SiYuan: Stored XSS in Bazaar marketplace via package README event handlers_CVE-2026-54070

SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, renderPackageREADME in kernel/bazaar/readme.go renders a Bazaar pack...

SiYuan: Unauthenticated Admin API Access via Blanket chrome-extension:// Origin Allowlist_CVE-2026-54069

SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, SiYuan Note's kernel HTTP server unconditionally trusts all chrome-e...

SiYuan: Unauthenticated SQLite Data Exfiltration via Template Injection in /api/icon/getDynamicIcon_CVE-2026-54068

SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, the /api/icon/getDynamicIcon endpoint is explicitly excluded from au...

SiYuan: Stored XSS to RCE via CSS-snippet