Lucene search
K

13 matches found

Nuclei
Nuclei
added 19 hours ago11 views

SiYuan <= v3.6.1 - Bookmark Data Disclosure

SiYuan v3.6.2 contains an information disclosure vulnerability caused by improper authorization checks in the publish service's bookmark filtering, letting unauthenticated visitors access bookmarked blocks from password-protected documents, exploit requires access to the publish service. id:...

7.5CVSS5.9AI score0.01227EPSS
Exploits1References2
CVE
CVE
added 2026/03/20 12:13 a.m.265 views

CVE-2026-32767

SiYuan (personal knowledge management) versions 3.6.0 and earlier are affected by an authorization bypass in the /api/search/fullTextSearchBlock endpoint. When the method parameter is 2, user input is passed directly as a raw SQL statement to the SQLite database without authorization or read‑only...

9.8CVSS6.1AI score0.00541EPSS
Exploits1References4Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/19 9:39 p.m.2 views

CVE-2026-32815 SiYuan: Cross-Origin WebSocket Hijacking via Authentication Bypass — Unauthenticated Information Disclosure

SiYuan is a personal knowledge management system. In versions 3.6.0 and below, the WebSocket endpoint /ws allows unauthenticated connections when specific URL parameters are provided ?app=siyuan&id=auth&type=auth. This bypass, intended for the login page to keep the kernel alive, allows any...

5.3CVSS5.8AI score0.00361EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-51983

Malicious code in bioql PyPI...

9.8CVSS6.6AI score0.00495EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-27638

Malicious code in bioql PyPI...

9.6CVSS6.6AI score0.0073EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2024-51985

Malicious code in bioql PyPI...

9.8CVSS6.6AI score0.00551EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2024/12/11 10:53 p.m.13 views

CVE-2024-55659 SiYuan has an arbitrary file write in the host via /api/asset/upload

SiYuan is a personal knowledge management system. Prior to version 3.1.16, the /api/asset/upload endpoint in Siyuan is vulnerable to both arbitrary file write to the host and stored cross-site scripting via the file write. Version 3.1.16 contains a patch for the issue...

8.7CVSS6.2AI score0.00362EPSS
Exploits0References2
OSV
OSV
added 2024/11/29 8:15 p.m.7 views

CVE-2024-53507

A SQL injection vulnerability was discovered in Siyuan 3.1.11 in /getHistoryItems...

9.8CVSS7.9AI score
Exploits0References2
OSV
OSV
added 2024/11/29 8:15 p.m.7 views

CVE-2024-53505

A SQL injection vulnerability has been identified in Siyuan 3.1.11 via the id parameter at /getAssetContent...

9.8CVSS8AI score
Exploits0References2
NVD
NVD
added 2024/04/04 2:15 a.m.16 views

CVE-2024-2692

SiYuan version 3.0.3 allows executing arbitrary commands on the server. This is possible because the application is vulnerable to Server Side XSS...

9CVSS9.5AI score0.0073EPSS
Exploits1References2
OSV
OSV
added 2024/04/04 2:15 a.m.6 views

CVE-2024-2692

SiYuan version 3.0.3 allows executing arbitrary commands on the server. This is possible because the application is vulnerable to Server Side XSS...

9CVSS9.2AI score
Exploits0References2
CVE
CVE
added 2024/04/04 1:26 a.m.64 views

CVE-2024-2692

CVE-2024-2692 affects SiYuan version 3.0.3, with a Server-Side XSS weakness that allows an attacker to execute arbitrary commands on the server. The vulnerability is described across multiple sources as enabling remote command execution due to improper handling of input leading to server-side cod...

9CVSS9.3AI score0.0073EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2024/04/04 12:0 a.m.4 views

PT-2024-21583 · Siyuan · Siyuan

Name of the Vulnerable Software and Affected Versions: SiYuan version 3.0.3 Description: The issue allows executing arbitrary commands on the server due to the application being vulnerable to Server Side XSS. Recommendations: For SiYuan version 3.0.3, update to a version that fixes the Server Sid...

9CVSS6.4AI score0.0073EPSS
Exploits1References8
Rows per page
Query Builder