CVE-2026-55570 SiYuan: Stored XSS results to Electron RCE in SiYuan marketplace via unescaped `data-obj` attribute (Bypass for CVE-2026-45375's patch)

SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, it does not escape the untrusted fields name, version, author, description when they are serialized into the data-obj HTML attribute of each marketplace card. Because the attribute is single-quoted and the value is...

CVE-2026-25516 NiceGUI's XSS vulnerability in ui.markdown() allows arbitrary JavaScript execution through unsanitized HTML content

NiceGUI is a Python-based UI framework. The ui.markdown component uses the markdown2 library to convert markdown content to HTML, which is then rendered via innerHTML. By default, markdown2 allows raw HTML to pass through unchanged. This means that if an application renders user-controlled conten...

Snowflake ODBC Driver 安全漏洞

Snowflake ODBC Driver is a powerful tool from Snowflake to connect to a live Snowflake data warehouse directly from any application that supports ODBC connectivity. A security vulnerability exists in Snowflake ODBC Driver versions prior to 3.7.0, which stems from logging sensitive information and...

Zephyr 安全漏洞

Zephyr is an extensible real-time operating system RTOS that is open-sourced by Zephyr. A security vulnerability exists in Zephyr version 3.7.0 and prior versions, which stems from a gp reg pointing to the 0x800 byte at the beginning of the .sdata section when Global Pointer GP Relative Addressin...

CVE-2023-36088

Server Side Request Forgery SSRF vulnerability in NebulaGraph Studio version 3.7.0, allows remote attackers to gain sensitive information...

Eclipse Californium 安全漏洞

Eclipse Californium is a Java-based codebase from the Eclipse Foundation that provides Coap backend support for the Internet of Things. A security vulnerability exists in Eclipse Californium versions prior to 3.7.0 and 2.7.4, which stems from a handshake that does not clean up PSKs that fail the...