<?xml version='1.0' encoding='UTF-8'?>
<?xml-stylesheet href="/static/style.xsl" type="text/xsl"?>
<rss xmlns:atom="http://www.w3.org/2005/Atom" xmlns:content="http://purl.org/rss/1.0/modules/content/" version="2.0">
  <channel>
    <title>Most recent sightings.</title>
    <link>https://vulnerability.circl.lu</link>
    <description>Contains only the most 10 recent sightings.</description>
    <docs>http://www.rssboard.org/rss-specification</docs>
    <generator>python-feedgen</generator>
    <language>en</language>
    <lastBuildDate>Sun, 12 Jul 2026 14:16:56 +0000</lastBuildDate>
    <item>
      <title>189dc4aa-7990-45c9-a087-7d60e8735c27</title>
      <link>https://vulnerability.circl.lu/sighting/189dc4aa-7990-45c9-a087-7d60e8735c27/export</link>
      <description>{"uuid": "189dc4aa-7990-45c9-a087-7d60e8735c27", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-50551", "type": "seen", "source": "https://gist.github.com/alon710/215bfec609456ef9029abde8936c9791", "content": "# CVE-2026-50551: CVE-2026-50551: Stored Cross-Site Scripting to Remote Code Execution via Attribute View Asset Cell Renderer in SiYuan\n\n&amp;gt; **CVSS Score:** 9.9\n&amp;gt; **Published:** 2026-07-10\n&amp;gt; **Full Report:** https://cvereports.com/reports/CVE-2026-50551\n\n## Summary\nA critical-severity stored Cross-Site Scripting (XSS) vulnerability exists in SiYuan's Attribute View database asset cell renderer. This flaw allows low-privilege authenticated users to execute arbitrary JavaScript in the application frontend. In Electron-based desktop clients, this execution context can be leveraged to execute arbitrary native operating system commands, resulting in complete system compromise.\n\n## TL;DR\nStored XSS in SiYuan's database asset renderer allows unauthenticated remote code execution via synchronizing a maliciously crafted database in Electron clients.\n\n## Exploit Status: POC\n\n## Technical Details\n\n- **CWE ID**: CWE-79\n- **Attack Vector**: Network (AV:N)\n- **CVSS Score**: 9.9 (Critical)\n- **Impact**: Remote Code Execution (RCE)\n- **Exploit Status**: Proof of Concept (PoC) documented\n- **KEV Status**: Not listed\n\n## Affected Systems\n\n- SiYuan (Desktop App &amp;amp; Self-hosted Server)\n- **siyuan**: &amp;lt; 3.7.0 (Fixed in: `3.7.0`)\n\n## Mitigation\n\n- Upgrade the SiYuan application to version 3.7.0 or later immediately.\n- Isolate self-hosted servers behind access control lists to prevent untrusted database synchronization.\n- Enforce context isolation policies in desktop environments to contain potential renderer compromises.\n\n**Remediation Steps:**\n1. Identify all deployed desktop clients and self-hosted instances of SiYuan.\n2. Download and install version 3.7.0 or higher from the official repository or application store.\n3. Verify the application version via the settings interface to ensure the patch is applied.\n\n## References\n\n- [GitHub Security Advisory GHSA-56mp-4f3v-fgj2](https://github.com/siyuan-note/siyuan/security/advisories/GHSA-56mp-4f3v-fgj2)\n- [NVD Vulnerability Detail](https://nvd.nist.gov/vuln/detail/CVE-2026-50551)\n- [CVE Authority Record](https://www.cve.org/CVERecord?id=CVE-2026-50551)\n- [Fix Merge Commit](https://github.com/siyuan-note/siyuan/commit/27e0051e0d067892e833df1063cb2fb469600e98)\n\n\n---\n*Generated by [CVEReports](https://cvereports.com/reports/CVE-2026-50551) - Automated Vulnerability Intelligence*", "creation_timestamp": "2026-07-11T00:01:00.222280Z"}</description>
      <content:encoded>{"uuid": "189dc4aa-7990-45c9-a087-7d60e8735c27", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-50551", "type": "seen", "source": "https://gist.github.com/alon710/215bfec609456ef9029abde8936c9791", "content": "# CVE-2026-50551: CVE-2026-50551: Stored Cross-Site Scripting to Remote Code Execution via Attribute View Asset Cell Renderer in SiYuan\n\n&amp;gt; **CVSS Score:** 9.9\n&amp;gt; **Published:** 2026-07-10\n&amp;gt; **Full Report:** https://cvereports.com/reports/CVE-2026-50551\n\n## Summary\nA critical-severity stored Cross-Site Scripting (XSS) vulnerability exists in SiYuan's Attribute View database asset cell renderer. This flaw allows low-privilege authenticated users to execute arbitrary JavaScript in the application frontend. In Electron-based desktop clients, this execution context can be leveraged to execute arbitrary native operating system commands, resulting in complete system compromise.