Lucene search
K

2084 matches found

ATTACKERKB
ATTACKERKB
added 2026/05/18 12:0 a.m.8 views

CVE-2026-26462

Offline Hospital Management System 5.3.0 allows remote code execution due to an improper Electron renderer configuration. The application enables Node.js integration while disabling context isolation, allowing JavaScript executed in the renderer process to access Node.js APIs and execute arbitrar...

6.6AI score0.00318EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/18 12:0 a.m.15 views

PT-2026-41672

Offline Hospital Management System 5.3.0 allows remote code execution due to an improper Electron renderer configuration. The application enables Node.js integration while disabling context isolation, allowing JavaScript executed in the renderer process to access Node.js APIs and execute arbitrar...

6.6AI score0.00318EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/18 12:0 a.m.41 views

CVE-2026-26462

Offline Hospital Management System 5.3.0 allows remote code execution due to an improper Electron renderer configuration. The application enables Node.js integration while disabling context isolation, allowing JavaScript executed in the renderer process to access Node.js APIs and execute arbitrar...

0.00318EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/18 12:0 a.m.9 views

CVE-2026-26462

Offline Hospital Management System 5.3.0 allows remote code execution due to an improper Electron renderer configuration. The application enables Node.js integration while disabling context isolation, allowing JavaScript executed in the renderer process to access Node.js APIs and execute arbitrar...

6.6AI score0.00318EPSS
Exploits0References2
CVE
CVE
added 2026/05/18 12:0 a.m.16 views

CVE-2026-26462

CVE-2026-26462 affects Offline Hospital Management System 5.3.0. The root cause is an improper Electron renderer configuration that enables Node.js integration while disabling context isolation, allowing JavaScript in the renderer to access Node.js APIs and execute arbitrary operating system comm...

7.3CVSS6.6AI score0.00318EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/18 12:0 a.m.13 views

EUVD-2026-30773

Offline Hospital Management System 5.3.0 allows remote code execution due to an improper Electron renderer configuration. The application enables Node.js integration while disabling context isolation, allowing JavaScript executed in the renderer process to access Node.js APIs and execute arbitrar...

6.6AI score0.00318EPSS
Exploits0References2
Veracode
Veracode
added 2026/05/16 5:5 a.m.19 views

Use After Free

Electron is vulnerable to Use After Free. The vulnerability is due to improper handling of child windows in offscreen rendering mode after the parent WebContents is destroyed, which allows an attacker to trigger memory corruption or application crashes through crafted child window interactions...

8.1CVSS5.8AI score0.00444EPSS
Exploits0References5Affected Software1
RedhatCVE
RedhatCVE
added 2026/05/15 7:57 p.m.8 views

CVE-2026-44588

SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, he tooltip mouseover handler in app/src/block/popover.ts reads aria-label via getAttribute and passes it through decodeURIComponent before assigning to messageElement.innerHTML in app/src/dialog/tooltip.ts:41. The...

9.4CVSS6.1AI score0.00509EPSS
Exploits0References1
NVD
NVD
added 2026/05/14 7:16 p.m.21 views

CVE-2026-44670

SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, the kernel stores Attribute View AV / database names without any HTML escape, then a render template uses raw strings.ReplaceAlltpl, "$avName", nodeAvName to embed the name in HTML before pushing to all clients via...

9.4CVSS0.00509EPSS
Exploits0References1
NVD
NVD
added 2026/05/14 7:16 p.m.23 views

CVE-2026-44588

SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, he tooltip mouseover handler in app/src/block/popover.ts reads aria-label via getAttribute and passes it through decodeURIComponent before assigning to messageElement.innerHTML in app/src/dialog/tooltip.ts:41. The...

9.4CVSS0.00509EPSS
Exploits0References1
NVD
NVD
added 2026/05/14 7:16 p.m.19 views

CVE-2026-44586

SiYuan is an open-source personal knowledge management system. From 2.1.12 to before 3.7.0. SiYuan's Bazaar marketplace renders package author metadata from the public bazaar stage feed into HTML without escaping. In the desktop app this becomes stored XSS, and because SiYuan's Electron windows a...

