Lucene search
K

243 matches found

Tenable Nessus
Tenable Nessus
added 2026/05/01 12:0 a.m.4 views

Wireshark 2.2.x < 2.2.16 Multiple Vulnerabilities

The version of Wireshark installed on the remote Windows host is prior to 2.2.16. It is, therefore, affected by multiple vulnerabilities as referenced in the wireshark-2.2.16 advisory. - In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the Bazaar protocol dissector could go into ...

7.8CVSS6.8AI score0.03773EPSS
Exploits4References53
RedhatCVE
RedhatCVE
added 2026/04/20 7:23 p.m.5 views

CVE-2026-40922

SiYuan is an open-source personal knowledge management system. In versions 3.6.1 through 3.6.3, a prior fix for XSS in bazaar README rendering incomplete fix for CVE-2026-33066 enabled the Lute HTML sanitizer, but the sanitizer does not block iframe tags, and its URL-prefix blocklist does not...

5.4CVSS6.8AI score0.00261EPSS
Exploits1References1
NVD
NVD
added 2026/04/17 1:17 a.m.5 views

CVE-2026-40922

SiYuan is an open-source personal knowledge management system. In versions 3.6.1 through 3.6.3, a prior fix for XSS in bazaar README rendering incomplete fix for CVE-2026-33066 enabled the Lute HTML sanitizer, but the sanitizer does not block iframe tags, and its URL-prefix blocklist does not...

5.4CVSS0.00261EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2026/04/16 11:14 p.m.4 views

CVE-2026-40922

SiYuan is an open-source personal knowledge management system. In versions 3.6.1 through 3.6.3, a prior fix for XSS in bazaar README rendering incomplete fix for CVE-2026-33066 enabled the Lute HTML sanitizer, but the sanitizer does not block iframe tags, and its URL-prefix blocklist does not...

9CVSS6.9AI score0.00584EPSS
Exploits2References5Affected Software1
Cvelist
Cvelist
added 2026/04/16 11:14 p.m.31 views

CVE-2026-40922 SiYuan: Incomplete sanitization of bazaar README allows stored XSS via iframe srcdoc (incomplete fix for CVE-2026-33066)

SiYuan is an open-source personal knowledge management system. In versions 3.6.1 through 3.6.3, a prior fix for XSS in bazaar README rendering incomplete fix for CVE-2026-33066 enabled the Lute HTML sanitizer, but the sanitizer does not block iframe tags, and its URL-prefix blocklist does not...

5.3CVSS0.00261EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2026/04/16 11:14 p.m.5 views

CVE-2026-40922 SiYuan: Incomplete sanitization of bazaar README allows stored XSS via iframe srcdoc (incomplete fix for CVE-2026-33066)

SiYuan is an open-source personal knowledge management system. In versions 3.6.1 through 3.6.3, a prior fix for XSS in bazaar README rendering incomplete fix for CVE-2026-33066 enabled the Lute HTML sanitizer, but the sanitizer does not block iframe tags, and its URL-prefix blocklist does not...

5.3CVSS6.8AI score0.00261EPSS
Exploits1References4
EUVD
EUVD
added 2026/04/16 11:14 p.m.3 views

EUVD-2026-23331

SiYuan is an open-source personal knowledge management system. In versions 3.6.1 through 3.6.3, a prior fix for XSS in bazaar README rendering incomplete fix for CVE-2026-33066 enabled the Lute HTML sanitizer, but the sanitizer does not block iframe tags, and its URL-prefix blocklist does not...

9CVSS6.9AI score0.00584EPSS
Exploits2References4
CVE
CVE
added 2026/04/16 11:14 p.m.16 views

CVE-2026-40922

CVE-2026-40922 (SiYuan) : In SiYuan versions 3.6.1–3.6.3, an incomplete sanitization of bazaar README rendering allowed stored XSS via iframe srcdoc, escaping Lute HTML sanitizer and enabling embedded scripts to run in the Electron context with full app privileges. The issue stems from the saniti...

5.4CVSS6.9AI score0.00261EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/14 11:12 p.m.8 views

SiYuan has incomplete fix for CVE-2026-33066: XSS

Summary The incomplete fix for SiYuan's bazaar README rendering enables the Lute HTML sanitizer but fails to block tags, allowing stored XSS via srcdoc attributes containing embedded scripts that execute in the Electron context. Affected Package - Ecosystem: Go - Package:...