\n\n## TL;DR\nStored XSS in SiYuan's database asset renderer allows unauthenticated remote code execution via synchronizing a maliciously crafted database in Electron clients.\n\n## Exploit Status: POC\n\n## Technical Details\n\n- **CWE ID**: CWE-79\n- **Attack Vector**: Network (AV:N)\n- **CVSS Score**: 9.9 (Critical)\n- **Impact**: Remote Code Execution (RCE)\n- **Exploit Status**: Proof of Concept (PoC) documented\n- **KEV Status**: Not listed\n\n## Affected Systems\n\n- SiYuan (Desktop App &amp;amp; Self-hosted Server)\n- **siyuan**: &amp;lt; 3.7.0 (Fixed in: `3.7.0`)\n\n## Mitigation\n\n- Upgrade the SiYuan application to version 3.7.0 or later immediately.\n- Isolate self-hosted servers behind access control lists to prevent untrusted database synchronization.\n- Enforce context isolation policies in desktop environments to contain potential renderer compromises.\n\n**Remediation Steps:**\n1. Identify all deployed desktop clients and self-hosted instances of SiYuan.\n2. Download and install version 3.7.0 or higher from the official repository or application store.\n3. Verify the application version via the settings interface to ensure the patch is applied.\n\n## References\n\n- [GitHub Security Advisory GHSA-56mp-4f3v-fgj2](https://github.com/siyuan-note/siyuan/security/advisories/GHSA-56mp-4f3v-fgj2)\n- [NVD Vulnerability Detail](https://nvd.nist.gov/vuln/detail/CVE-2026-50551)\n- [CVE Authority Record](https://www.cve.org/CVERecord?id=CVE-2026-50551)\n- [Fix Merge Commit](https://github.com/siyuan-note/siyuan/commit/27e0051e0d067892e833df1063cb2fb469600e98)\n\n\n---\n*Generated by [CVEReports](https://cvereports.com/reports/CVE-2026-50551) - Automated Vulnerability Intelligence*", "creation_timestamp": "2026-07-11T00:01:00.222280Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/189dc4aa-7990-45c9-a087-7d60e8735c27/export</guid>
      <pubDate>Sat, 11 Jul 2026 00:01:00 +0000</pubDate>
    </item>
    <item>
      <title>a0ab5b28-ed8c-4a4a-a19a-af2370f02c77</title>
      <link>https://vulnerability.circl.lu/sighting/a0ab5b28-ed8c-4a4a-a19a-af2370f02c77/export</link>
      <description>{"uuid": "a0ab5b28-ed8c-4a4a-a19a-af2370f02c77", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-50551", "type": "seen", "source": "https://gist.github.com/alon710/215bfec609456ef9029abde8936c9791", "content": "# CVE-2026-50551: CVE-2026-50551: Stored Cross-Site Scripting to Remote Code Execution via Attribute View Asset Cell Renderer in SiYuan\n\n&amp;gt; **CVSS Score:** 9.9\n&amp;gt; **Published:** 2026-07-10\n&amp;gt; **Full Report:** https://cvereports.com/reports/CVE-2026-50551\n\n## Summary\nA critical-severity stored Cross-Site Scripting (XSS) vulnerability exists in SiYuan's Attribute View database asset cell renderer. This flaw allows low-privilege authenticated users to execute arbitrary JavaScript in the application frontend. In Electron-based desktop clients, this execution context can be leveraged to execute arbitrary native operating system commands, resulting in complete system compromise.\n\n## TL;DR\nStored XSS in SiYuan's database asset renderer allows unauthenticated remote code execution via synchronizing a maliciously crafted database in Electron clients.\n\n## Exploit Status: POC\n\n## Technical Details\n\n- **CWE ID**: CWE-79\n- **Attack Vector**: Network (AV:N)\n- **CVSS Score**: 9.9 (Critical)\n- **Impact**: Remote Code Execution (RCE)\n- **Exploit Status**: Proof of Concept (PoC) documented\n- **KEV Status**: Not listed\n\n## Affected Systems\n\n- SiYuan (Desktop App &amp;amp; Self-hosted Server)\n- **siyuan**: &amp;lt; 3.7.0 (Fixed in: `3.7.0`)\n\n## Mitigation\n\n- Upgrade the SiYuan application to version 3.7.0 or later immediately.\n- Isolate self-hosted servers behind access control lists to prevent untrusted database synchronization.\n- Enforce context isolation policies in desktop environments to contain potential renderer compromises.\n\n**Remediation Steps:**\n1. Identify all deployed desktop clients and self-hosted instances of SiYuan.\n2. Download and install version 3.7.0 or higher from the official repository or application store.\n3. Verify the application version via the settings interface to ensure the patch is applied.\n\n## References\n\n- [GitHub Security Advisory GHSA-56mp-4f3v-fgj2](https://github.com/siyuan-note/siyuan/security/advisories/GHSA-56mp-4f3v-fgj2)\n- [NVD Vulnerability Detail](https://nvd.nist.gov/vuln/detail/CVE-2026-50551)\n- [CVE Authority Record](https://www.cve.org/CVERecord?id=CVE-2026-50551)\n- [Fix Merge Commit](https://github.com/siyuan-note/siyuan/commit/27e0051e0d067892e833df1063cb2fb469600e98)\n\n\n---\n*Generated by [CVEReports](https://cvereports.com/reports/CVE-2026-50551) - Automated Vulnerability Intelligence*", "creation_timestamp": "2026-07-10T23:42:38.231666Z"}</description>
