Vulnerabilities in siyuan-note
67 resultsCVE-2026-32815MEDIUMSiYuan: Cross-Origin WebSocket Hijacking via Authentication Bypass — Unauthenticated Information DisclosureEPSS 0.4%CVE-2026-34585HIGHSiYuan: Stored XSS in imported .sy.zip content leads to arbitrary command executionEPSS 0.3%CVE-2026-55570CRITICALSiYuan: Stored XSS results to Electron RCE in SiYuan marketplace via unescaped `data-obj` attribute (Bypass for CVE-2026-45375's patch)EPSS 0.3%CVE-2026-29073MEDIUMSiYuan: Direct SQL Query API accessible to Reader-level users enables unauthorized database accessEPSS 0.3%CVE-2026-41894HIGHSiYuan: Incomplete Fix Bypass for CVE-2026-30869: Path Traversal via Double URL Encoding in `/export/` EndpointEPSS 0.3%CVE-2026-30926HIGHSiYuan Note publish service authorization bypass allows low-privilege users to modify notebook contentEPSS 0.3%CVE-2026-54067CRITICALSiYuan: Stored XSS to RCE via CSS-snippet <style> breakout in renderSnippet()EPSS 0.3%CVE-2026-44586HIGHSiYuan: Bazaar marketplace renders unescaped package author metadata, allowing XSS and Electron code executionEPSS 0.3%CVE-2026-40107HIGHSiYuan Affected by Zero-Click NTLM Hash Theft and Blind SSRF via Mermaid Diagram RenderingEPSS 0.3%CVE-2026-40322CRITICALSiYuan: Mermaid `javascript:` Link Injection Leads to Stored XSS and Electron RCEEPSS 0.3%CVE-2026-32940CRITICALSiYuan has a SanitizeSVG bypass via data:text/xml in getDynamicIcon (incomplete fix for CVE-2026-29183)EPSS 0.3%CVE-2026-54158CRITICALSiYuan: Stored XSS to RCE via attribute-view cell rendering in genAVValueHTML()EPSS 0.3%CVE-2026-40318HIGHSiYuan: Publish Reader Path Traversal Delete via `removeUnusedAttributeView`EPSS 0.3%CVE-2026-32110HIGHSiYuan has a Full-Read SSRF via /api/network/forwardProxyEPSS 0.3%CVE-2026-23847LOWSiYuan Vulnerable to Reflected Cross-Site Scripting (XSS) via /api/icon/getDynamicIconEPSS 0.3%CVE-2026-54759HIGHSiYuan: Lute HTML sanitizer allows `<iframe>` tags in Bazaar package README, leading to arbitrary command execution via SiYuan Electron clientEPSS 0.3%CVE-2026-40922MEDIUMSiYuan: Incomplete sanitization of bazaar README allows stored XSS via iframe srcdoc (incomplete fix for CVE-2026-33066)EPSS 0.3%CVE-2026-23645MEDIUMSiYuan Vulnerable to Stored Cross-Site Scripting (XSS) via Unrestricted SVG File UploadEPSS 0.3%CVE-2026-32704MEDIUMSiYuan renderSprig: missing admin check allows any user to read full workspace DBEPSS 0.2%CVE-2026-54068MEDIUMSiYuan: Unauthenticated SQLite Data Exfiltration via Template Injection in /api/icon/getDynamicIconEPSS 0.2%