Lucene search
+L

386 matches found

OSV
OSV
added 2026/03/18 4:9 p.m.4 views

GHSA-4663-4MPG-879V SiYuan has Stored XSS to RCE via Unsanitized Bazaar README Rendering

Stored XSS to RCE via Unsanitized Bazaar README Rendering Summary SiYuan's Bazaar community marketplace renders package README content without HTML sanitization. The backend renderREADME function uses lute.New without calling SetSanitizetrue, allowing raw HTML embedded in Markdown to pass through...

5.3CVSS6.2AI score0.00584EPSS
Exploits2References4
Github Security Blog
Github Security Blog
added 2026/03/18 4:9 p.m.10 views

SiYuan has Stored XSS to RCE via Unsanitized Bazaar README Rendering

Stored XSS to RCE via Unsanitized Bazaar README Rendering Summary SiYuan's Bazaar community marketplace renders package README content without HTML sanitization. The backend renderREADME function uses lute.New without calling SetSanitizetrue, allowing raw HTML embedded in Markdown to pass through...

9CVSS6.2AI score0.00584EPSS
Exploits1References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/18 12:0 a.m.9 views

PT-2026-26188

Name of the Vulnerable Software and Affected Versions SiYuan versions 3.6.0 and earlier SiYuan versions 3.5.9 and earlier Description SiYuan is a personal knowledge management system. The backend 'renderREADME' function uses 'lute.New' without calling 'SetSanitizetrue', allowing raw HTML embedded...

9CVSS6.7AI score0.00584EPSS
Exploits1References156
OSV
OSV
added 2026/03/16 8:43 p.m.8 views

GHSA-V3MG-9V85-FCM7 SiYuan Vulnerable to Remote Code Execution via Malicious Bazaar Package — Marketplace XSS

Remote Code Execution via Malicious Bazaar Package — Marketplace XSS Summary SiYuan's Bazaar community marketplace renders plugin/theme/template metadata and README content without sanitization. A malicious package author can achieve RCE on any user who browses the Bazaar by: 1. Package metadata...

5.3CVSS6.6AI score0.00391EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/03/16 8:43 p.m.10 views

SiYuan Vulnerable to Remote Code Execution via Malicious Bazaar Package — Marketplace XSS

Remote Code Execution via Malicious Bazaar Package — Marketplace XSS Summary SiYuan's Bazaar community marketplace renders plugin/theme/template metadata and README content without sanitization. A malicious package author can achieve RCE on any user who browses the Bazaar by: 1. Package metadata...

6.6AI score
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/14 12:0 a.m.9 views

PT-2026-33376

Name of the Vulnerable Software and Affected Versions SiYuan versions 3.6.1 through 3.6.3 Description An issue exists in the bazaar README rendering where the Lute HTML sanitizer fails to block iframe tags and does not effectively filter srcdoc attributes containing raw HTML. A malicious bazaar...

5.5CVSS6.5AI score0.00261EPSS
Exploits1References11
OSV
OSV
added 2026/02/15 3:24 p.m.3 views

MAL-2026-907 Malicious code in tronpad (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 6002c93fa065aaf9656b42830fd923134eb1d298d2c07b0d61865395577771c9 Package appears to be designed for private key exfiltration, but no known usage. The name appears to be related to the cryptocurrency TRX Tron / Tronix. Some...

5.5AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/02/13 5:22 p.m.8 views

Malicious code in troncloud (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 8c123c7a348b5856fcedbadf1312d14b224c100c7138bfeeb3eff610fbf9dc12 Package appears to be designed for private key exfiltration, but no known usage. The name appears to be related to the cryptocurrency TRX Tron / Tronix. Some...

5.5AI score
Exploits0References2
SUSE Linux
SUSE Linux
added 2026/02/13 2:32 p.m.6 views

Security update for cargo-auditable

This update for cargo-auditable fixes the following issues: Update to version 0.7.20. Security issues fixed: CVE-2026-25727: parsing of user-provided input by the RFC 2822 date parser can lead to stack exhaustion bsc1257906. Other updates and bugfixes: Update to version 0.7.20: mention cargo-dist...

8.7CVSS5.8AI score0.00291EPSS
Exploits0References4
OSV
OSV
added 2026/01/28 4:1 p.m.3 views

SUSE-SU-2026:20173-1 Security update for ucode-amd

This update for ucode-amd fixes the following issues: Changes in ucode-amd: - Update to version 20251203 git commit a0f0e52138e5: linux-firmware: Update amd-ucode copyright information linux-firmware: Update AMD cpu microcode - Update to version 20251113 git commit fb0dbcd30118: linux-firmware:...

