CVE-2026-8890

The CVE-2026-8890 entry affects code100x Mobile API. The vulnerability is an authentication bypass in the Mobile API’s middleware.ts: when an Auth-Key header is present but not validated, an attacker can inject a crafted JSON payload in the g header, spoofing a user identity that downstream handl...

CVE-2026-8890 code100x Mobile API Authentication Bypass via Header Spoofing

code100x contains an authentication bypass vulnerability in the Mobile API that allows unauthenticated attackers to impersonate arbitrary users by supplying a crafted JSON payload in the 'g' HTTP header. The middleware in middleware.ts skips identity header generation when an Auth-Key header is...

EUVD-2026-31953

code100x contains an authentication bypass vulnerability in the Mobile API that allows unauthenticated attackers to impersonate arbitrary users by supplying a crafted JSON payload in the 'g' HTTP header. The middleware in middleware.ts skips identity header generation when an Auth-Key header is...

Huawei EMUI和Huawei HarmonyOS 安全漏洞

Huawei EMUI and Huawei HarmonyOS are both products of the Chinese company Huawei. Huawei EMUI is a mobile operating system developed based on Android. Huawei HarmonyOS is an operating system that provides a full-scenario distributed operating system based on a microkernel. There are security...

GO-2026-4706 SiYuan Vulnerable to Remote Code Execution via Stored XSS in Notebook Name - Mobile Interface in github.com/siyuan-note/siyuan/kernel

SiYuan Vulnerable to Remote Code Execution via Stored XSS in Notebook Name - Mobile Interface in github.com/siyuan-note/siyuan/kernel...

CVE-2026-32751

SiYuan vulnerability CVE-2026-32751 affects versions 3.6.0 and earlier where the mobile file tree (MobileFiles.ts) renders notebook names with innerHTML without escaping during renamenotebook WebSocket events. This allows an authenticated user who can rename notebooks to inject HTML/JavaScript th...

CVE-2026-32751 SiYuan Vulnerable to Remote Code Execution via Stored XSS in Notebook Name - Mobile Interface

SiYuan is a personal knowledge management system. In versions 3.6.0 and below, the mobile file tree MobileFiles.ts renders notebook names via innerHTML without HTML escaping when processing renamenotebook WebSocket events. The desktop version Files.ts properly uses escapeHtml for the same...

CVE-2026-32751 SiYuan Vulnerable to Remote Code Execution via Stored XSS in Notebook Name - Mobile Interface

SiYuan is a personal knowledge management system. In versions 3.6.0 and below, the mobile file tree MobileFiles.ts renders notebook names via innerHTML without HTML escaping when processing renamenotebook WebSocket events. The desktop version Files.ts properly uses escapeHtml for the same...

CVE-2026-32751 SiYuan Vulnerable to Remote Code Execution via Stored XSS in Notebook Name - Mobile Interface

SiYuan is a personal knowledge management system. In versions 3.6.0 and below, the mobile file tree MobileFiles.ts renders notebook names via innerHTML without HTML escaping when processing renamenotebook WebSocket events. The desktop version Files.ts properly uses escapeHtml for the same...

GHSA-QR46-RCV3-4HQ3 SiYuan Vulnerable to Remote Code Execution via Stored XSS in Notebook Name - Mobile Interface

Remote Code Execution via Stored XSS in Notebook Name - Mobile Interface Summary SiYuan's mobile file tree MobileFiles.ts renders notebook names via innerHTML without HTML escaping when processing renamenotebook WebSocket events. The desktop version Files.ts properly uses escapeHtml for the same...

SiYuan Vulnerable to Remote Code Execution via Stored XSS in Notebook Name - Mobile Interface

Remote Code Execution via Stored XSS in Notebook Name - Mobile Interface Summary SiYuan's mobile file tree MobileFiles.ts renders notebook names via innerHTML without HTML escaping when processing renamenotebook WebSocket events. The desktop version Files.ts properly uses escapeHtml for the same...

PT-2026-25826

Name of the Vulnerable Software and Affected Versions SiYuan versions 3.6.0 and below SiYuan versions prior to 3.6.1 Description SiYuan is a personal knowledge management system. The mobile file tree component MobileFiles.ts renders notebook names using innerHTML without proper HTML escaping when...

Huawei EMUI和Huawei HarmonyOS 安全漏洞

Huawei EMUI is a mobile operating system developed based on Android.Huawei HarmonyOS is an operating system. Provides a full-scene distributed operating system based on a microkernel. A privilege bypass vulnerability exists in the Huawei EMUI and Huawei HarmonyOS system service framework, which c...

CVE-2021-31934

OX App Suite 7.10.4 and earlier allows XSS via a crafted contact object payload in the position or company field that is mishandled in the App Suite UI on a smartphone...

Mitsubishi Electric多款产品 操作系统命令注入漏洞

Mitsubishi Electric MC Works64 and others are products of Mitsubishi Electric Mitsubishi Electric, Japan.Mitsubishi Electric MC Works64 is a data acquisition and monitoring system SCADA.Mitsubishi Electric Mitsubishi Electric MC Works64 is a data acquisition and monitoring system SCADA.Mitsubishi...

Tigo Energy Cloud Connect Advanced Command Injection Vulnerability

The Tigo Energy Cloud Connect Advanced is a compact data logger from Tigo Energy USA. Tigo Energy Cloud Connect Advanced suffers from a command injection vulnerability due to a flaw in the /cgi-bin/mobileapi endpoint when the DEVICEPING command is invoked. An attacker could exploit the...

Exploit for CVE-2025-7769

CVE-2025-7769 – Remote Command Injection in mobileapi Des...

Tigo Energy Cloud Connect Advanced 命令注入漏洞

The Tigo Energy Cloud Connect Advanced is a compact data logger from Tigo Energy USA. Tigo Energy Cloud Connect Advanced suffers from a command injection vulnerability due to a flaw in the /cgi-bin/mobileapi endpoint when the DEVICEPING command is invoked. An attacker could exploit the...

Huawei HarmonyOS 安全漏洞

Huawei EMUI and Huawei HarmonyOS are both products of Huawei, a mobile operating system based on Android, and Huawei HarmonyOS, a distributed operating system developed by Huawei for the whole scenario, aiming at realizing intelligent interconnection and resource sharing among people, devices, an...

Unauthorized Access Vulnerability in Vivo Mobile Interface

The business scope of Guangdong Tianchen Network Technology Co., Ltd. includes: technical development and sales of computer software and hardware; technical development and sales of Internet and mobile Internet software products; design of mobile communication equipment and software, etc. There i...