Daniel

38 exploits Active since Aug 2019
CVE-2024-55659 WRITEUP MEDIUM WRITEUP
SiYuan < 3.1.16 - Unauthenticated Arbitrary File Write and Stored Cross-Site Scripting via Asset Upload Endpoint
SiYuan is a personal knowledge management system. Prior to version 3.1.16, the `/api/asset/upload` endpoint in Siyuan is vulnerable to both arbitrary file write to the host and stored cross-site scripting (via the file write). Version 3.1.16 contains a patch for the issue.
CVSS 5.4
CVE-2024-55660 WRITEUP CRITICAL WRITEUP
SiYuan < 3.1.16 - Server-Side Template Injection via Sprig Template Engine
SiYuan is a personal knowledge management system. Prior to version 3.1.16, SiYuan's `/api/template/renderSprig` endpoint is vulnerable to Server-Side Template Injection (SSTI) through the Sprig template engine. Although the engine has limitations, it allows attackers to access environment variables. Version 3.1.16 contains a patch for the issue.
CVSS 9.8
CVE-2025-21609 WRITEUP CRITICAL WRITEUP
SiYuan Note <3.1.18 - File Deletion
SiYuan is self-hosted, open source personal knowledge management software. SiYuan Note version 3.1.18 has an arbitrary file deletion vulnerability. The vulnerability exists in the `POST /api/history/getDocHistoryContent` endpoint. An attacker can craft a payload to exploit this vulnerability, resulting in the deletion of arbitrary files on the server. Commit d9887aeec1b27073bec66299a9a4181dc42969f3 fixes this vulnerability and is expected to be available in version 3.1.19.
CVSS 9.1
CVE-2025-32036 WRITEUP MEDIUM WRITEUP
DNN - Info Disclosure
DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. The algorithm used to generate the captcha image shows the least complexity of the desired image. For this reason, the created image can be easily read by OCR tools, and the intruder can send automatic requests by building a robot and using this tool. This vulnerability is fixed in 9.13.8.
CVSS 4.2
CVE-2025-32371 WRITEUP MEDIUM WRITEUP
DNN - Info Disclosure
DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. A url could be crafted to the DNN ImageHandler to render text from a querystring parameter. This text would display in the resulting image and a user that trusts the domain might think that the information is legitimate. This vulnerability is fixed in 9.13.4.
CVSS 4.3
CVE-2025-32372 WRITEUP MEDIUM WRITEUP
Dnnsoftware Dotnetnuke < 9.13.8 - SSRF
DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. A bypass has been identified for the previously known vulnerability CVE-2017-0929, allowing unauthenticated attackers to execute arbitrary GET requests against target systems, including internal or adjacent networks. This vulnerability facilitates a semi-blind SSRF attack, allowing attackers to make the target server send requests to internal or external URLs without viewing the full responses. Potential impacts include internal network reconnaissance, bypassing firewalls. This vulnerability is fixed in 9.13.8.
CVSS 6.5
CVE-2025-48376 WRITEUP LOW WRITEUP
DNN < 9.13.9 Site Export - SuperUser External URL Import
DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to version 9.13.9, a malicious SuperUser (Host) could craft a request to use an external url for a site export to then be imported. Version 9.13.9 fixes the issue.
CVSS 3.5
CVE-2026-23847 WRITEUP MEDIUM WRITEUP
SiYuan < 3.5.4 - Reflected Cross-Site Scripting via Dynamic Icon SVG Content Parameter
SiYuan is a personal knowledge management system. Versions prior to 3.5.4 are vulnerable to reflected cross-site scripting in /api/icon/getDynamicIcon due to unsanitized SVG input. The endpoint generates SVG images for text icons (type=8). The content query parameter is inserted directly into the SVG <text> tag without XML escaping. Since the response Content-Type is image/svg+xml, injecting unescaped tags allows breaking the XML structure and executing JavaScript. Version 3.5.4 patches the issue.]
CVSS 6.1
CVE-2026-23851 WRITEUP MEDIUM WRITEUP
SiYuan < 3.5.4 - Authenticated Path Traversal via Global Copy Files Endpoint
SiYuan is a personal knowledge management system. Versions prior to 3.5.4 contain a logic vulnerability in the /api/file/globalCopyFiles endpoint. The function allows authenticated users to copy files from any location on the server's filesystem into the application's workspace without proper path validation. The vulnerability exists in the api/file.go source code. The function globalCopyFiles accepts a list of source paths (srcs) from the JSON request body. While the code checks if the source file exists using filelock.IsExist(src), it fails to validate whether the source path resides within the authorized workspace directory. Version 3.5.4 patches the issue.
CVSS 6.5
CVE-2026-23852 WRITEUP CRITICAL WRITEUP
SiYuan < 3.5.4 - Stored Cross-Site Scripting via Block Icon Attribute
SiYuan is a personal knowledge management system. Versions prior to 3.5.4 have a stored Cross-Site Scripting (XSS) vulnerability that allows an attacker to inject arbitrary HTML attributes into the `icon` attribute of a block via the `/api/attr/setBlockAttrs` API. The payload is later rendered in the dynamic icon feature in an unsanitized context, leading to stored XSS and, in the desktop environment, potential remote code execution (RCE). This issue bypasses the previous fix for issue `#15970` (XSS → RCE via dynamic icons). Version 3.5.4 contains an updated fix.
CVSS 9.6
CVE-2026-25539 WRITEUP CRITICAL WRITEUP
SiYuan < 3.5.5 - Authenticated Path Traversal and Remote Code Execution via File Copy Endpoint
SiYuan is a personal knowledge management system. Prior to version 3.5.5, the /api/file/copyFile endpoint does not validate the dest parameter, allowing authenticated users to write files to arbitrary locations on the filesystem. This can lead to Remote Code Execution (RCE) by writing to sensitive locations such as cron jobs, SSH authorized_keys, or shell configuration files. This issue has been patched in version 3.5.5.
CVSS 9.1
CVE-2026-25647 WRITEUP MEDIUM WRITEUP
SiYuan - Stored Cross-Site Scripting in Markdown Rendering Engine
Lute is a structured Markdown engine supporting Go and JavaScript. Lute 1.7.6 and earlier (as used in SiYuan before) has a Stored Cross-Site Scripting (XSS) vulnerability in the Markdown rendering engine. An attacker can inject malicious JavaScript into a Markdown text/note. When another user clicks the rendered content, the script executes in the context of their session.
CVSS 4.6
EIP-2026-115006 EXPLOITDB python WORKING POC
Bosch Video Management System 8.0 - Configuration Client Denial of Service (PoC)