CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Nuclei•added yesterday•4 views

SiYuan Note - Cross-Site Scripting

Unauthenticated reflected cross-site scripting XSS vulnerability in all versions of SiYuan Note containing /api/icon/getDynamicIcon with unsafe type=8 rendering logic. Attacker-controlled content is inserted directly into SVG output without proper sanitization. An attacker can execute arbitrary...

9.3CVSS7.4AI score0.00625EPSS

Nuclei•added yesterday•25 views

SiYuan <= v3.5.9 - SVG Animate Element XSS

SiYuan = v3.5.9 contains a reflected XSS caused by insufficient SVG sanitization allowing SVG animation elements to inject executable JavaScript in /api/icon/getDynamicIcon endpoint, letting unauthenticated attackers execute scripts. id: CVE-2026-31807 info: name: SiYuan = v3.5.9 - SVG Animate...

6.4CVSS7.3AI score0.00445EPSS

Nuclei•added yesterday•3 views

SiYuan <= v3.5.9 - Cross Site Scripting

SiYuan v3.5.10 contains a reflected XSS caused by improper sanitization of javascript: href attributes allowing ASCII control characters to bypass prefix checks in SVG sanitizer, letting unauthenticated attackers execute JavaScript via /api/icon/getDynamicIcon. id: CVE-2026-31809 info: name: SiYu...

6.4CVSS7.3AI score0.00505EPSS

Nuclei•added 2 days ago•11 views

SiYuan <= v3.6.1 - Path Traversal

SiYuan is a personal knowledge management system. Prior to version 3.6.2, the Siyuan kernel exposes an unauthenticated file-serving endpoint under /appearance/filepath. Due to improper path sanitization, attackers can perform directory traversal and read arbitrary files accessible to the server...

7.5CVSS6.8AI score0.03256EPSS

Exploits1References3

NVD•added 3 days ago•7 views

CVE-2026-56397

SiYuan before v3.6.1 fails to sanitize package metadata and README content in the Bazaar marketplace, allowing malicious package authors to inject arbitrary HTML and JavaScript. Attackers can achieve remote code execution on any user browsing the Bazaar by embedding XSS payloads in package...

9.6CVSS0.00391EPSS

CVE•added 3 days ago•18 views

CVE-2026-56397

CVE-2026-56397 affects SiYuan prior to v3.6.1 where Bazaar marketplace metadata and README aren’t sanitized, allowing malicious authors to inject HTML/JavaScript. This can enable remote code execution on users browsing Bazaar by embedding XSS payloads in displayName, description, or README, takin...

EUVD•added 3 days ago•8 views

EUVD-2026-38163

ATTACKERKB•added 3 days ago•6 views

CVE-2026-56397

EUVD•added 3 days ago•7 views

Exploits0References3

EUVD-2026-38161

CVE•added 3 days ago•14 views

CVE-2026-56395

SiYuan exposes a vulnerability (CVE-2026-56395) where SieYuan versions prior to 3.6.1 fail to sanitize Bazaar marketplace metadata and README content, enabling arbitrary HTML/JavaScript injection. The underlying issue is improper sanitization of package displayName, description, or README fields,...

ATTACKERKB•added 3 days ago•6 views

CVE-2026-56395

Cvelist•added 3 days ago•29 views

Exploits0References3

CVE-2026-56395 SiYuan - Remote Code Execution via Malicious Bazaar Package Metadata and README

9.6CVSS0.00391EPSS

RedhatCVE•added 2026/06/05 7:33 p.m.•8 views

CVE-2026-45147

SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, POST /api/tag/getTag is registered with model.CheckAuth only, omitting both model.CheckAdminRole and model.CheckReadonly, despite the handler performing a configuration write that is normally guarded by both. Any...

4.3CVSS5.5AI score0.00152EPSS

RedhatCVE•added 2026/06/05 7:20 p.m.•6 views

CVE-2026-41421

SiYuan is an open-source personal knowledge management system. Prior to 3.6.5, SiYuan desktop renders notification messages as raw HTML inside an Electron renderer. The notification route POST /api/notification/pushMsg accepts a user-controlled msg value, forwards it through the backend broadcast...

8.8CVSS5.7AI score0.00134EPSS

RedhatCVE•added 2026/06/05 7:14 p.m.•7 views

CVE-2026-40322

SiYuan is an open-source personal knowledge management system. In versions 3.6.3 and below, Mermaid diagrams are rendered with securityLevel set to "loose", and the resulting SVG is injected into the DOM via innerHTML. This allows attacker-controlled javascript: URLs in Mermaid code blocks to...

9CVSS6.1AI score0.00306EPSS

RedhatCVE•added 2026/06/05 7:13 p.m.•5 views

CVE-2026-40107

SiYuan is a personal knowledge management system. Prior to 3.6.4, SiYuan configures Mermaid.js with securityLevel: "loose" and htmlLabels: true. In this mode, tags with src attributes survive Mermaid's internal DOMPurify and land in SVG blocks. The SVG is injected via innerHTML with no secondary...

8.7CVSS5.5AI score0.00306EPSS

Exploits1References1

RedhatCVE•added 2026/06/05 7:12 p.m.•4 views

CVE-2026-39846

SiYuan is a personal knowledge management system. Prior to 3.6.4, a malicious note synced to another user can trigger remote code execution in the SiYuan Electron desktop client. The root cause is that table caption content is stored without safe escaping and later unescaped into rendered HTML,...

9CVSS6.3AI score0.00538EPSS

Exploits1References1

RedhatCVE•added 2026/06/05 7:12 p.m.•5 views

CVE-2026-44586

SiYuan is an open-source personal knowledge management system. From 2.1.12 to before 3.7.0. SiYuan's Bazaar marketplace renders package author metadata from the public bazaar stage feed into HTML without escaping. In the desktop app this becomes stored XSS, and because SiYuan's Electron windows a...

8.3CVSS5.7AI score0.00307EPSS

OSV•added 2026/05/20 7:7 p.m.•3 views

GO-2026-4993 SiYuan: Electron Renderer RCE via decodeURIComponent-driven tooltip XSS in aria-label sink (incomplete fix for CVE-2026-34585) in github.com/siyuan-note/siyuan/kernel

SiYuan: Electron Renderer RCE via decodeURIComponent-driven tooltip XSS in aria-label sink incomplete fix for CVE-2026-34585 in github.com/siyuan-note/siyuan/kernel...

9.4CVSS5.8AI score0.00509EPSS