GO-2026-4993 SiYuan: Electron Renderer RCE via decodeURIComponent-driven tooltip XSS in aria-label sink (incomplete fix for CVE-2026-34585) in github.com/siyuan-note/siyuan/kernel

SiYuan: Electron Renderer RCE via decodeURIComponent-driven tooltip XSS in aria-label sink incomplete fix for CVE-2026-34585 in github.com/siyuan-note/siyuan/kernel...

CVE-2026-44588

SiYuan (desktop) contains a DOM-based RCE chain stemming from CVE-2026-44588. In versions < 3.7.0, tooltip text is produced by escaping only certain HTML chars with escapeAriaLabel, leaving %XX sequences intact. The aria-label attribute thus stores a URL-escaped payload like %3Cimg...%3E. The ...

CVE-2026-44588 SiYuan: URL-encoded title bypasses `escapeAriaLabel`, decoded by `decodeURIComponent` into a tooltip-XSS

SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, he tooltip mouseover handler in app/src/block/popover.ts reads aria-label via getAttribute and passes it through decodeURIComponent before assigning to messageElement.innerHTML in app/src/dialog/tooltip.ts:41. The...

GHSA-25RP-H46X-2HJM SiYuan: Electron Renderer RCE via decodeURIComponent-driven tooltip XSS in aria-label sink (incomplete fix for CVE-2026-34585)

Summary The tooltip mouseover handler in app/src/block/popover.ts reads aria-label via getAttribute and passes it through decodeURIComponent before assigning to messageElement.innerHTML in app/src/dialog/tooltip.ts:41. The encoder used at the producer side, escapeAriaLabel in...

SiYuan: Electron Renderer RCE via decodeURIComponent-driven tooltip XSS in aria-label sink (incomplete fix for CVE-2026-34585)

Summary The tooltip mouseover handler in app/src/block/popover.ts reads aria-label via getAttribute and passes it through decodeURIComponent before assigning to messageElement.innerHTML in app/src/dialog/tooltip.ts:41. The encoder used at the producer side, escapeAriaLabel in...

CVE-2026-29045 Hono: Arbitrary file access via serveStatic vulnerability

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to version 4.12.4, when using serveStatic together with route-based middleware protections e.g. app.use'/admin/', ..., inconsistent URL decoding allowed protected static resources to be accessed without...

PT-2026-23075

Name of the Vulnerable Software and Affected Versions Hono versions prior to 4.12.4 Description Hono is a Web application framework supporting various JavaScript runtimes. An inconsistency in URL decoding between the router decodeURI and serveStatic decodeURIComponent allowed protected static...

nadesiko3 allows remote attacker to inject invalid value to decodeURIComponent of nako3edit

Nako3edit is the editor component of Nadeshiko 3, a programming language developed based on Japanese. Improper check or handling of exceptional conditions in Nako3edit v3.3.74 and earlier allows a remote attacker to inject an invalid value to decodeURIComponent of nako3edit, which may lead the...

GHSA-X2JX-W3WM-9P3P nadesiko3 allows remote attacker to inject invalid value to decodeURIComponent of nako3edit

Nako3edit is the editor component of Nadeshiko 3, a programming language developed based on Japanese. Improper check or handling of exceptional conditions in Nako3edit v3.3.74 and earlier allows a remote attacker to inject an invalid value to decodeURIComponent of nako3edit, which may lead the...

CVE-2022-41777

Improper check or handling of exceptional conditions vulnerability in Nako3edit, editor component of nadesiko3 PC Version v3.3.74 and earlier allows a remote attacker to inject an invalid value to decodeURIComponent of nako3edit, which may lead the server to crash...

CVE-2022-41777

Improper check or handling of exceptional conditions vulnerability in Nako3edit, editor component of nadesiko3 PC Version v3.3.74 and earlier allows a remote attacker to inject an invalid value to decodeURIComponent of nako3edit, which may lead the server to crash...

Input validation

Improper check or handling of exceptional conditions vulnerability in Nako3edit, editor component of nadesiko3 PC Version v3.3.74 and earlier allows a remote attacker to inject an invalid value to decodeURIComponent of nako3edit, which may lead the server to crash...

PT-2022-26067 · Nako3Edit · Nako3Edit

Name of the Vulnerable Software and Affected Versions: Nako3edit versions 3.3.74 and earlier Description: The issue is related to an improper check or handling of exceptional conditions in the Nako3edit component, which is part of the Nadeshiko 3 programming language. This allows a remote attacke...

nadesiko3 安全漏洞

nadesiko3 is a Japanese programming language by the individual developer of kujirahand. A security vulnerability exists in nadesiko3 PC version v3.3.74 and earlier versions, which stems from an exception check or mishandling in the component Nako3edit, and can be exploited by an attacker to injec...

Node.js third-party modules: [tianma-static] Security issue with XSS.

I would like to report XSS in tianma-static It allows XSS and HTML Injection First of all, It is my first report and I am sorry that I am not good at English T.T thank you. Module module name: tianma-static version: 1.0.4 npm page: https://www.npmjs.com/package/tianma-static Module Description...

Apple iPhone Safari (decodeURIComponent) Remote Crash

No description provided by source. ?php / / / / / // | / // \ | / / / / / /// / / / / / / / // / / / |/ / // / , / / // / / / / / //// //|///||/,/ / /// Live by the byte |// Members: Pr0T3cT10n -=M.o.B.=- TheLeader Sro Debug Contact: [email protected] -----------------------------------...

Apple iPhone Safari (decodeURIComponent) Remote Crash

Exploit for hardware platform in category dos / poc Apple iPhone 3 Safari JavaScript - decodeURIComponent Remote Crash decodeURIComponent'$string'; "; iffileputcontents"./crash.html", $code echo"Point your safari mobile browser to crash.ht...

Apple iOS Safari - decodeURIComponent Remote Crash

Apple iOS Safari - decodeURIComponent Remote Crash Apple iPhone 3 Safari JavaScript - decodeURIComponent Remote Crash decodeURIComponent'$string'; "; iffileputcontents"./crash.html", $code echo"Point your safari mobile browser to crash.html.\r\n"; else echo"Cannot create file.\r\n"; ?...

Apple iPhone Safari decodeURIComponent Crash

Apple iPhone 3 Safari JavaScript - decodeURIComponent Remote Crash decodeURIComponent'$string'; "; iffileputcontents"./crash.html", $code echo"Point your safari mobile browser to crash.html.\r\n"; else echo"Cannot create file.\r\n"; ?...

Apple iOS Safari - 'decodeURIComponent' Remote Crash

Apple iPhone 3 Safari JavaScript - decodeURIComponent Remote Crash decodeURIComponent'$string'; "; iffileputcontents"./crash.html", $code echo"Point your safari mobile browser to crash.html.\r\n"; else echo"Cannot create file.\r\n"; ?...