Lucene search
K

4 matches found

Vulnrichment
Vulnrichment
added 2026/03/20 12:13 a.m.3 views

CVE-2026-32767 SiYuan: Authorization Bypass Allows Arbitrary SQL Execution via Search API

SiYuan is a personal knowledge management system. Versions 3.6.0 and below contain an authorization bypass vulnerability in the /api/search/fullTextSearchBlock endpoint. When the method parameter is set to 2, the endpoint passes user-supplied input directly as a raw SQL statement to the underlyin...

9.8CVSS6.1AI score0.00541EPSS
Exploits1References4
CVE
CVE
added 2026/03/19 9:15 p.m.18 views

CVE-2026-32750

CVE-2026-32750 (SiYuan) affects SiYuan versions 3.6.0 and earlier. The vulnerability occurs in POST /api/import/importStdMd, where the localPath parameter is passed directly to model.ImportFromLocalPath without path validation. The function recursively reads every file under the provided path and...

6.8CVSS5.8AI score0.00431EPSS
Exploits1References3Affected Software1
NVD
NVD
added 2023/11/02 3:15 p.m.30 views

CVE-2023-46725

FoodCoopShop is open source software for food coops and local shops. Versions starting with 3.2.0 prior to 3.6.1 are vulnerable to server-side request forgery. In the Network module, a manufacturer account can use the /api/updateProducts.json endpoint to make the server send a request to an...

8.1CVSS8AI score0.00452EPSS
Exploits0References4
Prion
Prion
added 2023/11/02 3:15 p.m.18 views

Server side request forgery (ssrf)

FoodCoopShop is open source software for food coops and local shops. Versions starting with 3.2.0 prior to 3.6.1 are vulnerable to server-side request forgery. In the Network module, a manufacturer account can use the /api/updateProducts.json endpoint to make the server send a request to an...

4.6CVSS7.4AI score0.00452EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder