Lucene search
K

44 matches found

EUVD
EUVD
added 4 days ago6 views

EUVD-2026-39128

SiYuan: Stored XSS to RCE via Unsanitized Attribute View Asset Cell Content...

9.9CVSS6.1AI score0.0044EPSS
Exploits0References2
EUVD
EUVD
added 4 days ago7 views

EUVD-2026-39127

SiYuan: Stored XSS to RCE via attribute-view cell rendering in genAVValueHTML...

9.9CVSS6.1AI score0.00289EPSS
Exploits0References2
OSV
OSV
added 2026/06/25 6:43 p.m.3 views

GO-2026-5229 SiYuan: Publish Reader Can Arbitrarily Delete Attribute View Files via `/api/av/removeUnusedAttributeView` in github.com/siyuan-note/siyuan/kernel

SiYuan: Publish Reader Can Arbitrarily Delete Attribute View Files via /api/av/removeUnusedAttributeView in github.com/siyuan-note/siyuan/kernel...

8.1CVSS5.8AI score0.004EPSS
Exploits1References3
NVD
NVD
added 2026/06/24 10:16 p.m.7 views

CVE-2026-54158

SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, the attribute-view database cell renderer genAVValueHTML interpolates cell content raw in four of its branches: text, url, phone, and mAsset. A cell value like or " breaks out of its surrounding tag and runs arbitrary...

9.9CVSS0.00289EPSS
Exploits0References1
NVD
NVD
added 2026/06/24 10:16 p.m.8 views

CVE-2026-50551

SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, SiYuan contains a stored cross-site scripting XSS vulnerability in the Attribute View database asset cell renderer that escalates to remote code execution RCE in the Electron desktop client. This vulnerability is fixed...

9.9CVSS0.0044EPSS
Exploits0References1
CVE
CVE
added 2026/06/24 9:20 p.m.10 views

CVE-2026-50551

CVE-2026-50551 affects SiYuan prior to 3.7.0, where a stored XSS in the Attribute View (database) asset cell renderer can escalate to remote code execution in the Electron desktop client. The issue is fixed in 3.7.0. CVSS~3.1 metrics indicate high impact on confidentiality, integrity, and availab...

9.9CVSS6.4AI score0.0044EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/24 9:20 p.m.7 views

CVE-2026-50551

SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, SiYuan contains a stored cross-site scripting XSS vulnerability in the Attribute View database asset cell renderer that escalates to remote code execution RCE in the Electron desktop client. This vulnerability is fixed...

9.9CVSS6.4AI score0.0044EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/06/24 9:20 p.m.16 views

CVE-2026-50551 SiYuan: Stored XSS to RCE via Unsanitized Attribute View Asset Cell Content

SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, SiYuan contains a stored cross-site scripting XSS vulnerability in the Attribute View database asset cell renderer that escalates to remote code execution RCE in the Electron desktop client. This vulnerability is fixed...

9.9CVSS0.0044EPSS
Exploits0References1
CVE
CVE
added 2026/06/24 9:19 p.m.10 views

CVE-2026-54158

SiYuan CVE-2026-54158: A stored XSS in the attribute-view cell renderer (genAVValueHTML) can break out of its tag with crafted values in text/url/phone/mAsset, potentially leading to RCE in Electron if nodeIntegration is enabled. The issue persists in AV files under the workspace and propagates a...

9.9CVSS6AI score0.00289EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/24 9:19 p.m.18 views

CVE-2026-54158 SiYuan: Stored XSS to RCE via attribute-view cell rendering in genAVValueHTML()

SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, the attribute-view database cell renderer genAVValueHTML interpolates cell content raw in four of its branches: text, url, phone, and mAsset. A cell value like or " breaks out of its surrounding tag and runs arbitrary...

9.9CVSS0.00289EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.9 views

PT-2026-52104

Name of the Vulnerable Software and Affected Versions SiYuan versions prior to 3.7.0 Description Stored cross-site scripting XSS exists in the Attribute View database asset cell renderer. This issue can escalate to remote code execution RCE within the Electron desktop client. XSS is a flaw that...

9.9CVSS6.6AI score0.0044EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.12 views

PT-2026-52111

Name of the Vulnerable Software and Affected Versions SiYuan versions prior to 3.7.0 Description The attribute-view cell renderer genAVValueHTML fails to properly sanitize cell content in the text, url, phone, and mAsset branches. This allows an attacker with write access to a synced workspace to...

9.9CVSS6.2AI score0.00289EPSS
Exploits0References8
Snyk
Snyk
added 2026/05/20 7:7 p.m.6 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the Attribute View Name process. An attacker can execute arbitrary JavaScript code in the context of the Electron renderer process by injecting malicious input. Details Cross-site scripting or XSS is a code...

9.6CVSS5.8AI score0.00509EPSS
Exploits0References3
OSV
OSV
added 2026/05/20 7:7 p.m.21 views

GO-2026-4992 SiYuan Affected by Stored XSS via Attribute View Name to Electron Renderer RCE in github.com/siyuan-note/siyuan/kernel

SiYuan Affected by Stored XSS via Attribute View Name to Electron Renderer RCE in github.com/siyuan-note/siyuan/kernel...

9.4CVSS5.8AI score0.00509EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/20 12:0 a.m.13 views

PT-2026-42377

SiYuan Affected by Stored XSS via Attribute View Name to Electron Renderer RCE in github.com/siyuan-note/siyuan/kernel...

9.4CVSS5.8AI score0.00509EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/05/15 7:57 p.m.14 views

CVE-2026-44670

SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, the kernel stores Attribute View AV / database names without any HTML escape, then a render template uses raw strings.ReplaceAlltpl, "$avName", nodeAvName to embed the name in HTML before pushing to all clients via...

9.4CVSS5.9AI score0.00509EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/14 6:25 p.m.48 views

CVE-2026-44670 SiYuan: Stored XSS via Attribute View name to Electron renderer RCE in SiYuan

SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, the kernel stores Attribute View AV / database names without any HTML escape, then a render template uses raw strings.ReplaceAlltpl, "$avName", nodeAvName to embed the name in HTML before pushing to all clients via...

9.4CVSS0.00509EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/14 6:25 p.m.12 views

EUVD-2026-30358

SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, the kernel stores Attribute View AV / database names without any HTML escape, then a render template uses raw strings.ReplaceAlltpl, "$avName", nodeAvName to embed the name in HTML before pushing to all clients via...

9.4CVSS5.9AI score0.00509EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/14 6:25 p.m.9 views

CVE-2026-44670 SiYuan: Stored XSS via Attribute View name to Electron renderer RCE in SiYuan

SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, the kernel stores Attribute View AV / database names without any HTML escape, then a render template uses raw strings.ReplaceAlltpl, "$avName", nodeAvName to embed the name in HTML before pushing to all clients via...

9.4CVSS5.9AI score0.00509EPSS
Exploits0References1
CVE
CVE
added 2026/05/14 6:25 p.m.37 views

CVE-2026-44670

SiYuan CVE-2026-44670 describes a stored XSS that escalates to Electron renderer RCE due to HTML injection of AV (Attribute View) names. Before 3.7.0, AV names were stored without escaping and inserted into HTML in three code paths (render.ts outerHTML, Title.ts innerHTML, transaction.ts innerHTM...

9.4CVSS5.9AI score0.00509EPSS
Exploits0References1
Rows per page
Query Builder