CVE-2026-44670

SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, the kernel stores Attribute View AV / database names without any HTML escape, then a render template uses raw strings.ReplaceAlltpl, "$avName", nodeAvName to embed the name in HTML before pushing to all clients via...

CVE-2019-4001

Improper input validation in Druva inSync Client 6.5.0 allows a local, authenticated attacker to execute arbitrary NodeJS code...

Druva 注入漏洞

Druva is a large-scale SaaS platform from US-based Druva, Inc. bringing the simplicity, scalability and security of the public cloud to enterprise data protection and management. A security vulnerability exists in Druva version 6.9.0 that stems from a URL injection vulnerability in the inSync...

Arbitrary Code Execution

Overview mosc is an a simple inline object model builder for NodeJS A small port exists for client-side javascript. Affected versions of this package are vulnerable to Arbitrary Code Execution. User input provided to properties argument is executed by the eval function, resulting in code executio...