Lucene search
K

65 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:12 p.m.6 views

CVE-2026-39846

SiYuan is a personal knowledge management system. Prior to 3.6.4, a malicious note synced to another user can trigger remote code execution in the SiYuan Electron desktop client. The root cause is that table caption content is stored without safe escaping and later unescaped into rendered HTML,...

9CVSS6.3AI score0.00538EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/05/28 5:17 p.m.31 views

CVE-2026-45787 electerm's encrypt method not safe enough

electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. Prior to 3.9.5, deterministic AES-192-CBC with a fixed zero IV, constant KDF salt, and no MAC leads to confidentiality and integrity failures for synced bookmark/profile data. Attackers can crack common...

6CVSS0.00105EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/27 3:33 p.m.9 views

EUVD-2026-32237

In the Linux kernel, the following vulnerability has been resolved: md/raid5: fix IO hang with degraded array with llbitmap When llbitmap bit state is still unwritten, any new write should force rcw, as bitmapops-blockssynced is checked in handlestripedirtying. However, later the same check is...

5.8AI score0.00121EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/27 12:18 p.m.42 views

CVE-2026-45953 md/raid5: fix IO hang with degraded array with llbitmap

In the Linux kernel, the following vulnerability has been resolved: md/raid5: fix IO hang with degraded array with llbitmap When llbitmap bit state is still unwritten, any new write should force rcw, as bitmapops-blockssynced is checked in handlestripedirtying. However, later the same check is...

0.00121EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/14 12:0 a.m.13 views

PT-2026-41204

Name of the Vulnerable Software and Affected Versions electerm versions prior to 3.9.5 Description Insecure sync encryption occurs due to the use of deterministic AES-192-CBC with a fixed zero IV Initialization Vector, a constant KDF Key Derivation Function salt, and the absence of a MAC Message...

9.1CVSS5.8AI score0.00105EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2026/04/11 1:22 a.m.5 views

CVE-2026-39901

monetr is a budgeting application focused on planning for recurring expenses. Prior to 1.12.3, a transaction integrity flaw allows an authenticated tenant user to soft-delete synced non-manual transactions through the transaction update endpoint, despite the application explicitly blocking deleti...

5.7CVSS5.8AI score0.00292EPSS
Exploits0References1
NVD
NVD
added 2026/04/08 10:16 p.m.4 views

CVE-2026-39901

monetr is a budgeting application focused on planning for recurring expenses. Prior to 1.12.3, a transaction integrity flaw allows an authenticated tenant user to soft-delete synced non-manual transactions through the transaction update endpoint, despite the application explicitly blocking deleti...

5.7CVSS0.00292EPSS
Exploits0References1
CVE
CVE
added 2026/04/08 9:2 p.m.8 views

CVE-2026-39901

Summary: CVE-2026-39901 affects the monetr budgeting app. Before version 1.12.3, an authenticated tenant user can use the transaction update (PUT) endpoint to soft-delete synced non-manual transactions, bypassing the intended protection that blocks deletion via the normal DELETE path. This is a s...

5.7CVSS5.9AI score0.00292EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/08 9:2 p.m.2 views

CVE-2026-39901 monetr: Protected Transactions Deletable via PUT

monetr is a budgeting application focused on planning for recurring expenses. Prior to 1.12.3, a transaction integrity flaw allows an authenticated tenant user to soft-delete synced non-manual transactions through the transaction update endpoint, despite the application explicitly blocking deleti...

5.7CVSS5.8AI score0.00292EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/08 9:2 p.m.17 views

CVE-2026-39901 monetr: Protected Transactions Deletable via PUT

monetr is a budgeting application focused on planning for recurring expenses. Prior to 1.12.3, a transaction integrity flaw allows an authenticated tenant user to soft-delete synced non-manual transactions through the transaction update endpoint, despite the application explicitly blocking deleti...

