Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

5 matches found

Cvelist
Cvelistadded 2026/01/19 8:0 p.m.11 views

CVE-2026-23852 SiYuan vulnerable to Stored XSS / RCE via `setBlockAttrs` icon attribute

SiYuan is a personal knowledge management system. Versions prior to 3.5.4 have a stored Cross-Site Scripting XSS vulnerability that allows an attacker to inject arbitrary HTML attributes into the icon attribute of a block via the /api/attr/setBlockAttrs API. The payload is later rendered in the...

6.5CVSS0.00272EPSS
Exploits1References2
CVE
CVEadded 2026/01/19 8:0 p.m.7 views

CVE-2026-23852

SiYuan up to version 3.5.4 is vulnerable to a stored XSS via the icon attribute in blocks created through the /api/attr/setBlockAttrs API. The payload is rendered unsanitized within the dynamic icon feature, enabling stored XSS and, on desktop, potential RCE. The issue bypassed a prior fix for is...

9.6CVSS6.6AI score0.00272EPSS
Exploits1References2Affected Software1
ATTACKERKB
ATTACKERKBadded 2026/01/19 8:0 p.m.1 views

CVE-2026-23852

SiYuan is a personal knowledge management system. Versions prior to 3.5.4 have a stored Cross-Site Scripting XSS vulnerability that allows an attacker to inject arbitrary HTML attributes into the icon attribute of a block via the /api/attr/setBlockAttrs API. The payload is later rendered in the...

9.6CVSS6.5AI score0.00272EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichmentadded 2026/01/19 8:0 p.m.1 views

CVE-2026-23852 SiYuan vulnerable to Stored XSS / RCE via `setBlockAttrs` icon attribute

SiYuan is a personal knowledge management system. Versions prior to 3.5.4 have a stored Cross-Site Scripting XSS vulnerability that allows an attacker to inject arbitrary HTML attributes into the icon attribute of a block via the /api/attr/setBlockAttrs API. The payload is later rendered in the...

6.5CVSS6.6AI score0.00272EPSS
Exploits1References2
CNNVD
CNNVDadded 2026/01/19 12:0 a.m.0 views

SiYuan code injection vulnerability

SiYuan is a privacy-oriented personal knowledge management system developed by SiYuan. Versions of SiYuan prior to 3.5.4 contained a code injection vulnerability. This vulnerability stemmed from the/api/attr/setBlockAttrs API, which allowed attackers to inject arbitrary HTML attributes into the...

9.6CVSS6.1AI score0.00272EPSS
Exploits1References3
Rows per page
Query Builder