CRITICAL - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
CRITICAL 9	CVE-2026-55570	SiYuan: Stored XSS results to Electron RCE in SiYuan marketplace via unescaped `data-obj` attribute (Bypass for CVE-2026-45375’s patch)_CVE-2026-55570 SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, it does not escape the untrusted fields (name, version, author, desc...	siyuan-note	siyuan < 3.7.0	Jun 24, 2026	CVE
CRITICAL 9.9	CVE-2026-55454	Appsmith: Caddy admin API exposed without authentication_CVE-2026-55454 Appsmith is a platform to build admin panels, internal tools, and dashboards. Prior to 2.1, the bundled Caddy reverse-proxy's admin API — which has...	appsmithorg	appsmith < 2.1	Jun 24, 2026	CVE
CRITICAL 9.9	CVE-2026-54158	SiYuan: Stored XSS to RCE via attribute-view cell rendering in genAVValueHTML()_CVE-2026-54158 SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, the attribute-view (database) cell renderer genAVValueHTML interpola...	siyuan-note	siyuan < 3.7.0	Jun 24, 2026	CVE
CRITICAL 9.2	CVE-2026-54069	SiYuan: Unauthenticated Admin API Access via Blanket chrome-extension:// Origin Allowlist_CVE-2026-54069 SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, SiYuan Note's kernel HTTP server unconditionally trusts all chrome-e...	siyuan-note	siyuan < 3.7.0	Jun 24, 2026	CVE
CRITICAL 9.9	CVE-2026-54067	SiYuan: Stored XSS to RCE via CSS-snippet