Lucene search
K

25 matches found

EUVD
EUVD
added 4 days ago6 views

EUVD-2026-39128

SiYuan: Stored XSS to RCE via Unsanitized Attribute View Asset Cell Content...

9.9CVSS6.1AI score0.0044EPSS
Exploits0References2
NVD
NVD
added 2026/06/24 10:16 p.m.8 views

CVE-2026-50551

SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, SiYuan contains a stored cross-site scripting XSS vulnerability in the Attribute View database asset cell renderer that escalates to remote code execution RCE in the Electron desktop client. This vulnerability is fixed...

9.9CVSS0.0044EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/24 9:21 p.m.18 views

CVE-2026-54759 SiYuan: Lute HTML sanitizer allows `<iframe>` tags in Bazaar package README, leading to arbitrary command execution via SiYuan Electron client

SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, Lute's HTML sanitizer does not remove elements. Combined with the SiYuan Electron client's permissive security configuration, an attacker can include a malicious in a Bazaar package README that executes arbitrary...

8.7CVSS0.00262EPSS
Exploits0References1
CVE
CVE
added 2026/06/24 9:21 p.m.11 views

CVE-2026-54759

SiYuan’s Lute HTML sanitizer (prior to version 3.7.0) fails to remove elements. When combined with the SiYuan Electron client’s permissive security configuration, a malicious in a Bazaar package README can trigger arbitrary command execution on the victim’s machine when package details are view...

8.7CVSS6.1AI score0.00262EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/24 9:20 p.m.7 views

CVE-2026-50551

SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, SiYuan contains a stored cross-site scripting XSS vulnerability in the Attribute View database asset cell renderer that escalates to remote code execution RCE in the Electron desktop client. This vulnerability is fixed...

9.9CVSS6.4AI score0.0044EPSS
Exploits0References2Affected Software1
RedhatCVE
RedhatCVE
added 2026/06/05 7:12 p.m.7 views

CVE-2026-39846

SiYuan is a personal knowledge management system. Prior to 3.6.4, a malicious note synced to another user can trigger remote code execution in the SiYuan Electron desktop client. The root cause is that table caption content is stored without safe escaping and later unescaped into rendered HTML,...

9CVSS6.3AI score0.00538EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/06/05 5:53 p.m.38 views

CVE-2026-45745 Termix has improper certificate validation in Electron desktop client that enables MITM credential/token theft

Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. Starting in version 1.7.0, Termix Desktop Electron disables TLS certificate validation, allowing a machine-in-the-middle attacker to intercept and modify HTTPS traffic to the configured...

8CVSS0.00168EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/06/05 5:53 p.m.9 views

CVE-2026-45745 Termix has improper certificate validation in Electron desktop client that enables MITM credential/token theft

Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. Starting in version 1.7.0, Termix Desktop Electron disables TLS certificate validation, allowing a machine-in-the-middle attacker to intercept and modify HTTPS traffic to the configured...

8CVSS5.5AI score0.00168EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/04/01 11:0 p.m.8 views

CVE-2026-34448

SiYuan is a personal knowledge management system. Prior to version 3.6.2, an attacker who can place a malicious URL in an Attribute View mAsse field can trigger stored XSS when a victim opens the Gallery or Kanban view with “Cover From - Asset Field” enabled. The vulnerable code accepts arbitrary...

9CVSS6.1AI score0.00489EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/04/01 11:0 p.m.6 views

CVE-2026-34585

SiYuan is a personal knowledge management system. Prior to version 3.6.2, a vulnerability allows crafted block attribute values to bypass server-side attribute escaping when an HTML entity is mixed with raw special characters. An attacker can embed a malicious IAL value inside a .sy document,...

8.6CVSS6.3AI score0.00343EPSS
Exploits1References1
NVD
NVD
added 2026/03/31 10:16 p.m.7 views

CVE-2026-34585

SiYuan is a personal knowledge management system. Prior to version 3.6.2, a vulnerability allows crafted block attribute values to bypass server-side attribute escaping when an HTML entity is mixed with raw special characters. An attacker can embed a malicious IAL value inside a .sy document,...

8.6CVSS0.00343EPSS
Exploits1References3
NVD
NVD
added 2026/03/31 10:16 p.m.6 views

CVE-2026-34448

SiYuan is a personal knowledge management system. Prior to version 3.6.2, an attacker who can place a malicious URL in an Attribute View mAsse field can trigger stored XSS when a victim opens the Gallery or Kanban view with “Cover From - Asset Field” enabled. The vulnerable code accepts arbitrary...

9CVSS0.00489EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/03/31 9:47 p.m.5 views

CVE-2026-34585 SiYuan: Stored XSS in imported .sy.zip content leads to arbitrary command execution

SiYuan is a personal knowledge management system. Prior to version 3.6.2, a vulnerability allows crafted block attribute values to bypass server-side attribute escaping when an HTML entity is mixed with raw special characters. An attacker can embed a malicious IAL value inside a .sy document,...

8.6CVSS6.4AI score0.00343EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/03/31 9:47 p.m.28 views

CVE-2026-34585 SiYuan: Stored XSS in imported .sy.zip content leads to arbitrary command execution

SiYuan is a personal knowledge management system. Prior to version 3.6.2, a vulnerability allows crafted block attribute values to bypass server-side attribute escaping when an HTML entity is mixed with raw special characters. An attacker can embed a malicious IAL value inside a .sy document,...

8.6CVSS0.00343EPSS
Exploits1References3
CVE
CVE
added 2026/03/31 9:47 p.m.13 views

CVE-2026-34585

SiYuan prior to version 3.6.2 is affected. A crafted IAL value inside a .sy document packaged as a .sy.zip can bypass server-side attribute escaping during Import, causing an HTML context break and stored XSS. In the Electron desktop client, this XSS can execute JavaScript with Node/Electron priv...

8.6CVSS6.4AI score0.00343EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2026/03/31 9:44 p.m.14 views

CVE-2026-34448

SiYuan prior to 3.6.2 is affected by a stored XSS in the Attribute View Gallery/Kanban rendering: placing a malicious URL in an Asset Field can be injected into an tag without escaping, with the Electron desktop client executing injected code due to nodeIntegration enabled and contextIsolation d...

9CVSS6.1AI score0.00489EPSS
Exploits1References3Affected Software1
EUVD
EUVD
added 2026/03/31 9:44 p.m.12 views

EUVD-2026-17675

SiYuan is a personal knowledge management system. Prior to version 3.6.2, an attacker who can place a malicious URL in an Attribute View mAsse field can trigger stored XSS when a victim opens the Gallery or Kanban view with “Cover From - Asset Field” enabled. The vulnerable code accepts arbitrary...

9CVSS6.1AI score0.00489EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/03/31 12:0 a.m.11 views

SiYuan 代码注入漏洞

SiYuan is a privacy-oriented personal knowledge management system developed by SiYuan itself. Versions of SiYuan prior to 3.6.2 contained a code injection vulnerability. This vulnerability stemmed from the possibility that custom block attribute values could bypass server-side attribute escaping,...

8.6CVSS6AI score0.00343EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2020-18619

Malware in sbrugna...

7.8CVSS7.6AI score0.0074EPSS
Exploits1References3
NVD
NVD
added 2020/11/19 9:15 p.m.21 views

CVE-2020-25989

Privilege escalation via arbitrary file write in pritunl electron client 1.0.1116.6 through v1.2.2550.20. Successful exploitation of the issue may allow an attacker to execute code on the effected system with root privileges...

7.8CVSS8AI score0.0074EPSS
Exploits1References2
Rows per page
Query Builder