18 matches found
SiYuan has incomplete fix for CVE-2026-33066: XSS
Summary The incomplete fix for SiYuan's bazaar README rendering enables the Lute HTML sanitizer but fails to block tags, allowing stored XSS via srcdoc attributes containing embedded scripts that execute in the Electron context. Affected Package - Ecosystem: Go - Package:...
CVE-2026-25647
Lute is a structured Markdown engine supporting Go and JavaScript. Lute 1.7.6 and earlier as used in SiYuan before has a Stored Cross-Site Scripting XSS vulnerability in the Markdown rendering engine. An attacker can inject malicious JavaScript into a Markdown text/note. When another user clicks...
CVE-2026-25647
Lute is a structured Markdown engine supporting Go and JavaScript. Lute 1.7.6 and earlier as used in SiYuan before has a Stored Cross-Site Scripting XSS vulnerability in the Markdown rendering engine. An attacker can inject malicious JavaScript into a Markdown text/note. When another user clicks...
CVE-2026-25647
Lute is a structured Markdown engine supporting Go and JavaScript. Lute 1.7.6 and earlier as used in SiYuan before has a Stored Cross-Site Scripting XSS vulnerability in the Markdown rendering engine. An attacker can inject malicious JavaScript into a Markdown text/note. When another user clicks...
CVE-2026-25647 Lute has a Stored Cross-Site Scripting (XSS) via Markdown hyperlink
Lute is a structured Markdown engine supporting Go and JavaScript. Lute 1.7.6 and earlier as used in SiYuan before has a Stored Cross-Site Scripting XSS vulnerability in the Markdown rendering engine. An attacker can inject malicious JavaScript into a Markdown text/note. When another user clicks...
CVE-2026-25647 Lute has a Stored Cross-Site Scripting (XSS) via Markdown hyperlink
Lute is a structured Markdown engine supporting Go and JavaScript. Lute 1.7.6 and earlier as used in SiYuan before has a Stored Cross-Site Scripting XSS vulnerability in the Markdown rendering engine. An attacker can inject malicious JavaScript into a Markdown text/note. When another user clicks...
CVE-2026-25647
Lute
EUVD-2026-5622
Lute is a structured Markdown engine supporting Go and JavaScript. Lute 1.7.6 and earlier as used in SiYuan before has a Stored Cross-Site Scripting XSS vulnerability in the Markdown rendering engine. An attacker can inject malicious JavaScript into a Markdown text/note. When another user clicks...
lute 跨站脚本漏洞
Lute is a structured Markdown engine developed by D individual. Versions of Lute 1.7.6 and earlier had a cross-site scripting vulnerability. This vulnerability stemmed from the Markdown rendering engine’s storage-based cross-site scripting feature, which could allow malicious JavaScript to be...
PT-2026-6776
Name of the Vulnerable Software and Affected Versions Lute versions prior to 1.7.7 Description Lute, a structured Markdown engine supporting Go and JavaScript, contains a Stored Cross-Site Scripting XSS issue in its Markdown rendering engine. An attacker can inject malicious JavaScript into...
MAL-2025-125341 Malicious code in chosen_zebra_z3n (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 12bb763918f935f0433bbbf3edbaeefbac0b900500670149873cb044ea80c4c4 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2019-6706
Malware in sbrugna...
CVE-2019-15783
Lute-Tab before 2019-08-23 has a buffer overflow in pdfprint.cc...
Lute-Tab Buffer Overflow Vulnerability
Lute-Tab is a utility program for editing sound scores. A buffer overflow vulnerability exists in Lute-Tab. The vulnerability stems from a networked system or product performing operations in memory without properly validating data boundaries, resulting in incorrect read and write operations bein...
CVE-2019-15783
Lute-Tab before 2019-08-23 has a buffer overflow in pdfprint.cc...
CVE-2019-15783
Lute-Tab before 2019-08-23 has a buffer overflow in pdfprint.cc...
CVE-2019-15783
CVE-2019-15783 affects Lute-Tab and is linked to a buffer overflow in pdf_print.cc that was present before 2019-08-23. Multiple connected sources corroborate this issue across CVE databases (NVD, Red Hat, CNVD, CVE lists). The NVD entry lists a CVSS 3.0 base score of 9.8 (CRITICAL) with remote ne...
CVE-2019-15783
Lute-Tab before 2019-08-23 has a buffer overflow in pdfprint.cc...