5.8AI score
Exploits0References1
OSV
OSV
added 2026/01/28 4:1 p.m.3 views

SUSE-SU-2026:20203-1 Security update for ucode-amd

This update for ucode-amd fixes the following issues: Changes in ucode-amd: - Update to version 20251203 git commit a0f0e52138e5: linux-firmware: Update amd-ucode copyright information linux-firmware: Update AMD cpu microcode - Update to version 20251113 git commit fb0dbcd30118: linux-firmware:...

5.8AI score
Exploits0References1
NVD
NVD
added 2026/01/18 11:15 p.m.8 views

CVE-2026-23525

1Panel is an open-source, web-based control panel for Linux server management. A stored Cross-Site Scripting XSS vulnerability exists in the 1Panel App Store when viewing application details. Malicious scripts can execute in the context of the user’s browser, potentially compromising session data...

8.4CVSS0.00306EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/01/18 10:10 p.m.21 views

CVE-2026-23525 1panel App Store vulnerable to Cross-site Scripting

1Panel is an open-source, web-based control panel for Linux server management. A stored Cross-Site Scripting XSS vulnerability exists in the 1Panel App Store when viewing application details. Malicious scripts can execute in the context of the user’s browser, potentially compromising session data...

6.4CVSS0.00306EPSS
Exploits0References1
CVE
CVE
added 2026/01/18 10:10 p.m.28 views

CVE-2026-23525

CVE-2026-23525 affects 1Panel, a web-based Linux server management panel. The stored XSS vulnerability originates from insufficient sanitization in the MdEditor component (previewOnly) used to render App Store and related content, allowing malicious scripts to run in the user’s browser and potent...

8.4CVSS5.6AI score0.00306EPSS
Exploits0References1Affected Software1
GithubExploit
GithubExploit
added 2026/01/15 5:23 p.m.345 views

Exploit for CVE-2026-23550

CYBERDUDEBIVASH Modular DS CVE-2026-23550 Detector Overvie...

10CVSS7AI score0.20631EPSS
Exploits8
RedhatCVE
RedhatCVE
added 2026/01/09 8:49 a.m.12 views

CVE-2025-23643

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in a.ankit ReadMe Creator readme-creator allows Reflected XSS.This issue affects ReadMe Creator: from n/a through = 1.0...

7.1CVSS7.2AI score0.00357EPSS
Exploits0References1
Fedora
Fedora
added 2025/12/25 1:8 a.m.11 views

[SECURITY] Fedora 42 Update: retroarch-1.22.0-1.fc42

libretro is an API that exposes generic audio/video/input callbacks. A fronte nd for libretro such as RetroArch handles video output, audio output, input and application lifecycle. A libretro core written in portable C or C++ can run seamlessly on many platforms with very little to no porting...

7.8CVSS6.9AI score0.27357EPSS
Exploits15
Tenable Nessus
Tenable Nessus
added 2025/12/24 12:0 a.m.4 views

openSUSE 16 Security Update : mariadb (openSUSE-SU-2025:20175-1)

The remote openSUSE 16 host has packages installed that are affected by a vulnerability as referenced in the openSUSE- SU-2025:20175-1 advisory. - Update to 11.8.5: CVE-2025-13699: Fixed Directory Traversal Remote Code Execution Vulnerability bsc1254313 Other fixes: - Add %license tags to license...

7CVSS7.1AI score0.00414EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2025/12/23 12:0 a.m.13 views

SUSE SLES15: libmariadbd-devel / libmariadbd19 / mariadb / mariadb-bench / etc (SUSE-SU-2025:4502-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2025:4502-1 advisory. - CVE-2025-13699: Fixed MariaDB mariadb-dump utility vulnerable to Path Traversal and Remote Code Execution bsc1254313 Other...

7CVSS7.2AI score0.00414EPSS
Exploits0References5
OSV
OSV
added 2025/12/22 11:44 a.m.4 views

OPENSUSE-SU-2025:20175-1 Security update for mariadb

This update for mariadb fixes the following issues: - Update to 11.8.5: CVE-2025-13699: Fixed Directory Traversal Remote Code Execution Vulnerability bsc1254313 Other fixes: - Add %license tags to license files bsc1252162 - Add INSTALLDOCREADMEDIR cmake flag to install readme and license files -...

7CVSS5.8AI score0.00414EPSS
Exploits0References5
Rows per page
Query Builder