CVE-2026-40259 SiYuan: Publish Reader Can Arbitrarily Delete Attribute View Files via removeUnusedAttributeView API

SiYuan is an open-source personal knowledge management system. In versions 3.6.3 and below, the /api/av/removeUnusedAttributeView endpoint is protected only by generic authentication that accepts publish-service RoleReader tokens. The handler passes a caller-controlled id directly to a model...

EUVD-2025-31047

Malicious code in bioql PyPI...

CVE-2025-57352

A vulnerability exists in the 'min-document' package prior to version 2.19.0, stemming from improper handling of namespace operations in the removeAttributeNS method. By processing malicious input involving the proto property, an attacker can manipulate the prototype chain of JavaScript objects,...

CVE-2025-57352

A vulnerability exists in the 'min-document' package prior to version 2.19.0, stemming from improper handling of namespace operations in the removeAttributeNS method. By processing malicious input involving the proto property, an attacker can manipulate the prototype chain of JavaScript objects,...

PT-2025-39316

Name of the Vulnerable Software and Affected Versions min-document versions prior to 2.19.0 Description A flaw exists in the 'min-document' package due to improper handling of namespace operations within the removeAttributeNS function. An attacker can exploit this by manipulating the prototype...

Samba 安全漏洞

Samba is a standard Windows interoperability program suite for Linux and Unix. A security vulnerability exists in Samba that stems from the lack of an access check on dnsHostName. An attacker could exploit the vulnerability to remove the attribute...