8 matches found
CVE-2026-31807
SiYuan is a personal knowledge management system. Prior to 3.5.10, SiYuan's SVG sanitizer SanitizeSVG blocks dangerous elements...
SUSE CVE-2026-30926
SiYuan is a personal knowledge management system. Prior to 3.5.10, a privilege escalation vulnerability exists in the publish service of SiYuan Note that allows low-privilege publish accounts RoleReader to modify notebook content via the /api/block/appendHeadingChildren API endpoint. The endpoint...
SiYuan 安全漏洞
SiYuan is a privacy-oriented personal knowledge management system developed by SiYuan itself. Versions of SiYuan prior to 3.5.10 contained security vulnerabilities. These vulnerabilities were caused by path traversal at the /export endpoint, which could lead to the reading of any file in the serv...
SiYuan 安全漏洞
SiYuan is a privacy-oriented personal knowledge management system developed by SiYuan itself. Versions of SiYuan prior to 3.5.10 contained security vulnerabilities. These vulnerabilities stemmed from insufficient permission checks for the/api/block/appendheadingChildren API endpoint, which could...
Red Discord Bot Security Vulnerability
Red Discord Bot is a modular bot written in Python by an individual developer. The bot software can be configured to perform different functions based on different modules. A security vulnerability exists in Red Discord Bot versions prior to 3.5.10, which stems from an error in the core API that...
WordPress plugin Flower Delivery 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin. WordPress Flower Delivery by Florist One versions prior to 3.5.10 have a cross-site scripting...
(SWAT): XSS flaw in Change Password page
Cross-site scripting XSS vulnerability in the chgpasswd function in web/swat.c in the Samba Web Administration Tool SWAT in Samba 3.x before 3.5.10 allows remote authenticated administrators to inject arbitrary web script or HTML via the username parameter to the passwd program aka the user field...
nsGenericDOMDataNode:: SetTextInternal
Integer overflow in the nsGenericDOMDataNode::SetTextInternal function in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, Thunderbird before 3.0.5, and SeaMonkey before 2.0.5 allows remote attackers to execute arbitrary code via a DOM node with a long text value that triggers a...