50 matches found
SiYuan Note - Cross-Site Scripting
Unauthenticated reflected cross-site scripting XSS vulnerability in all versions of SiYuan Note containing /api/icon/getDynamicIcon with unsafe type=8 rendering logic. Attacker-controlled content is inserted directly into SVG output without proper sanitization. An attacker can execute arbitrary...
SiYuan Note <= 3.6.5 - Authentication Bypass
SiYuan Note 3.6.5 and prior is vulnerable to authentication bypass. The CheckAuth middleware unconditionally trusted all chrome-extension:// origins, granting RoleAdministrator access without token validation to any request with a spoofed Origin header. Fixed in v3.7.0. id: CVE-2026-54069 info:...
CVE-2026-54068
creationtimestamp| type| source ---|---|--- 2026-07-10 20:35:17+00:00| published-proof-of-concept| https://github.com/siyuan-note/siyuan/security/advisories/GHSA-gcm7-57gf-953c 2026-07-11 04:41:43+00:00| seen| https://gist.github.com/alon710/5b22d6c437eabc82b89ba6fa8ccee27d...
CVE-2026-54069
SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, SiYuan Note's kernel HTTP server unconditionally trusts all chrome-extension:// origins, granting RoleAdministrator access to every installed browser extension without any authentication. Combined with the default empt...
CVE-2026-54069 SiYuan: Unauthenticated Admin API Access via Blanket chrome-extension:// Origin Allowlist
SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, SiYuan Note's kernel HTTP server unconditionally trusts all chrome-extension:// origins, granting RoleAdministrator access to every installed browser extension without any authentication. Combined with the default empt...
PT-2026-50413
Name of the Vulnerable Software and Affected Versions SiYuan versions prior to 3.7.0 Description The kernel HTTP server unconditionally trusts all chrome-extension:// origins, granting RoleAdministrator access to every installed browser extension without authentication. When combined with the...
GO-2026-4993 SiYuan: Electron Renderer RCE via decodeURIComponent-driven tooltip XSS in aria-label sink (incomplete fix for CVE-2026-34585) in github.com/siyuan-note/siyuan/kernel
SiYuan: Electron Renderer RCE via decodeURIComponent-driven tooltip XSS in aria-label sink incomplete fix for CVE-2026-34585 in github.com/siyuan-note/siyuan/kernel...
CVE-2026-45148
creationtimestamp| type| source ---|---|--- 2026-05-08 03:05:45+00:00| published-proof-of-concept| https://github.com/siyuan-note/siyuan/security/advisories/GHSA-fmh9-gpqh-g53g...
CVE-2026-45147
creationtimestamp| type| source ---|---|--- 2026-05-08 02:49:57+00:00| published-proof-of-concept| https://github.com/siyuan-note/siyuan/security/advisories/GHSA-6r88-8v7q-q4p2...
CVE-2026-44670
creationtimestamp| type| source ---|---|--- 2026-05-04 07:03:18+00:00| published-proof-of-concept| https://github.com/siyuan-note/siyuan/security/advisories/GHSA-2h64-c999-c9r6...
CVE-2026-41894
creationtimestamp| type| source ---|---|--- 2026-04-19 09:48:52+00:00| published-proof-of-concept| https://github.com/siyuan-note/siyuan/security/advisories/GHSA-hjh7-r5w8-5872 2026-06-24 23:00:38+00:00| seen| https://bsky.app/profile/euvd-bot.bsky.social/post/3mp2zg2oftg2u...
Permissive Cross-domain Policy with Untrusted Domains
Overview Affected versions of this package are vulnerable to Permissive Cross-domain Policy with Untrusted Domains through the permissive CORS policy in the serve.go middleware and the snippet injection process. An attacker can execute arbitrary code and exfiltrate sensitive data by enticing a us...
SiYuan: Authorization Bypass Allows Arbitrary SQL Execution via Search API
Summary SiYuan Note v3.6.0 and likely prior versions contains an authorization bypass vulnerability in the /api/search/fullTextSearchBlock endpoint. When the method parameter is set to 2, the endpoint passes user-supplied input directly as a raw SQL statement to the underlying SQLite database...
CVE-2026-32751
creationtimestamp| type| source ---|---|--- 2026-03-14 04:26:17+00:00| published-proof-of-concept| https://github.com/siyuan-note/siyuan/security/advisories/GHSA-qr46-rcv3-4hq3...
CVE-2026-32750
creationtimestamp| type| source ---|---|--- 2026-03-14 04:13:11+00:00| published-proof-of-concept| https://github.com/siyuan-note/siyuan/security/advisories/GHSA-rjhh-m223-9qqv...
CVE-2026-32747
creationtimestamp| type| source ---|---|--- 2026-03-14 03:14:30+00:00| published-proof-of-concept| https://github.com/siyuan-note/siyuan/security/advisories/GHSA-h5vh-m7fg-w5h6...
CVE-2026-32110
creationtimestamp| type| source ---|---|--- 2026-03-11 01:11:29+00:00| published-proof-of-concept| https://github.com/siyuan-note/siyuan/security/advisories/GHSA-56cv-c5p2-j2wg...
CVE-2026-30926 SiYuan Note publish service authorization bypass allows low-privilege users to modify notebook content
SiYuan is a personal knowledge management system. Prior to 3.5.10, a privilege escalation vulnerability exists in the publish service of SiYuan Note that allows low-privilege publish accounts RoleReader to modify notebook content via the /api/block/appendHeadingChildren API endpoint. The endpoint...
CVE-2026-30926 SiYuan Note publish service authorization bypass allows low-privilege users to modify notebook content
SiYuan is a personal knowledge management system. Prior to 3.5.10, a privilege escalation vulnerability exists in the publish service of SiYuan Note that allows low-privilege publish accounts RoleReader to modify notebook content via the /api/block/appendHeadingChildren API endpoint. The endpoint...
CVE-2026-30926 SiYuan Note publish service authorization bypass allows low-privilege users to modify notebook content
SiYuan is a personal knowledge management system. Prior to 3.5.10, a privilege escalation vulnerability exists in the publish service of SiYuan Note that allows low-privilege publish accounts RoleReader to modify notebook content via the /api/block/appendHeadingChildren API endpoint. The endpoint...