Lucene search
K

5082 matches found

EUVD
EUVD
added 4 days ago6 views

EUVD-2026-39128

SiYuan: Stored XSS to RCE via Unsanitized Attribute View Asset Cell Content...

9.9CVSS6.1AI score0.0044EPSS
Exploits0References2
NVD
NVD
added 5 days ago6 views

CVE-2026-59855

SiYuan is an open-source personal knowledge management system. Prior to 3.7.1, Asset.render in app/src/asset/index.ts interpolates the unsanitized this.path value into HTML assigned to innerHTML, allowing a crafted asset link containing a double quote to break out of the src attribute, inject an...

8.6CVSS0.00305EPSS
Exploits0References3
NVD
NVD
added 5 days ago7 views

CVE-2026-59833

SiYuan is an open-source personal knowledge management system. Prior to 3.7.1, SiYuan renders note and package content to HTML through the Lute engine with sanitization enabled, but Lute's dangerous javascript scheme block does not check form action or SVG xlink:href attributes, allowing stored...

8.6CVSS0.00388EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 5 days ago6 views

CVE-2026-59855

SiYuan is an open-source personal knowledge management system. Prior to 3.7.1, Asset.render in app/src/asset/index.ts interpolates the unsanitized this.path value into HTML assigned to innerHTML, allowing a crafted asset link containing a double quote to break out of the src attribute, inject an...

8.6CVSS6AI score0.00305EPSS
Exploits0References4Affected Software1
CVE
CVE
added 5 days ago10 views

CVE-2026-59855

The CVE affects SiYuan prior to version 3.7.1 where Asset.render (app/src/asset/index.ts) interpolates unsanitized this.path into innerHTML. This allows a crafted asset link containing a double quote to break the src attribute and inject an event handler, enabling JavaScript execution that can ru...

8.6CVSS6AI score0.00305EPSS
Exploits0References3
Cvelist
Cvelist
added 5 days ago36 views

CVE-2026-59855 SiYuan: Store XSS To Rce via Asset.render

SiYuan is an open-source personal knowledge management system. Prior to 3.7.1, Asset.render in app/src/asset/index.ts interpolates the unsanitized this.path value into HTML assigned to innerHTML, allowing a crafted asset link containing a double quote to break out of the src attribute, inject an...

8.6CVSS0.00305EPSS
Exploits0References3
EUVD
EUVD
added 5 days ago8 views

EUVD-2026-42449

Use after free in Core in Google Chrome on Windows prior to 150.0.7871.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

6AI score0.00178EPSS
Exploits0References3
EUVD
EUVD
added 5 days ago11 views

EUVD-2026-42448

Race in GetUserMedia in Google Chrome prior to 150.0.7871.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

6AI score0.00147EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 5 days ago6 views

PT-2026-57012

Name of the Vulnerable Software and Affected Versions SiYuan versions prior to 3.7.1 Description In the Asset.render function within app/src/asset/index.ts, the unsanitized this.path variable is interpolated into HTML assigned to innerHTML. A crafted asset link containing a double quote can break...

8.6CVSS6.2AI score0.00305EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 5 days ago8 views

PT-2026-57008

Name of the Vulnerable Software and Affected Versions SiYuan versions prior to 3.7.1 Description SiYuan uses the Lute engine to render note and package content into HTML. A flaw in the sanitization process occurs because the dangerous javascript scheme block fails to validate the form action and...

8.6CVSS6.1AI score0.00388EPSS
Exploits0References5
NVD
NVD
added 6 days ago7 views

CVE-2026-15119

Race in GetUserMedia in Google Chrome prior to 150.0.7871.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

8.3CVSS0.00147EPSS
Exploits0References2
NVD
NVD
added 6 days ago8 views

CVE-2026-15122

Insufficient validation of untrusted input in Codecs in Google Chrome on Windows prior to 150.0.7871.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

8.3CVSS0.0019EPSS
Exploits0References2
Cvelist
Cvelist
added 6 days ago35 views

CVE-2026-15122

Insufficient validation of untrusted input in Codecs in Google Chrome on Windows prior to 150.0.7871.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

0.0019EPSS
Exploits0References2
CVE
CVE
added 6 days ago13 views

CVE-2026-15122

CVE-2026-15122 affects Google Chrome on Windows prior to 150.0.7871.115, where insufficient validation of untrusted input in Codecs can allow a renderer process–compromised attacker to attempt a sandbox escape via a crafted HTML page. The CVE is referenced in Chrome’s July 2026 stable update (Win...

8.3CVSS6AI score0.0019EPSS
Exploits0References2Affected Software1
Debian CVE
Debian CVE
added 6 days ago5 views

CVE-2026-15122

Insufficient validation of untrusted input in Codecs in Google Chrome on Windows prior to 150.0.7871.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

8.3CVSS6AI score0.0019EPSS
Exploits0
Debian CVE
Debian CVE
added 6 days ago7 views

CVE-2026-15119

Race in GetUserMedia in Google Chrome prior to 150.0.7871.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

8.3CVSS6AI score0.00147EPSS
Exploits0
CVE
CVE
added 6 days ago11 views

CVE-2026-15119

CVE-2026-15119 concerns a race condition in Google Chrome’s GetUserMedia that can enable a sandbox escape when an attacker already compromised the renderer process. The vulnerability is associated with Chrome versions prior to 150.0.7871.115, with the 150.0.7871.115 release addressing the issue. ...

8.3CVSS6AI score0.00147EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 6 days ago35 views

CVE-2026-15119

Race in GetUserMedia in Google Chrome prior to 150.0.7871.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

0.00147EPSS
Exploits0References2
Cvelist
Cvelist
added 6 days ago35 views

CVE-2026-15120

Use after free in Core in Google Chrome on Windows prior to 150.0.7871.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

0.00178EPSS
Exploits0References2
CVE
CVE
added 6 days ago19 views

CVE-2026-15120

CVE-2026-15120 affects Google Chrome on Windows (Core). A use-after-free in Core, triggered by a crafted HTML page after renderer compromise, could enable a sandbox escape. Impact is described as high; patch to Chrome 150.0.7871.115 or later (Windows). Exploitation status is not specified in the ...

8.3CVSS6AI score0.00178EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder