Lucene search
K

17 matches found

Nuclei
Nuclei
added 12 hours ago155 views

SiYuan Note - Cross-Site Scripting

SiYuan Note through version 3.6.1 is vulnerable to unauthenticated reflected Cross-Site Scripting XSS in the /api/icon/getDynamicIcon endpoint due to improper filtering of SVG elements with a namespace prefix such as . By using a namespaced script element, attackers can bypass the SanitizeSVG...

8.6CVSS6.3AI score0.00469EPSS
Exploits1References2
NVD
NVD
added 2026/05/14 7:16 p.m.23 views

CVE-2026-44588

SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, he tooltip mouseover handler in app/src/block/popover.ts reads aria-label via getAttribute and passes it through decodeURIComponent before assigning to messageElement.innerHTML in app/src/dialog/tooltip.ts:41. The...

9.4CVSS0.00509EPSS
Exploits0References1
CVE
CVE
added 2026/03/31 9:50 p.m.25 views

CVE-2026-34605

SiYuan 3.6.0–3.6.1 suffer a bypass of the SanitizeSVG XSS fix on the unauthenticated /api/icon/getDynamicIcon endpoint. The Go HTML5 parser records namespace-prefixed SVG tags as x:script, allowing the tag to bypass the numeric sprite check; when served as image/svg+xml without a CSP, the browser...

8.6CVSS5.7AI score0.00469EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2026/03/31 9:44 p.m.24 views

CVE-2026-34448 SiYuan: Stored XSS in Attribute View gallery/kanban cover rendering allows arbitrary command execution in the desktop client

SiYuan is a personal knowledge management system. Prior to version 3.6.2, an attacker who can place a malicious URL in an Attribute View mAsse field can trigger stored XSS when a victim opens the Gallery or Kanban view with “Cover From - Asset Field” enabled. The vulnerable code accepts arbitrary...

9CVSS0.00489EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/03/31 12:0 a.m.6 views

PT-2026-29377

Name of the Vulnerable Software and Affected Versions SiYuan versions prior to 3.6.2 Description A security flaw exists in SiYuan that allows a malicious website to achieve Remote Code Execution RCE on a desktop system running the application. This is possible due to a permissive CORS policy...

9.6CVSS6.3AI score0.00499EPSS
Exploits1References15
SUSE CVE
SUSE CVE
added 2026/03/28 12:26 a.m.4 views

SUSE CVE-2026-32938

SiYuan is a personal knowledge management system. In versions 3.6.0 and below, the /api/lute/html2BlockDOM on the desktop copies local files pointed to by file:// links in pasted HTML into the workspace assets directory without validating paths against a sensitive-path list. Together with GET...

9.9CVSS5.8AI score0.00414EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2026/03/27 10:51 p.m.5 views

CVE-2026-33670

SiYuan is a personal knowledge management system. Prior to version 3.6.2, the /api/file/readDir interface was used to traverse and retrieve the file names of all documents under a notebook. Version 3.6.2 patches the issue...

9.8CVSS5.8AI score0.0066EPSS
Exploits1References1
OSV
OSV
added 2026/03/26 9:15 p.m.5 views

CVE-2026-33670 SiYuan has directory traversal within its publishing service

SiYuan is a personal knowledge management system. Prior to version 3.6.2, the /api/file/readDir interface was used to traverse and retrieve the file names of all documents under a notebook. Version 3.6.2 patches the issue...

9.8CVSS6.3AI score0.0066EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2026/03/25 12:24 a.m.11 views

SUSE CVE-2026-31807

SiYuan is a personal knowledge management system. Prior to 3.5.10, SiYuan's SVG sanitizer SanitizeSVG blocks dangerous elements , , and removes on event handlers and javascript: in href attributes. However, it does NOT block SVG animation elements , which can dynamically set attributes to dangero...

6.4CVSS5.9AI score0.00445EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2026/03/18 4:9 p.m.6 views

SiYuan has Stored XSS to RCE via Unsanitized Bazaar Package Metadata

Stored XSS to RCE via Unsanitized Bazaar Package Metadata Summary SiYuan's Bazaar community marketplace renders package metadata fields displayName, description using template literals without HTML escaping. A malicious package author can inject arbitrary HTML/JavaScript into these fields, which...

9CVSS6.5AI score0.00549EPSS
Exploits2References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/16 12:0 a.m.8 views

PT-2026-25859

Name of the Vulnerable Software and Affected Versions SiYuan versions 3.6.0 and below Description SiYuan, a personal knowledge management system, contains an authorization bypass that allows authenticated users, including those with the Reader role, to execute arbitrary SQL statements against the...

9.8CVSS6.2AI score0.00541EPSS
Exploits1References12
EUVD
EUVD
added 2026/03/09 9:7 p.m.6 views

EUVD-2026-10394

SiYuan is a personal knowledge management system. Prior to 3.5.10, a privilege escalation vulnerability exists in the publish service of SiYuan Note that allows low-privilege publish accounts RoleReader to modify notebook content via the /api/block/appendHeadingChildren API endpoint. The endpoint...

7.1CVSS5.8AI score0.00311EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/03/06 12:0 a.m.7 views

SiYuan 安全漏洞

SiYuan is a privacy-oriented personal knowledge management system developed by SiYuan. Versions of SiYuan prior to 3.6.0 contained security vulnerabilities. These vulnerabilities stemmed from the /api/query/sql interface, which only checked basic authentication, potentially allowing arbitrary SQL...

8.8CVSS7.4AI score0.00323EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/02/06 7:3 p.m.26 views

CVE-2026-25647 Lute has a Stored Cross-Site Scripting (XSS) via Markdown hyperlink

Lute is a structured Markdown engine supporting Go and JavaScript. Lute 1.7.6 and earlier as used in SiYuan before has a Stored Cross-Site Scripting XSS vulnerability in the Markdown rendering engine. An attacker can inject malicious JavaScript into a Markdown text/note. When another user clicks...

4.6CVSS0.00204EPSS
Exploits1References2
OSV
OSV
added 2026/01/19 8:0 p.m.6 views

CVE-2026-23852 SiYuan vulnerable to Stored XSS / RCE via `setBlockAttrs` icon attribute

SiYuan is a personal knowledge management system. Versions prior to 3.5.4 have a stored Cross-Site Scripting XSS vulnerability that allows an attacker to inject arbitrary HTML attributes into the icon attribute of a block via the /api/attr/setBlockAttrs API. The payload is later rendered in the...

6.5CVSS6.6AI score0.00679EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2026/01/19 7:52 p.m.5 views

CVE-2026-23850

SiYuan is a personal knowledge management system. In versions prior to 3.5.4, the markdown feature allows unrestricted server side html-rendering which allows arbitrary file read LFD. Version 3.5.4 fixes the issue...

8.8CVSS5.5AI score0.00522EPSS
Exploits1References7Affected Software1
RedhatCVE
RedhatCVE
added 2025/12/10 9:16 p.m.5 views

CVE-2025-67488

SiYuan is self-hosted, open source personal knowledge management software. Versions 0.0.0-20251202123337-6ef83b42c7ce and below contain function importZipMd which is vulnerable to ZipSlips, allowing an authenticated user to overwrite files on the system. An authenticated user with access to the...

7.8CVSS7.7AI score0.00374EPSS
Exploits1References1
Rows per page
Query Builder