Lucene search
K

36 matches found

NVD
NVD
added 2026/06/24 10:16 p.m.10 views

CVE-2026-54068

SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, the /api/icon/getDynamicIcon endpoint is explicitly excluded from authentication in SiYuan's kernel router router.go, "不需要鉴权" -- no auth needed. When called with type=8 and a valid block id parameter, this endpoint...

5.9CVSS0.00239EPSS
Exploits0References1
CVE
CVE
added 2026/06/24 9:15 p.m.7 views

CVE-2026-54068

SiYuan before 3.7.0: unauthenticated access to /api/icon/getDynamicIcon where type=8 with a valid block id runs Go templates that execute arbitrary SQL (RenderDynamicIconContentTemplate), enabling an attacker to exfiltrate extensive SQLite data (notes, tags, asset refs, block attributes). The roo...

5.9CVSS6AI score0.00239EPSS
Exploits0References1
Veracode
Veracode
added 2026/05/15 11:11 a.m.14 views

Cross-Site Scripting (XSS)

github.com/siyuan-note/siyuan is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to incomplete SVG sanitization and improper handling of user-controlled input in the /api/icon/getDynamicIcon endpoint, which allows an attacker to inject malicious SVG content and execute JavaScript...

9.3CVSS6.4AI score0.00302EPSS
Exploits1References5Affected Software1
NVD
NVD
added 2026/03/31 10:16 p.m.10 views

CVE-2026-34605

SiYuan is a personal knowledge management system. From version 3.6.0 to before version 3.6.2, the SanitizeSVG function introduced in version 3.6.0 to fix XSS in the unauthenticated /api/icon/getDynamicIcon endpoint can be bypassed by using namespace-prefixed element names such as . The Go HTML5...

8.6CVSS0.00469EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/03/31 9:50 p.m.1 views

CVE-2026-34605

SiYuan is a personal knowledge management system. From version 3.6.0 to before version 3.6.2, the SanitizeSVG function introduced in version 3.6.0 to fix XSS in the unauthenticated /api/icon/getDynamicIcon endpoint can be bypassed by using namespace-prefixed element names such as . The Go HTML5...

8.6CVSS5.7AI score0.00469EPSS
Exploits1References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/31 12:0 a.m.5 views

PT-2026-29401

Name of the Vulnerable Software and Affected Versions: SiYuan versions 3.6.0 through 3.6.1 Description: SiYuan is a personal knowledge management system. The SanitizeSVG function, introduced in version 3.6.0 to address XSS in the unauthenticated /api/icon/getDynamicIcon endpoint, can be bypassed ...

8.6CVSS5.9AI score0.00469EPSS
Exploits1References12
SUSE CVE
SUSE CVE
added 2026/03/28 12:26 a.m.4 views

SUSE CVE-2026-32940

SiYuan is a personal knowledge management system. In versions 3.6.0 and below, SanitizeSVG has an incomplete blocklist - it blocks data:text/html and data:image/svg+xml in href attributes but misses data:text/xml and data:application/xml, both of which can render SVG with JavaScript execution. Th...

9.3CVSS5.8AI score0.00302EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2026/03/26 3:7 p.m.5 views

CVE-2026-31809

SiYuan is a personal knowledge management system. Prior to 3.5.10, SiYuan's SVG sanitizer SanitizeSVG checks href attributes for the javascript: prefix using strings.HasPrefix. However, inserting ASCII tab , newline , or carriage return characters inside the javascript: string bypasses this prefi...

9.3CVSS5.8AI score0.00625EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:2 p.m.4 views

CVE-2026-32940

SiYuan is a personal knowledge management system. In versions 3.6.0 and below, SanitizeSVG has an incomplete blocklist — it blocks data:text/html and data:image/svg+xml in href attributes but misses data:text/xml and data:application/xml, both of which can render SVG with JavaScript execution. Th...

9.3CVSS5.7AI score0.00302EPSS
Exploits1References1
SUSE CVE
SUSE CVE
added 2026/03/25 12:25 a.m.4 views

SUSE CVE-2026-29183

SiYuan is a personal knowledge management system. Prior to version 3.5.9, an unauthenticated reflected XSS vulnerability exists in the dynamic icon API endpoint "GET /api/icon/getDynamicIcon" when type=8, attacker-controlled content is embedded into SVG output without escaping. Because the endpoi...

