386 matches found
GHSA-4663-4MPG-879V SiYuan has Stored XSS to RCE via Unsanitized Bazaar README Rendering
Stored XSS to RCE via Unsanitized Bazaar README Rendering Summary SiYuan's Bazaar community marketplace renders package README content without HTML sanitization. The backend renderREADME function uses lute.New without calling SetSanitizetrue, allowing raw HTML embedded in Markdown to pass through...
SiYuan has Stored XSS to RCE via Unsanitized Bazaar README Rendering
Stored XSS to RCE via Unsanitized Bazaar README Rendering Summary SiYuan's Bazaar community marketplace renders package README content without HTML sanitization. The backend renderREADME function uses lute.New without calling SetSanitizetrue, allowing raw HTML embedded in Markdown to pass through...
PT-2026-26188
Name of the Vulnerable Software and Affected Versions SiYuan versions 3.6.0 and earlier SiYuan versions 3.5.9 and earlier Description SiYuan is a personal knowledge management system. The backend 'renderREADME' function uses 'lute.New' without calling 'SetSanitizetrue', allowing raw HTML embedded...
GHSA-V3MG-9V85-FCM7 SiYuan Vulnerable to Remote Code Execution via Malicious Bazaar Package — Marketplace XSS
Remote Code Execution via Malicious Bazaar Package — Marketplace XSS Summary SiYuan's Bazaar community marketplace renders plugin/theme/template metadata and README content without sanitization. A malicious package author can achieve RCE on any user who browses the Bazaar by: 1. Package metadata...
SiYuan Vulnerable to Remote Code Execution via Malicious Bazaar Package — Marketplace XSS
Remote Code Execution via Malicious Bazaar Package — Marketplace XSS Summary SiYuan's Bazaar community marketplace renders plugin/theme/template metadata and README content without sanitization. A malicious package author can achieve RCE on any user who browses the Bazaar by: 1. Package metadata...
PT-2026-33376
Name of the Vulnerable Software and Affected Versions SiYuan versions 3.6.1 through 3.6.3 Description An issue exists in the bazaar README rendering where the Lute HTML sanitizer fails to block iframe tags and does not effectively filter srcdoc attributes containing raw HTML. A malicious bazaar...
MAL-2026-907 Malicious code in tronpad (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 6002c93fa065aaf9656b42830fd923134eb1d298d2c07b0d61865395577771c9 Package appears to be designed for private key exfiltration, but no known usage. The name appears to be related to the cryptocurrency TRX Tron / Tronix. Some...
Malicious code in troncloud (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 8c123c7a348b5856fcedbadf1312d14b224c100c7138bfeeb3eff610fbf9dc12 Package appears to be designed for private key exfiltration, but no known usage. The name appears to be related to the cryptocurrency TRX Tron / Tronix. Some...
Security update for cargo-auditable
This update for cargo-auditable fixes the following issues: Update to version 0.7.20. Security issues fixed: CVE-2026-25727: parsing of user-provided input by the RFC 2822 date parser can lead to stack exhaustion bsc1257906. Other updates and bugfixes: Update to version 0.7.20: mention cargo-dist...
SUSE-SU-2026:20173-1 Security update for ucode-amd
This update for ucode-amd fixes the following issues: Changes in ucode-amd: - Update to version 20251203 git commit a0f0e52138e5: linux-firmware: Update amd-ucode copyright information linux-firmware: Update AMD cpu microcode - Update to version 20251113 git commit fb0dbcd30118: linux-firmware:...
SUSE-SU-2026:20203-1 Security update for ucode-amd
This update for ucode-amd fixes the following issues: Changes in ucode-amd: - Update to version 20251203 git commit a0f0e52138e5: linux-firmware: Update amd-ucode copyright information linux-firmware: Update AMD cpu microcode - Update to version 20251113 git commit fb0dbcd30118: linux-firmware:...
CVE-2026-23525
1Panel is an open-source, web-based control panel for Linux server management. A stored Cross-Site Scripting XSS vulnerability exists in the 1Panel App Store when viewing application details. Malicious scripts can execute in the context of the user’s browser, potentially compromising session data...
CVE-2026-23525 1panel App Store vulnerable to Cross-site Scripting
1Panel is an open-source, web-based control panel for Linux server management. A stored Cross-Site Scripting XSS vulnerability exists in the 1Panel App Store when viewing application details. Malicious scripts can execute in the context of the user’s browser, potentially compromising session data...
CVE-2026-23525
CVE-2026-23525 affects 1Panel, a web-based Linux server management panel. The stored XSS vulnerability originates from insufficient sanitization in the MdEditor component (previewOnly) used to render App Store and related content, allowing malicious scripts to run in the user’s browser and potent...
Exploit for CVE-2026-23550
CYBERDUDEBIVASH Modular DS CVE-2026-23550 Detector Overvie...
CVE-2025-23643
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in a.ankit ReadMe Creator readme-creator allows Reflected XSS.This issue affects ReadMe Creator: from n/a through = 1.0...
[SECURITY] Fedora 42 Update: retroarch-1.22.0-1.fc42
libretro is an API that exposes generic audio/video/input callbacks. A fronte nd for libretro such as RetroArch handles video output, audio output, input and application lifecycle. A libretro core written in portable C or C++ can run seamlessly on many platforms with very little to no porting...
openSUSE 16 Security Update : mariadb (openSUSE-SU-2025:20175-1)
The remote openSUSE 16 host has packages installed that are affected by a vulnerability as referenced in the openSUSE- SU-2025:20175-1 advisory. - Update to 11.8.5: CVE-2025-13699: Fixed Directory Traversal Remote Code Execution Vulnerability bsc1254313 Other fixes: - Add %license tags to license...
SUSE SLES15: libmariadbd-devel / libmariadbd19 / mariadb / mariadb-bench / etc (SUSE-SU-2025:4502-1)
The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2025:4502-1 advisory. - CVE-2025-13699: Fixed MariaDB mariadb-dump utility vulnerable to Path Traversal and Remote Code Execution bsc1254313 Other...
OPENSUSE-SU-2025:20175-1 Security update for mariadb
This update for mariadb fixes the following issues: - Update to 11.8.5: CVE-2025-13699: Fixed Directory Traversal Remote Code Execution Vulnerability bsc1254313 Other fixes: - Add %license tags to license files bsc1252162 - Add INSTALLDOCREADMEDIR cmake flag to install readme and license files -...