GHSA-8Q5W-MMXF-48JG SiYuan has incomplete fix for CVE-2026-33066: XSS

Summary The incomplete fix for SiYuan's bazaar README rendering enables the Lute HTML sanitizer but fails to block tags, allowing stored XSS via srcdoc attributes containing embedded scripts that execute in the Electron context. Affected Package - Ecosystem: Go - Package:...

PT-2026-33376

Name of the Vulnerable Software and Affected Versions SiYuan versions 3.6.1 through 3.6.3 Description An issue exists in the bazaar README rendering where the Lute HTML sanitizer fails to block iframe tags and does not effectively filter srcdoc attributes containing raw HTML. A malicious bazaar...

EUVD-2014-4290

Malware in sbrugna...

SUSE CVE-2016-9650

Blink in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android incorrectly handled iframes, which allowed a remote attacker to bypass a no-referrer policy via a crafted HTML page...

PT-2021-15590 · Mcafee · Mcafee Epolicy Orchestrator

Name of the Vulnerable Software and Affected Versions: McAfee ePolicy Orchestrator versions prior to 5.10 Update 10 Description: The issue is related to an unvalidated client-side URL redirect, which could allow an authenticated user to load an untrusted site in an ePO iframe, potentially leading...

CVE-2020-9390

SquaredUp allowed Stored XSS before version 4.6.0. A user was able to create a dashboard that executed malicious content in iframe or by uploading an SVG that contained a script...