b3log

Top products

The 15 most recently published vulnerabilities affecting b3log.

• CVE-2026-40922SiYuan: Incomplete sanitization of bazaar README allows stored XSS via iframe srcdoc (incomplete fix for CVE-2026-33066)5.4Apr 16, 2026
• CVE-2026-40322SiYuan: Mermaid `javascript:` Link Injection Leads to Stored XSS and Electron RCE9.0Apr 16, 2026
• CVE-2026-40318SiYuan: Publish Reader Path Traversal Delete via `removeUnusedAttributeView`8.5Apr 16, 2026
• CVE-2026-40259SiYuan: Publish Reader Can Arbitrarily Delete Attribute View Files via removeUnusedAttributeView API8.1Apr 16, 2026
• CVE-2026-40107SiYuan Affected by Zero-Click NTLM Hash Theft and Blind SSRF via Mermaid Diagram Rendering6.5Apr 9, 2026
• CVE-2026-39846SiYuan affected by Remote Code Execution in the Electron desktop client via stored XSS in synced table captions9.0Apr 7, 2026
• CVE-2026-34605SiYuan: Reflected XSS via SVG namespace prefix bypass in SanitizeSVG ( getDynamicIcon, unauthenticated )6.1Mar 31, 2026
• CVE-2026-34585SiYuan: Stored XSS in imported .sy.zip content leads to arbitrary command execution8.6Mar 31, 2026
• CVE-2026-34449SiYuan: Cross-Origin RCE via Permissive CORS Policy and JavaScript Snippet Injection9.6Mar 31, 2026
• CVE-2026-34448SiYuan: Stored XSS in Attribute View gallery/kanban cover rendering allows arbitrary command execution in the desktop client9.0Mar 31, 2026
• CVE-2026-34453SiYuan: Broken access control in /api/bookmark/getBookmark allows unauthenticated publish visitors to read password-protected bookmarked content7.5Mar 31, 2026
• CVE-2026-33670SiYuan has directory traversal within its publishing service9.8Mar 26, 2026
• CVE-2026-33669SiYuan has Arbitrary Document Reading within the Publishing Service9.8Mar 26, 2026
• CVE-2026-33476SiYuan has an Unauthenticated Arbitrary File Read via Path Traversal7.5Mar 20, 2026
• CVE-2026-33203SiYuan has an Unauthenticated WebSocket DoS via Auth Keepalive Bypass7.5Mar 20, 2026