3 matches found
CVE-2026-59833
SiYuan (open-source PIM) prior to 3.7.1 uses Lute with sanitization, but the per-attribute URL-scheme sanitizer fails to check form action and SVG xlink:href attributes. This allows stored XSS in document export-preview and Bazaar package README rendering paths, with potential to execute OS comma...
WordPress Scheduled & Automatic Order Status Controller for WooCommerce plugin <= 3.7.1 - Open Redirection Vulnerability
Open Redirection Vulnerability discovered by Le Ngoc Anh in WordPress Plugin Scheduled & Automatic Order Status Controller for WooCommerce versions = 3.7.1...
SUSE CVE-2018-12035
In YARA 3.7.1 and prior, parsing a specially crafted compiled rule file can cause an out of bounds write vulnerability in yrexecutecode in libyara/exec.c...