5.9
CVE-2026-40265 - Note Mark has Broken Access Control on Asset Download
Note Mark is an open-source note-taking application. In versions 0.19.1 and prior, the asset download endpoint at /api/notes/{noteID}/assets/{assetID} is registered without authentication middleware, and the backend query does not verify ownership or book visibility. An unauthenticated user who knoโฆ
3.7
CVE-2026-40263 - Note Mark: Username Enumeration via Login Endpoint Timing Side-Channel
Note Mark is an open-source note-taking application. In versions 0.19.1 and prior, the login endpoint performs bcrypt password verification only when the supplied username exists, returning immediately for nonexistent usernames. This timing discrepancy allows unauthenticated attackers to enumerate โฆ
8.7
CVE-2026-40262 - Note Mark has Stored XSS via Unrestricted Asset Upload
Note Mark is an open-source note-taking application. In versions 0.19.1 and prior, the asset delivery handler serves uploaded files inline and relies on magic-byte detection for content type, which does not identify text-based formats such as HTML, SVG, or XHTML. These files are served with an emptโฆ
8.6
CVE-2026-22734 - Cloud Foundry UAA SAML 2.0 Signature Bypass
Cloud Foundry UUA isย vulnerable to a bypass that allows an attacker to obtain a token for any user and gain access to UAA-protected systems. This vulnerability exists when SAML 2.0 bearer assertions are enabled for a client, as the UAA accepts SAML 2.0 bearer assertions that are neither signed nor โฆ
6.9
CVE-2026-40260 - pypdf: Manipulated XMP metadata entity declarations can exhaust RAM
pypdf is a free and open-source pure-python PDF library. In versions prior to 6.10.0, manipulated XMP metadata entity declarations can exhaust RAM. An attacker who exploits this vulnerability can craft a PDF which leads to large memory usage. This requires parsing the XMP metadata. This issue has bโฆ
5.3
CVE-2026-40922 - SiYuan: Incomplete sanitization of bazaar README allows stored XSS via iframe srcdoc (incomplete fiโฆ
SiYuan is an open-source personal knowledge management system. In versions 3.6.1 through 3.6.3, a prior fix for XSS in bazaar README rendering (incomplete fix for CVE-2026-33066) enabled the Lute HTML sanitizer, but the sanitizer does not block iframe tags, and its URL-prefix blocklist does not effโฆ
9.1
CVE-2026-40322 - SiYuan: Mermaid `javascript:` Link Injection Leads to Stored XSS and Electron RCE
SiYuan is an open-source personal knowledge management system. In versions 3.6.3 and below, Mermaid diagrams are rendered with securityLevel set to "loose", and the resulting SVG is injected into the DOM via innerHTML. This allows attacker-controlled javascript: URLs in Mermaid code blocks to surviโฆ
8.5
CVE-2026-40318 - SiYuan: Publish Reader Path Traversal Delete via `removeUnusedAttributeView`
SiYuan is an open-source personal knowledge management system. In versions 3.6.3 and prior, the /api/av/removeUnusedAttributeView endpoint constructs a filesystem path using the user-controlled id parameter without validation or path boundary enforcement. An attacker can inject path traversal sequeโฆ
8.1
CVE-2026-40259 - SiYuan: Publish Reader Can Arbitrarily Delete Attribute View Files via removeUnusedAttributeView API
SiYuan is an open-source personal knowledge management system. In versions 3.6.3 and below, the /api/av/removeUnusedAttributeView endpoint is protected only by generic authentication that accepts publish-service RoleReader tokens. The handler passes a caller-controlled id directly to a model functiโฆ
4.3
CVE-2024-58343 -
Vision Helpdesk before 5.7.0 (patched in 5.6.10) allows attackers to read user profiles via modified serialized cookie data to vis_client_id.