6.2
CVE-2026-34537 - iccDEV: UB in CIccOpDefEnvVar::Exec()
iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, a crafted ICC profile can trigger Undefined Behavior (UB) in CIccOpDefEnvVar::Exec() due to invalid enum values being loaded for icSigCmmEnvVar. The issue is observable under UBSan…
6.2
CVE-2026-34536 - iccDEV: SO in SIccCalcOp::ArgsUsed()
iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, a crafted ICC profile can trigger a stack overflow (SO) in SIccCalcOp::ArgsUsed(). The issue is observable under AddressSanitizer as a stack-overflow when iccApplyProfiles processe…
6.2
CVE-2026-34535 - iccDEV: SEGV in CIccTagArray::Cleanup()
iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, a crafted ICC profile can trigger a segmentation fault (SEGV) in CIccTagArray::Cleanup(). The issue is observable under UBSan/ASan as misaligned member access / misaligned pointer …
6.2
CVE-2026-34534 - iccDEV: HBO in CIccMpeSpectralMatrix::Describe()
iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, a crafted ICC profile can trigger a heap-buffer-overflow (HBO) in CIccMpeSpectralMatrix::Describe(). The issue is observable under AddressSanitizer as an out-of-bounds heap read wh…
6.2
CVE-2026-34533 - iccDEV: UB in CIccCalculatorFunc::ApplySequence()
iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, a crafted ICC profile can trigger Undefined Behavior (UB) in CIccCalculatorFunc::ApplySequence() due to invalid enum values being loaded for icChannelFuncSignature. The issue is ob…
8.6
CVE-2026-34605 - SiYuan: Reflected XSS via SVG namespace prefix bypass in SanitizeSVG ( getDynamicIcon, unauthentica…
SiYuan is a personal knowledge management system. From version 3.6.0 to before version 3.6.2, the SanitizeSVG function introduced in version 3.6.0 to fix XSS in the unauthenticated /api/icon/getDynamicIcon endpoint can be bypassed by using namespace-prefixed element names such as <x:script xmlns:x=…
8.6
CVE-2026-34585 - SiYuan: Stored XSS in imported .sy.zip content leads to arbitrary command execution
SiYuan is a personal knowledge management system. Prior to version 3.6.2, a vulnerability allows crafted block attribute values to bypass server-side attribute escaping when an HTML entity is mixed with raw special characters. An attacker can embed a malicious IAL value inside a .sy document, packa…
9.7
CVE-2026-34449 - SiYuan: Cross-Origin RCE via Permissive CORS Policy and JavaScript Snippet Injection
SiYuan is a personal knowledge management system. Prior to version 3.6.2, a malicious website can achieve Remote Code Execution (RCE) on any desktop running SiYuan by exploiting the permissive CORS policy (Access-Control-Allow-Origin: * + Access-Control-Allow-Private-Network: true) to inject a Java…
9.1
CVE-2026-34448 - SiYuan: Stored XSS in Attribute View gallery/kanban cover rendering allows arbitrary command execut…
SiYuan is a personal knowledge management system. Prior to version 3.6.2, an attacker who can place a malicious URL in an Attribute View mAsse field can trigger stored XSS when a victim opens the Gallery or Kanban view with “Cover From -> Asset Field” enabled. The vulnerable code accepts arbitrary …
7.5
CVE-2026-34453 - SiYuan: Broken access control in /api/bookmark/getBookmark allows unauthenticated publish visitors …
SiYuan is a personal knowledge management system. Prior to version 3.6.2, the publish service exposes bookmarked blocks from password-protected documents to unauthenticated visitors. In publish/read-only mode, /api/bookmark/getBookmark filters bookmark results by calling FilterBlocksByPublishAccess…