CVE-2026-54070 | SiYuan up to 3.6.x Setting kernel/bazaar/readme.go cross site scripting (GHSA-w7cg-whh7-xp28)

Inserito da Angelo Barbosa | Giu 25, 2026 | CVE

A vulnerability labeled as problematic has been found in SiYuan up to 3.6.x. Affected is an unknown function of the file kernel/bazaar/readme.go of the component Setting Handler. The manipulation results in cross site scripting.

This vulnerability is cataloged as CVE-2026-54070. The attack may be launched remotely. There is no exploit available.

The affected component should be upgraded.

CVE-2026-54070 | SiYuan up to 3.6.x Setting kernel/bazaar/readme.go cross site scripting (GHSA-w7cg-whh7-xp28)

Post correlati

CVE-2024-7291 | JetFormBuilder Plugin up to 3.3.4.1 on WordPress Privilege Escalation

CVE-2022-41678 | Apache ActiveMQ up to 5.16.5/5.17.3 deserialization

CVE-2024-36843 | libmodbus 3.1.6 modbus_mapping_free heap-based overflow

CVE-2025-53512 | Canonical Juju up to 2.9.51/3.6.7 /log information disclosure (GHSA-r64v-82fh-xc63)