Lucene search
K

5 matches found

Vulnrichment
Vulnrichment
added 2026/04/16 11:14 p.m.5 views

CVE-2026-40922 SiYuan: Incomplete sanitization of bazaar README allows stored XSS via iframe srcdoc (incomplete fix for CVE-2026-33066)

SiYuan is an open-source personal knowledge management system. In versions 3.6.1 through 3.6.3, a prior fix for XSS in bazaar README rendering incomplete fix for CVE-2026-33066 enabled the Lute HTML sanitizer, but the sanitizer does not block iframe tags, and its URL-prefix blocklist does not...

5.3CVSS6.8AI score0.00261EPSS
Exploits1References4
EUVD
EUVD
added 2026/04/16 11:14 p.m.3 views

EUVD-2026-23331

SiYuan is an open-source personal knowledge management system. In versions 3.6.1 through 3.6.3, a prior fix for XSS in bazaar README rendering incomplete fix for CVE-2026-33066 enabled the Lute HTML sanitizer, but the sanitizer does not block iframe tags, and its URL-prefix blocklist does not...

9CVSS6.9AI score0.00584EPSS
Exploits2References4
Vulnrichment
Vulnrichment
added 2026/04/16 10:54 p.m.5 views

CVE-2026-40318 SiYuan: Publish Reader Path Traversal Delete via `removeUnusedAttributeView`

SiYuan is an open-source personal knowledge management system. In versions 3.6.3 and prior, the /api/av/removeUnusedAttributeView endpoint constructs a filesystem path using the user-controlled id parameter without validation or path boundary enforcement. An attacker can inject path traversal...

8.5CVSS5.8AI score0.00287EPSS
Exploits0References2
Patchstack
Patchstack
added 2024/03/25 12:0 a.m.13 views

WordPress Shortlinks by Pretty Links Plugin <= 3.6.3 is vulnerable to Cross Site Request Forgery (CSRF)

Software Shortlinks by Pretty Links Type Plugin Vulnerable versions = 3.6.3 Fixed in 3.6.4 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-2326 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 02d57a965c0b Credits Webbernau...

4.3CVSS7AI score0.0021EPSS
Exploits0References3Affected Software1
UbuntuCve
UbuntuCve
added 2019/07/22 5:15 p.m.34 views

CVE-2019-1010228

OFFIS.de DCMTK 3.6.3 and below is affected by: Buffer Overflow. The impact is: Possible code execution and confirmed Denial of Service. The component is: DcmRLEDecoder::decompress file dcrledec.h, line 122. The attack vector is: Many scenarios of DICOM file processing e.g. DICOM to image...

9.8CVSS7.5AI score0.07629EPSS
Exploits1References4
Rows per page
Query Builder