CVE-2026-0534

This CVE (CVE-2026-0534) affects Autodesk Fusion desktop application. The issue is a Stored Cross-site Scripting (XSS) vulnerability triggered by a malicious HTML payload stored in a part’s attribute and activated by user interaction, allowing an attacker to read local files or execute arbitrary ...

Azure Linux 3.0 Security Update: kernel (CVE-2025-21993)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-21993 advisory. - In the Linux kernel, the following vulnerability has been resolved: iscsiibft: Fix UBSAN shift-out-of- bound...

PT-2026-4202

A maliciously crafted HTML payload, stored in a part’s attribute and clicked by a user, can trigger a Stored Cross-site Scripting XSS vulnerability in the Autodesk Fusion desktop application. A malicious actor may leverage this vulnerability to read local files or execute arbitrary code in the...

Azure Linux 3.0 Security Update: kernel (CVE-2024-57895)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-57895 advisory. - In the Linux kernel, the following vulnerability has been resolved: ksmbd: set ATTRCTIME flags when setting...

Azure Linux 3.0 Security Update: hdf5 (CVE-2024-29161)

The version of hdf5 installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-29161 advisory. - HDF5 through 1.14.3 contains a heap buffer overflow in H5Aattrreleasetable, resulting in the corruption of the...

Azure Linux 3.0 Security Update: kernel (CVE-2025-38147)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-38147 advisory. - In the Linux kernel, the following vulnerability has been resolved: calipso: Don't call calipso functions fo...

CVE-2026-23852

SiYuan is a personal knowledge management system. Versions prior to 3.5.4 have a stored Cross-Site Scripting XSS vulnerability that allows an attacker to inject arbitrary HTML attributes into the icon attribute of a block via the /api/attr/setBlockAttrs API. The payload is later rendered in the...

MiracleLinux 8 : 389-ds:1.4 (AXSA:2022-3115:01)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2022-3115:01 advisory. 389-ds-base: double free of the virtual attribute context in persistent search CVE-2021-4091 Tenable has extracted the preceding description block directly...

MiracleLinux 7 : kernel-3.10.0-1160.53.1.el7 (AXSA:2022-2973:02)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2022-2973:02 advisory. kernel: perfeventparseaddrfilter memory CVE-2020-25704 kernel: fuse: fusedogetattr calls makebadinode in inappropriate situations CVE-2020-36322...

MiracleLinux 9 : python-jinja2-2.11.3-5.el9 (AXSA:2024-7960:01)

The remote MiracleLinux 9 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2024-7960:01 advisory. jinja2: HTML attribute injection when passing user input as keys to xmlattr filter CVE-2024-22195 Tenable has extracted the preceding description block...

MiracleLinux 9 : tomcat-9.0.62-37.el9 (AXSA:2023-6944:05)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-6944:05 advisory. Apache Commons FileUpload: FileUpload DoS with excessive parts CVE-2023-24998 tomcat: not including the secure attribute causes information disclosu...

MiracleLinux 8 : python-jinja2-2.10.1-4.el8 (AXSA:2024-8289:02)

The remote MiracleLinux 8 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2024-8289:02 advisory. jinja2: HTML attribute injection when passing user input as keys to xmlattr filter CVE-2024-22195 Tenable has extracted the preceding description block...

MiracleLinux 8 : python27:2.7 (AXSA:2024-8406:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-8406:01 advisory. pypa-setuptools: Regular Expression Denial of Service ReDoS in packageindex.py CVE-2022-40897 python: use after free in heappushpop of heapq module...

MiracleLinux 8 : fence-agents-4.2.1-129.el8 (AXSA:2024-8238:06)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-8238:06 advisory. urllib3: Request body not stripped after redirect from 303 status changes request method to GET CVE-2023-45803 pycryptodome: side-channel leakage fo...

MiracleLinux 9 : fence-agents-4.10.0-62.el9 (AXSA:2024-7883:05)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-7883:05 advisory. urllib3: Request body not stripped after redirect from 303 status changes request method to GET CVE-2023-45803 pycryptodome: side-channel leakage fo...

CVE-2026-23852 SiYuan vulnerable to Stored XSS / RCE via `setBlockAttrs` icon attribute

SiYuan is a personal knowledge management system. Versions prior to 3.5.4 have a stored Cross-Site Scripting XSS vulnerability that allows an attacker to inject arbitrary HTML attributes into the icon attribute of a block via the /api/attr/setBlockAttrs API. The payload is later rendered in the...

EUVD-2026-3290

SiYuan is a personal knowledge management system. Versions prior to 3.5.4 have a stored Cross-Site Scripting XSS vulnerability that allows an attacker to inject arbitrary HTML attributes into the icon attribute of a block via the /api/attr/setBlockAttrs API. The payload is later rendered in the...

CVE-2026-23852 SiYuan vulnerable to Stored XSS / RCE via `setBlockAttrs` icon attribute

SiYuan is a personal knowledge management system. Versions prior to 3.5.4 have a stored Cross-Site Scripting XSS vulnerability that allows an attacker to inject arbitrary HTML attributes into the icon attribute of a block via the /api/attr/setBlockAttrs API. The payload is later rendered in the...

CVE-2026-23852 SiYuan vulnerable to Stored XSS / RCE via `setBlockAttrs` icon attribute

SiYuan is a personal knowledge management system. Versions prior to 3.5.4 have a stored Cross-Site Scripting XSS vulnerability that allows an attacker to inject arbitrary HTML attributes into the icon attribute of a block via the /api/attr/setBlockAttrs API. The payload is later rendered in the...

CVE-2026-23852

SiYuan up to version 3.5.4 is vulnerable to a stored XSS via the icon attribute in blocks created through the /api/attr/setBlockAttrs API. The payload is rendered unsanitized within the dynamic icon feature, enabling stored XSS and, on desktop, potential RCE. The issue bypassed a prior fix for is...