize ipynb' allows arbitrary data: URIs without proper restrictions, which can lead to Cross-Site Scripting XSS. The endpoint utilizes...

EUVD-2026-38268

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.1, 21.2.17, and 20.3.25, an issue in the @angular/compiler package allows bypassing DOM property sanitization through the use of two-way property...

Astra Linux – Vulnerability in Firefox

The HTML Sanitizer should have sanitized the href attribute of SVG use tags; however, it incorrectly did not sanitize the xlink:href attributes. This vulnerability affects Firefox versions earlier than 102...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: dm raid: fixed the KASAN warning in raid5adddisks. There is a KASAN warning in raid5adddisk when running the LVM testsuite. The warning occurs during the test lvconvert-raid-reshape-lineartoraid6-single-type.sh. We fixed this...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: ppp: Fixed the “KMSAN: uninit-value” warning with bpf. Syzbot detected a “KMSAN: uninit-value” warning 1. This issue arises because the ppp driver does not initialize a 2-byte header when using socket filter. The following code c...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: hfs: fixed the KMSAN uninit-value issue in hfsfindsetzerobits The syzbot reported an issue in hfsfindsetzerobits: ===================================================== BUG: KMSAN: uninit-value in hfsfindsetzerobits+0x74d/0xb60...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: sched/scs: The task stack state is reset in bringupcpu. When a CPU is hot-plugged, the idle task on that CPU calls several layers of C code before finally leaving the kernel. When KASAN is in use, a “poisoned” shadow is left behi...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: validate BOOT sectorsperclusters When the NTFS BOOT sectorsperclusters field is greater than 0x80, it represents a shift value. Ensure that the shift value is not too large before using it the maximum cluster size for...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerability has been resolved: of/irq: Prevent device address out-of-bounds read in interrupt map walk When ofirqparseraw is invoked with a device address smaller than the interrupt parent node from address-cells property, KASAN detects the following...