8.3CVSS0.00307EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/14 6:25 p.m.9 views

CVE-2026-44670 SiYuan: Stored XSS via Attribute View name to Electron renderer RCE in SiYuan

SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, the kernel stores Attribute View AV / database names without any HTML escape, then a render template uses raw strings.ReplaceAlltpl, "$avName", nodeAvName to embed the name in HTML before pushing to all clients via...

9.4CVSS5.9AI score0.00509EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/14 6:25 p.m.44 views

CVE-2026-44670 SiYuan: Stored XSS via Attribute View name to Electron renderer RCE in SiYuan

SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, the kernel stores Attribute View AV / database names without any HTML escape, then a render template uses raw strings.ReplaceAlltpl, "$avName", nodeAvName to embed the name in HTML before pushing to all clients via...

9.4CVSS0.00509EPSS
Exploits0References1
CVE
CVE
added 2026/05/14 6:25 p.m.25 views

CVE-2026-44670

SiYuan CVE-2026-44670 describes a stored XSS that escalates to Electron renderer RCE due to HTML injection of AV (Attribute View) names. Before 3.7.0, AV names were stored without escaping and inserted into HTML in three code paths (render.ts outerHTML, Title.ts innerHTML, transaction.ts innerHTM...

9.4CVSS5.9AI score0.00509EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/14 6:23 p.m.45 views

CVE-2026-44588 SiYuan: URL-encoded title bypasses `escapeAriaLabel`, decoded by `decodeURIComponent` into a tooltip-XSS

SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, he tooltip mouseover handler in app/src/block/popover.ts reads aria-label via getAttribute and passes it through decodeURIComponent before assigning to messageElement.innerHTML in app/src/dialog/tooltip.ts:41. The...

9.4CVSS0.00509EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/14 6:23 p.m.9 views

EUVD-2026-30359

SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, he tooltip mouseover handler in app/src/block/popover.ts reads aria-label via getAttribute and passes it through decodeURIComponent before assigning to messageElement.innerHTML in app/src/dialog/tooltip.ts:41. The...

9.4CVSS6.1AI score0.00509EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/14 6:11 p.m.11 views

EUVD-2026-30354

SiYuan is an open-source personal knowledge management system. From 2.1.12 to before 3.7.0. SiYuan's Bazaar marketplace renders package author metadata from the public bazaar stage feed into HTML without escaping. In the desktop app this becomes stored XSS, and because SiYuan's Electron windows a...

8.3CVSS6AI score0.00307EPSS
Exploits0References1
CVE
CVE
added 2026/05/14 6:11 p.m.19 views

CVE-2026-44586

SiYuan (desktop) Bazaar marketplace before 3.7.0 renders package author metadata into HTML without escaping, enabling stored XSS. Because Electron windows are created with nodeIntegration: true and contextIsolation: false, a successful payload could access Node.js APIs and run code on the host. A...

8.3CVSS6AI score0.00307EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/14 6:11 p.m.6 views

CVE-2026-44586 SiYuan: Bazaar marketplace renders unescaped package author metadata, allowing XSS and Electron code execution

SiYuan is an open-source personal knowledge management system. From 2.1.12 to before 3.7.0. SiYuan's Bazaar marketplace renders package author metadata from the public bazaar stage feed into HTML without escaping. In the desktop app this becomes stored XSS, and because SiYuan's Electron windows a...

8.3CVSS6AI score0.00307EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/14 6:11 p.m.32 views

CVE-2026-44586 SiYuan: Bazaar marketplace renders unescaped package author metadata, allowing XSS and Electron code execution

SiYuan is an open-source personal knowledge management system. From 2.1.12 to before 3.7.0. SiYuan's Bazaar marketplace renders package author metadata from the public bazaar stage feed into HTML without escaping. In the desktop app this becomes stored XSS, and because SiYuan's Electron windows a...

8.3CVSS0.00307EPSS
Exploits0References1
Rows per page
Query Builder