Lucene search
K

11 matches found

Cvelist
Cvelist
added 2026/06/24 9:15 p.m.18 views

CVE-2026-54068 SiYuan: Unauthenticated SQLite Data Exfiltration via Template Injection in /api/icon/getDynamicIcon

SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, the /api/icon/getDynamicIcon endpoint is explicitly excluded from authentication in SiYuan's kernel router router.go, "不需要鉴权" -- no auth needed. When called with type=8 and a valid block id parameter, this endpoint...

5.9CVSS0.00239EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.21 views

PT-2026-51455

Name of the Vulnerable Software and Affected Versions Actual versions prior to 26.6.0 Description Actual is a local-first personal finance tool that fails to neutralize formula-trigger characters when exporting data to CSV. The functions exportToCSV and exportQueryToCSV in...

4.2CVSS6.7AI score0.00286EPSS
Exploits0References10
ATTACKERKB
ATTACKERKB
added 2026/03/13 9:10 p.m.4 views

CVE-2026-32704

SiYuan is a personal knowledge management system. Prior to 3.6.1, POST /api/template/renderSprig lacks model.CheckAdminRole, allowing any authenticated user to execute arbitrary SQL queries against the SiYuan workspace database and exfiltrate all note content, metadata, and custom attributes. Thi...

6.5CVSS6.1AI score0.00246EPSS
Exploits1References2Affected Software1
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-25805

Malicious code in bioql PyPI...

6.1CVSS6.6AI score0.00193EPSS
Exploits1References2
OSV
OSV
added 2025/08/26 3:15 p.m.3 views

CVE-2025-52035

A vulnerability in NotesCMS and specifically in the page /index.php?route=notes. The manipulation of the title of the service descriptions leads to a stored XSS vulnerability. The issue was confirmed to be present in the source code as of commit 7d821a0f028b0778b245b99ab3d3bff1ac10e2d3 dated...

6.1CVSS5.7AI score
Exploits0References2
NVD
NVD
added 2025/08/26 3:15 p.m.6 views

CVE-2025-52037

A vulnerability has been found in NotesCMS and classified as medium. Affected by this vulnerability is the page /index.php?route=sites. The manipulation of the title of the service descriptions leads to a stored XSS vulnerability. The issue was confirmed to be present in the source code as of...

6.1CVSS0.0018EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/08/26 12:0 a.m.6 views

CVE-2025-52036

A vulnerability has been found in NotesCMS and classified as medium. Affected by this vulnerability is the page /index.php?route=categories. The manipulation of the title of the service descriptions leads to a stored XSS vulnerability. The issue was confirmed to be present in the source code as o...

5.8AI score0.00193EPSS
Exploits1References2
CVE
CVE
added 2025/08/26 12:0 a.m.20 views

CVE-2025-52036

NotesCMS contains a stored XSS vulnerability (CWE-79) on the /index.php?route=categories page. The issue arises from manipulation of the service descriptions title in the source code, present as of commit 7d821a0f028b0778b245b99ab3d3bff1ac10e2d3 (2024-05-08) and fixed in commit 95322c5121dbd7070f...

6.1CVSS5.9AI score0.00193EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2025/08/26 12:0 a.m.2 views

CVE-2025-52035

A vulnerability in NotesCMS and specifically in the page /index.php?route=notes. The manipulation of the title of the service descriptions leads to a stored XSS vulnerability. The issue was confirmed to be present in the source code as of commit 7d821a0f028b0778b245b99ab3d3bff1ac10e2d3 dated...

5.8AI score0.00193EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2025/05/22 6:15 p.m.10 views

CVE-2021-1859

A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.3. Locked Notes content may have been unexpectedly unlocked...

7.8CVSS6.2AI score0.01411EPSS
Exploits0References1
CVE
CVE
added 2024/04/24 4:43 p.m.76 views

CVE-2024-23228

Apple iOS 17.3 and iPadOS 17.3 fix a vulnerability in the Notes component where Locked Notes content may have been unexpectedly unlocked due to state-management issues. Affected products are iPhone and iPad models supporting iOS/iPadOS 17.3. Root cause: improved state management within Notes. Imp...

4.3CVSS6AI score0.00347EPSS
Exploits0References3Affected Software2
Rows per page
Query Builder