9CVSS7AI score0.00584EPSS
Exploits2References7Affected Software1
OSV
OSV
added 2026/04/14 11:12 p.m.5 views

GHSA-8Q5W-MMXF-48JG SiYuan has incomplete fix for CVE-2026-33066: XSS

Summary The incomplete fix for SiYuan's bazaar README rendering enables the Lute HTML sanitizer but fails to block tags, allowing stored XSS via srcdoc attributes containing embedded scripts that execute in the Electron context. Affected Package - Ecosystem: Go - Package:...

5.4CVSS7AI score0.00584EPSS
Exploits2References7
CNNVD
CNNVD
added 2026/03/27 12:0 a.m.8 views

Digital Bazaar Forge 安全漏洞

Digital Bazaar Forge is a native implementation of TLS in JavaScript by the American company Digital Bazaar. It is also an open-source tool used for developing encrypted and network-intensive web applications. Versions of Forge prior to 1.4.0 contained a security vulnerability caused by an infini...

7.5CVSS5.8AI score0.00596EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/03/27 12:0 a.m.8 views

Digital Bazaar Forge 数据伪造问题漏洞

Digital Bazaar Forge is a native implementation of TLS in JavaScript by the American company Digital Bazaar, and it is an open-source tool used for developing encrypted and network-intensive web applications. Versions of Digital Bazaar Forge prior to 1.4.0 had a data manipulation vulnerability...

7.5CVSS5.7AI score0.00339EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/03/27 12:0 a.m.8 views

Digital Bazaar Forge 信任管理问题漏洞

Digital Bazaar Forge is a native implementation of TLS in JavaScript by the American company Digital Bazaar, and it is an open-source tool used for developing encrypted and network-intensive web applications. Versions of Digital Bazaar Forge prior to 1.4.0 had a trust management vulnerability. Th...

9.1CVSS5.8AI score0.00348EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/03/27 12:0 a.m.11 views

Digital Bazaar Forge 数据伪造问题漏洞

Digital Bazaar Forge is a native implementation of TLS in JavaScript by the American company Digital Bazaar, and it serves as an open-source tool for developing encrypted and network-intensive web applications. Versions of Digital Bazaar Forge prior to 1.4.0 contained a data manipulation...

7.5CVSS5.7AI score0.00348EPSS
Exploits0References3
Snyk
Snyk
added 2026/03/23 6:14 p.m.3 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via unsanitized processing of Bazaar package metadata. An attacker can execute arbitrary JavaScript code in the context of the application, potentially leading to remote code execution by submitting crafted...

9CVSS6.5AI score0.00549EPSS
Exploits2References3
OSV
OSV
added 2026/03/23 6:14 p.m.4 views

GO-2026-4747 SiYuan has Stored XSS to RCE via Unsanitized Bazaar Package Metadata in github.com/siyuan-note/siyuan/kernel

SiYuan has Stored XSS to RCE via Unsanitized Bazaar Package Metadata in github.com/siyuan-note/siyuan/kernel...

9CVSS5.8AI score0.00549EPSS
Exploits2References2
OSV
OSV
added 2026/03/23 6:14 p.m.3 views

GO-2026-4743 SiYuan has Stored XSS to RCE via Unsanitized Bazaar README Rendering in github.com/siyuan-note/siyuan/kernel

SiYuan has Stored XSS to RCE via Unsanitized Bazaar README Rendering in github.com/siyuan-note/siyuan/kernel...

9CVSS5.8AI score0.00584EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/03/20 8:14 a.m.24 views

CVE-2026-33067 SiYuan has Stored XSS to RCE via Unsanitized Bazaar Package Metadata

SiYuan is a personal knowledge management system. Versions 3.6.0 and below render package metadata fields displayName, description using template literals without HTML escaping. A malicious package author can inject arbitrary HTML/JavaScript into these fields, which executes automatically when an...

5.3CVSS0.00549EPSS
Exploits2References1
Vulnrichment
Vulnrichment
added 2026/03/20 8:14 a.m.2 views

CVE-2026-33067 SiYuan has Stored XSS to RCE via Unsanitized Bazaar Package Metadata

SiYuan is a personal knowledge management system. Versions 3.6.0 and below render package metadata fields displayName, description using template literals without HTML escaping. A malicious package author can inject arbitrary HTML/JavaScript into these fields, which executes automatically when an...

5.3CVSS6AI score0.00549EPSS
Exploits2References1
CVE
CVE
added 2026/03/20 8:14 a.m.23 views

CVE-2026-33067

SiYuan (versions ≤ 3.6.0) is affected by an XSS vulnerability in package metadata rendering (displayName, description) that is not HTML-escaped. An attacker could inject arbitrary HTML/JavaScript into these fields via a malicious Bazaar package, and due to the Electron configuration (nodeIntegrat...

9CVSS6AI score0.00549EPSS
Exploits2References1Affected Software1
Rows per page
Query Builder