9.3CVSS5.7AI score0.00625EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2026/03/25 12:24 a.m.4 views

SUSE CVE-2026-31809

SiYuan is a personal knowledge management system. Prior to 3.5.10, SiYuan's SVG sanitizer SanitizeSVG checks href attributes for the javascript: prefix using strings.HasPrefix. However, inserting ASCII tab , newline , or carriage return characters inside the javascript: string bypasses this prefi...

6.4CVSS5.9AI score0.00505EPSS
Exploits1References3
NVD
NVD
added 2026/03/20 4:16 a.m.4 views

CVE-2026-32940

SiYuan is a personal knowledge management system. In versions 3.6.0 and below, SanitizeSVG has an incomplete blocklist — it blocks data:text/html and data:image/svg+xml in href attributes but misses data:text/xml and data:application/xml, both of which can render SVG with JavaScript execution. Th...

9.3CVSS0.00302EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2026/03/20 3:33 a.m.4 views

CVE-2026-32940

SiYuan is a personal knowledge management system. In versions 3.6.0 and below, SanitizeSVG has an incomplete blocklist — it blocks data:text/html and data:image/svg+xml in href attributes but misses data:text/xml and data:application/xml, both of which can render SVG with JavaScript execution. Th...

9.3CVSS5.7AI score0.00302EPSS
Exploits1References5Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/17 12:0 a.m.6 views

PT-2026-26178

Name of the Vulnerable Software and Affected Versions SiYuan versions 3.6.0 and earlier Description SiYuan, a personal knowledge management system, has an incomplete blocklist in its SanitizeSVG function. The function blocks 'data:text/html' and 'data:image/svg+xml' in 'href' attributes but fails...

9.3CVSS5.9AI score0.00302EPSS
Exploits1References13
EUVD
EUVD
added 2026/03/10 11:57 p.m.7 views

EUVD-2026-10897

SiYuan has a SVG Sanitizer Bypass via Whitespace in javascript: URI — Unauthenticated XSS...

6.4CVSS5.8AI score0.00505EPSS
Exploits1References3
EUVD
EUVD
added 2026/03/10 11:57 p.m.5 views

EUVD-2026-10896

SiYuan has a SVG Sanitizer Bypass via Whitespace in javascript: URI — Unauthenticated XSS...

6.4CVSS5.8AI score0.00505EPSS
Exploits1References3
OSV
OSV
added 2026/03/10 11:57 p.m.2 views

GHSA-PMC9-F5QR-2PCR SiYuan has a SVG Sanitizer Bypass via Whitespace in `javascript:` URI — Unauthenticated XSS

SVG Sanitizer Bypass via Whitespace in javascript: URI — Unauthenticated XSS Summary SiYuan's SVG sanitizer SanitizeSVG checks href attributes for the javascript: prefix using strings.HasPrefix. However, inserting ASCII tab , newline , or carriage return characters inside the javascript: string...

6.4CVSS5.8AI score0.00505EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2026/03/10 11:57 p.m.7 views

SiYuan has a SVG Sanitizer Bypass via Whitespace in `javascript:` URI — Unauthenticated XSS

SVG Sanitizer Bypass via Whitespace in javascript: URI — Unauthenticated XSS Summary SiYuan's SVG sanitizer SanitizeSVG checks href attributes for the javascript: prefix using strings.HasPrefix. However, inserting ASCII tab , newline , or carriage return characters inside the javascript: string...

6.4CVSS5.8AI score0.00505EPSS
Exploits1References4Affected Software1
EUVD
EUVD
added 2026/03/10 11:49 p.m.5 views

EUVD-2026-10892

SiYuan has a SVG Sanitizer Bypass via Element — Unauthenticated XSS...

6.4CVSS5.8AI score0.00445EPSS
Exploits1References3
EUVD
EUVD
added 2026/03/10 11:49 p.m.3 views

EUVD-2026-10893

SiYuan has a SVG Sanitizer Bypass via Element — Unauthenticated XSS...

6.4CVSS5.8AI score0.00445EPSS
Exploits1References3
Rows per page
Query Builder