Lucene search
K

7 matches found

NVD
NVD
added 5 days ago5 views

CVE-2026-59834

SiYuan is an open-source personal knowledge management system. Prior to 3.7.1, the block search endpoint POST /api/search/fullTextSearchBlock concatenates attacker-controlled paths values into SQL predicates used by non-SQL search modes, allowing an unauthenticated publish visitor to inject a UNI...

7.5CVSS0.0038EPSS
Exploits0References4
CVE
CVE
added 5 days ago9 views

CVE-2026-59834

SiYuan URI: The vulnerability affects the block search endpoint POST /api/search/fullTextSearchBlock prior to version 3.7.1. An attacker-controlled paths value is concatenated into SQL predicates used by non-SQL search modes, enabling an unauthenticated publish visitor to inject a UNION SELECT an...

7.5CVSS6AI score0.0038EPSS
Exploits0References4
Cvelist
Cvelist
added 5 days ago33 views

CVE-2026-59834 SiYuan: SQL Query in Block Search Exposes Hidden Published Document Content

SiYuan is an open-source personal knowledge management system. Prior to 3.7.1, the block search endpoint POST /api/search/fullTextSearchBlock concatenates attacker-controlled paths values into SQL predicates used by non-SQL search modes, allowing an unauthenticated publish visitor to inject a UNI...

7.5CVSS0.0038EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 5 days ago9 views

PT-2026-57009

Name of the Vulnerable Software and Affected Versions SiYuan versions prior to 3.7.1 Description An unauthenticated publish visitor can perform a UNION SELECT injection via the block search endpoint 'POST /api/search/fullTextSearchBlock'. The issue occurs because the endpoint concatenates...

7.5CVSS6.1AI score0.0038EPSS
Exploits0References8
OSV
OSV
added 2024/08/26 12:15 p.m.1 views

DEBIAN-CVE-2024-44938

In the Linux kernel, the following vulnerability has been resolved: jfs: Fix shift-out-of-bounds in dbDiscardAG When searching for the next smaller log2 block, BLKSTOL2 returned 0, causing shift exponent -1 to be negative. This patch fixes the issue by exiting the loop directly when negative shif...

5.5CVSS5.5AI score0.00224EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2020/04/30 12:0 a.m.11 views

PT-2020-3605 · WordPress · Wordpress

Name of the Vulnerable Software and Affected Versions: WordPress versions prior to 5.4.1 WordPress versions 5.3.3, 5.2.6, 5.1.5, 5.0.9, 4.9.14, 4.8.13, 4.7.17, 4.6.18, 4.5.21, 4.4.22, 4.3.23, 4.2.27, 4.1.30, 4.0.30, 3.9.31, 3.8.33, 3.7.33 Description: The issue is related to the render block core...

9.8CVSS6.8AI score0.4375EPSS
Exploits16References71
Drupal
Drupal
added 2014/04/16 12:0 a.m.15 views

SA-CONTRIB-2014-041 - Block Search - SQL Injection

Block Search module provides an alternative way of managing blocks. The module doesn't properly use Drupal's database API resulting in user-provided strings being passed directly to the database allowing SQL Injection. This vulnerability is mitigated by the fact that an attacker must either use a...

7.8AI score
Exploits0References9
Rows per page
Query Builder