5.7CVSS0.00292EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/04/08 7:23 p.m.6 views

monetr: Protected Transactions Deletable via PUT

Summary A transaction integrity flaw allows an authenticated tenant user to soft-delete synced non-manual transactions through the transaction update endpoint, despite the application explicitly blocking deletion of those transactions via the normal DELETE path. This bypass undermines the intende...

5.7CVSS6AI score0.00292EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/04/08 7:23 p.m.2 views

GHSA-HQXQ-HWQF-WG83 monetr: Protected Transactions Deletable via PUT

Summary A transaction integrity flaw allows an authenticated tenant user to soft-delete synced non-manual transactions through the transaction update endpoint, despite the application explicitly blocking deletion of those transactions via the normal DELETE path. This bypass undermines the intende...

5.7CVSS5.8AI score0.00292EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/04/08 3:3 p.m.6 views

SiYuan: Remote Code Execution in the Electron desktop client via stored XSS in synced table captions

Summary A malicious note synced to another user can trigger remote code execution in the SiYuan Electron desktop client. The root cause is that table caption content is stored without safe escaping and later unescaped into rendered HTML, creating a stored XSS sink. Because the desktop renderer ru...

9CVSS6.5AI score0.00538EPSS
Exploits1References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/08 12:0 a.m.6 views

PT-2026-31460

Name of the Vulnerable Software and Affected Versions monetr versions prior to 1.12.3 Description A transaction integrity flaw allows an authenticated tenant user to soft-delete synced non-manual transactions through the transaction update endpoint, despite the application explicitly blocking...

5.7CVSS5.8AI score0.00292EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/04/07 9:34 p.m.16 views

CVE-2026-39846 SiYuan affected by Remote Code Execution in the Electron desktop client via stored XSS in synced table captions

SiYuan is a personal knowledge management system. Prior to 3.6.4, a malicious note synced to another user can trigger remote code execution in the SiYuan Electron desktop client. The root cause is that table caption content is stored without safe escaping and later unescaped into rendered HTML,...

9CVSS0.00538EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/04/07 9:34 p.m.2 views

CVE-2026-39846 SiYuan affected by Remote Code Execution in the Electron desktop client via stored XSS in synced table captions

SiYuan is a personal knowledge management system. Prior to 3.6.4, a malicious note synced to another user can trigger remote code execution in the SiYuan Electron desktop client. The root cause is that table caption content is stored without safe escaping and later unescaped into rendered HTML,...

9CVSS6.5AI score0.00538EPSS
Exploits1References1
CVE
CVE
added 2026/04/07 9:34 p.m.12 views

CVE-2026-39846

CVE-2026-39846 – SiYuan Electron desktop client is affected prior to 3.6.4. A crafted note with table caption content that is stored without safe escaping can be unescaped in rendered HTML, creating a stored XSS sink. Since the desktop renderer runs with nodeIntegration enabled and contextIsolati...

9CVSS6.5AI score0.00538EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/07 12:0 a.m.4 views

PT-2026-31031

Name of the Vulnerable Software and Affected Versions SiYuan versions prior to 3.6.4 Description SiYuan is susceptible to remote code execution RCE via a stored cross-site scripting XSS vulnerability in table captions. The issue arises because table caption content is stored without proper escapi...

9CVSS6.5AI score0.00538EPSS
Exploits1References11
Cvelist
Cvelist
added 2026/03/26 6:55 p.m.24 views

CVE-2026-28503 Tandoor Recipes has Cross-Space IDOR in SyncViewSet.query_synced_folder: missing space scoping on get_object_or_404

Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. In versions prior to 2.6.0, the SyncViewSet.querysyncedfolder action in cookbook/views/api.py line 903 fetches a Sync object using getobjector404Sync, pk=pk without including space=request.space i...

6.9CVSS0.00303EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/03/26 12:0 a.m.8 views

PT-2026-28380

Name of the Vulnerable Software and Affected Versions Tandoor Recipes versions prior to 2.6.0 Description Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. In versions prior to 2.6.0, the SyncViewSet.query synced folder action in...

6.9CVSS5.9AI score0.00303EPSS
Exploits0References4
Rows per page
Query Builder