Lucene search
K

11 matches found

NVD
NVD
added 2026/03/31 3:15 a.m.7 views

CVE-2026-34054

vcpkg is a free and open-source C/C++ package manager. Prior to version 3.6.13, vcpkg's Windows builds of OpenSSL set openssldir to a path on the build machine, making that path be attackable later on customer machines. This issue has been patched in version 3.6.13...

7.8CVSS0.00715EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/03/28 12:26 a.m.4 views

SUSE CVE-2026-32938

SiYuan is a personal knowledge management system. In versions 3.6.0 and below, the /api/lute/html2BlockDOM on the desktop copies local files pointed to by file:// links in pasted HTML into the workspace assets directory without validating paths against a sensitive-path list. Together with GET...

9.9CVSS5.8AI score0.00414EPSS
Exploits1References3
Patchstack
Patchstack
added 2026/03/23 6:33 p.m.7 views

WordPress MinhNhut Link Gateway plugin <= 3.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode Attributes vulnerability discovered by san6051 - PWC in WordPress Plugin MinhNhut Link Gateway versions = 3.6.1...

6.4CVSS5.8AI score0.00235EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/03/20 8:11 a.m.24 views

CVE-2026-33066 SiYuan has Stored XSS to RCE via Unsanitized Bazaar README Rendering

SiYuan is a personal knowledge management system. In versions 3.6.0 and below, the backend renderREADME function uses lute.New without calling SetSanitizetrue, allowing raw HTML embedded in Markdown to pass through unmodified. The frontend then assigns the rendered HTML to innerHTML without any...

5.3CVSS0.00584EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/03/20 12:13 a.m.23 views

CVE-2026-32767 SiYuan: Authorization Bypass Allows Arbitrary SQL Execution via Search API

SiYuan is a personal knowledge management system. Versions 3.6.0 and below contain an authorization bypass vulnerability in the /api/search/fullTextSearchBlock endpoint. When the method parameter is set to 2, the endpoint passes user-supplied input directly as a raw SQL statement to the underlyin...

9.8CVSS0.00541EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2026/03/13 9:10 p.m.4 views

CVE-2026-32704

SiYuan is a personal knowledge management system. Prior to 3.6.1, POST /api/template/renderSprig lacks model.CheckAdminRole, allowing any authenticated user to execute arbitrary SQL queries against the SiYuan workspace database and exfiltrate all note content, metadata, and custom attributes. Thi...

6.5CVSS6.1AI score0.00246EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2025/12/03 12:29 p.m.4 views

CVE-2025-12887 Post SMTP – Complete SMTP Solution with Logs, Alerts, Backup SMTP & Mobile App <= 3.6.1 - Missing Authorization to Authenticated (Subscriber+) OAuth Token Update

The Post SMTP plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.6.1. This is due to the plugin not properly verifying that a user is authorized to update OAuth tokens on the 'handlegmailoauthredirect' function. This makes it possible for...

5.4CVSS5.5AI score0.0026EPSS
Exploits0References2
EUVD
EUVD
added 2025/12/03 12:29 p.m.4 views

EUVD-2025-200978

The Post SMTP plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.6.1. This is due to the plugin not properly verifying that a user is authorized to update OAuth tokens on the 'handlegmailoauthredirect' function. This makes it possible for...

5.4CVSS5.4AI score0.0026EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2023/05/25 12:0 a.m.4 views

PT-2023-24262 · Unknown +1 · Prestashop +1

Name of the Vulnerable Software and Affected Versions: PrestaShop versions through 3.6.1 Description: The issue allows sensitive SQL calls to be executed with a trivial HTTP request, which can be exploited to forge a blind SQL injection. This can occur in the Store Commander scexportcustomers...

9.8CVSS7.9AI score0.0062EPSS
Exploits0References4
OSV
OSV
added 2022/06/24 5:15 p.m.2 views

CVE-2022-29097

Dell WMS 3.6.1 and below contains a Path Traversal vulnerability in Device API. A remote attacker could potentially exploit this vulnerability, to gain unauthorized read access to the files stored on the server filesystem, with the privileges of the running web application...

4.9CVSS5.8AI score0.01209EPSS
Exploits0References1
CNNVD
CNNVD
added 2022/04/28 12:0 a.m.4 views

NovelPlus 代码问题漏洞

NovelPlus is an application. An open source mobile social application and idea publishing platform. A security vulnerability exists in NovelPlus V3.6.1 that allows unrestricted file uploads. Unrestricted file extensions and content could lead to server attacks and arbitrary code execution...

9.8CVSS8.8AI score0.01569EPSS
Exploits1References2
Rows per page
Query Builder