Lucene search
K

8 matches found

RedhatCVE
RedhatCVE
added 2026/03/26 3:7 p.m.5 views

CVE-2026-31807

SiYuan is a personal knowledge management system. Prior to 3.5.10, SiYuan's SVG sanitizer SanitizeSVG blocks dangerous elements...

9.3CVSS5.8AI score0.00625EPSS
Exploits2References1
SUSE CVE
SUSE CVE
added 2026/03/25 12:25 a.m.5 views

SUSE CVE-2026-30926

SiYuan is a personal knowledge management system. Prior to 3.5.10, a privilege escalation vulnerability exists in the publish service of SiYuan Note that allows low-privilege publish accounts RoleReader to modify notebook content via the /api/block/appendHeadingChildren API endpoint. The endpoint...

7.1CVSS5.9AI score0.00311EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/03/10 12:0 a.m.12 views

SiYuan 安全漏洞

SiYuan is a privacy-oriented personal knowledge management system developed by SiYuan itself. Versions of SiYuan prior to 3.5.10 contained security vulnerabilities. These vulnerabilities were caused by path traversal at the /export endpoint, which could lead to the reading of any file in the serv...

9.8CVSS7.2AI score0.01028EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/03/10 12:0 a.m.5 views

SiYuan 安全漏洞

SiYuan is a privacy-oriented personal knowledge management system developed by SiYuan itself. Versions of SiYuan prior to 3.5.10 contained security vulnerabilities. These vulnerabilities stemmed from insufficient permission checks for the/api/block/appendheadingChildren API endpoint, which could...

7.1CVSS7.2AI score0.00311EPSS
Exploits1References2
CNNVD
CNNVD
added 2024/07/11 12:0 a.m.7 views

Red Discord Bot Security Vulnerability

Red Discord Bot is a modular bot written in Python by an individual developer. The bot software can be configured to perform different functions based on different modules. A security vulnerability exists in Red Discord Bot versions prior to 3.5.10, which stems from an error in the core API that...

5.3CVSS6.9AI score0.0041EPSS
Exploits0References4
CNNVD
CNNVD
added 2022/06/27 12:0 a.m.3 views

WordPress plugin Flower Delivery 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin. WordPress Flower Delivery by Florist One versions prior to 3.5.10 have a cross-site scripting...

4.8CVSS5.7AI score0.00552EPSS
Exploits2References2
RedHat Linux
RedHat Linux
added 2011/08/29 5:38 p.m.3 views

(SWAT): XSS flaw in Change Password page

Cross-site scripting XSS vulnerability in the chgpasswd function in web/swat.c in the Samba Web Administration Tool SWAT in Samba 3.x before 3.5.10 allows remote authenticated administrators to inject arbitrary web script or HTML via the username parameter to the passwd program aka the user field...

2.6CVSS7.2AI score0.06293EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2010/06/22 10:29 p.m.7 views

nsGenericDOMDataNode:: SetTextInternal

Integer overflow in the nsGenericDOMDataNode::SetTextInternal function in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, Thunderbird before 3.0.5, and SeaMonkey before 2.0.5 allows remote attackers to execute arbitrary code via a DOM node with a long text value that triggers a...

9.3CVSS8.2AI score0.04879EPSS
Exploits0References4
Rows per page
Query Builder