Lucene search

K
B3logSiyuan

7 matches found

CVE
CVE
added 2025/01/03 5:15 p.m.93 views

CVE-2025-21609

SiYuan is self-hosted, open source personal knowledge management software. SiYuan Note version 3.1.18 has an arbitrary file deletion vulnerability. The vulnerability exists in the POST /api/history/getDocHistoryContent endpoint. An attacker can craft a payload to exploit this vulnerability, resulti...

9.1CVSS6.5AI score0.00177EPSS
CVE
CVE
added 2024/12/12 2:15 a.m.79 views

CVE-2024-55660

SiYuan is a personal knowledge management system. Prior to version 3.1.16, SiYuan's /api/template/renderSprig endpoint is vulnerable to Server-Side Template Injection (SSTI) through the Sprig template engine. Although the engine has limitations, it allows attackers to access environment variables. ...

9.8CVSS7.2AI score0.00216EPSS
CVE
CVE
added 2024/11/29 8:15 p.m.69 views

CVE-2024-53507

A SQL injection vulnerability was discovered in Siyuan 3.1.11 in /getHistoryItems.

9.8CVSS8AI score0.00068EPSS
CVE
CVE
added 2024/11/29 8:15 p.m.64 views

CVE-2024-53506

A SQL injection vulnerability has been identified in Siyuan 3.1.11 via the ids array parameter in /batchGetBlockAttrs.

9.8CVSS8AI score0.00214EPSS
CVE
CVE
added 2024/11/29 8:15 p.m.60 views

CVE-2024-53504

A SQL injection vulnerability has been identified in Siyuan 3.1.11 via the notebook parameter in /searchHistory.

9.8CVSS8AI score0.00053EPSS
CVE
CVE
added 2024/11/29 8:15 p.m.53 views

CVE-2024-53505

A SQL injection vulnerability has been identified in Siyuan 3.1.11 via the id parameter at /getAssetContent.

9.8CVSS8AI score0.00104EPSS
CVE
CVE
added 2024/04/04 2:15 a.m.46 views

CVE-2024-2692

SiYuan version 3.0.3 allows executing arbitrary commands on the server. This is possible because the application is vulnerable to Server Side XSS.

9CVSS9.3AI score0.00167EPSS