Lucene search
K

4 matches found

NVD
NVD
added 2026/04/16 11:16 p.m.5 views

CVE-2026-40259

SiYuan is an open-source personal knowledge management system. In versions 3.6.3 and below, the /api/av/removeUnusedAttributeView endpoint is protected only by generic authentication that accepts publish-service RoleReader tokens. The handler passes a caller-controlled id directly to a model...

8.1CVSS0.004EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/04/16 10:49 p.m.5 views

CVE-2026-40259 SiYuan: Publish Reader Can Arbitrarily Delete Attribute View Files via removeUnusedAttributeView API

SiYuan is an open-source personal knowledge management system. In versions 3.6.3 and below, the /api/av/removeUnusedAttributeView endpoint is protected only by generic authentication that accepts publish-service RoleReader tokens. The handler passes a caller-controlled id directly to a model...

8.1CVSS5.8AI score0.004EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/04/16 10:49 p.m.3 views

CVE-2026-40259

SiYuan is an open-source personal knowledge management system. In versions 3.6.3 and below, the /api/av/removeUnusedAttributeView endpoint is protected only by generic authentication that accepts publish-service RoleReader tokens. The handler passes a caller-controlled id directly to a model...

8.1CVSS5.9AI score0.004EPSS
Exploits1References3Affected Software1
CNNVD
CNNVD
added 2026/04/16 12:0 a.m.9 views

SiYuan 安全漏洞

SiYuan is an open-source personal knowledge management system developed by SiYuan itself. Versions of SiYuan 3.6.3 and earlier contained security vulnerabilities. These vulnerabilities stemmed from the /api/av/removeUnusedAttributeView endpoint, which was only protected by general authentication...

8.1CVSS5.8AI score0.004EPSS
Exploits1References2
Rows per page
Query Builder