      <content:encoded>{"uuid": "a0ab5b28-ed8c-4a4a-a19a-af2370f02c77", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-50551", "type": "seen", "source": "https://gist.github.com/alon710/215bfec609456ef9029abde8936c9791", "content": "# CVE-2026-50551: CVE-2026-50551: Stored Cross-Site Scripting to Remote Code Execution via Attribute View Asset Cell Renderer in SiYuan\n\n&amp;gt; **CVSS Score:** 9.9\n&amp;gt; **Published:** 2026-07-10\n&amp;gt; **Full Report:** https://cvereports.com/reports/CVE-2026-50551\n\n## Summary\nA critical-severity stored Cross-Site Scripting (XSS) vulnerability exists in SiYuan's Attribute View database asset cell renderer. This flaw allows low-privilege authenticated users to execute arbitrary JavaScript in the application frontend. In Electron-based desktop clients, this execution context can be leveraged to execute arbitrary native operating system commands, resulting in complete system compromise.\n\n## TL;DR\nStored XSS in SiYuan's database asset renderer allows unauthenticated remote code execution via synchronizing a maliciously crafted database in Electron clients.\n\n## Exploit Status: POC\n\n## Technical Details\n\n- **CWE ID**: CWE-79\n- **Attack Vector**: Network (AV:N)\n- **CVSS Score**: 9.9 (Critical)\n- **Impact**: Remote Code Execution (RCE)\n- **Exploit Status**: Proof of Concept (PoC) documented\n- **KEV Status**: Not listed\n\n## Affected Systems\n\n- SiYuan (Desktop App &amp;amp; Self-hosted Server)\n- **siyuan**: &amp;lt; 3.7.0 (Fixed in: `3.7.0`)\n\n## Mitigation\n\n- Upgrade the SiYuan application to version 3.7.0 or later immediately.\n- Isolate self-hosted servers behind access control lists to prevent untrusted database synchronization.\n- Enforce context isolation policies in desktop environments to contain potential renderer compromises.\n\n**Remediation Steps:**\n1. Identify all deployed desktop clients and self-hosted instances of SiYuan.\n2. Download and install version 3.7.0 or higher from the official repository or application store.\n3. Verify the application version via the settings interface to ensure the patch is applied.\n\n## References\n\n- [GitHub Security Advisory GHSA-56mp-4f3v-fgj2](https://github.com/siyuan-note/siyuan/security/advisories/GHSA-56mp-4f3v-fgj2)\n- [NVD Vulnerability Detail](https://nvd.nist.gov/vuln/detail/CVE-2026-50551)\n- [CVE Authority Record](https://www.cve.org/CVERecord?id=CVE-2026-50551)\n- [Fix Merge Commit](https://github.com/siyuan-note/siyuan/commit/27e0051e0d067892e833df1063cb2fb469600e98)\n\n\n---\n*Generated by [CVEReports](https://cvereports.com/reports/CVE-2026-50551) - Automated Vulnerability Intelligence*", "creation_timestamp": "2026-07-10T23:42:38.231666Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/a0ab5b28-ed8c-4a4a-a19a-af2370f02c77/export</guid>
      <pubDate>Fri, 10 Jul 2026 23:42:38 +0000</pubDate>
    </item>
    <item>
      <title>ab0cead5-4b89-4467-9799-0c7ca7f7c339</title>
      <link>https://vulnerability.circl.lu/sighting/ab0cead5-4b89-4467-9799-0c7ca7f7c339/export</link>
      <description>{"uuid": "ab0cead5-4b89-4467-9799-0c7ca7f7c339", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-50551", "type": "published-proof-of-concept", "source": "https://github.com/siyuan-note/siyuan/security/advisories/GHSA-56mp-4f3v-fgj2", "content": "", "creation_timestamp": "2026-07-10T22:35:05.690864Z"}</description>
      <content:encoded>{"uuid": "ab0cead5-4b89-4467-9799-0c7ca7f7c339", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-50551", "type": "published-proof-of-concept", "source": "https://github.com/siyuan-note/siyuan/security/advisories/GHSA-56mp-4f3v-fgj2", "content": "", "creation_timestamp": "2026-07-10T22:35:05.690864Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/ab0cead5-4b89-4467-9799-0c7ca7f7c339/export</guid>
      <pubDate>Fri, 10 Jul 2026 22:35:05 +0000</pubDate>
    </item>
    <item>
      <title>3948f849-93cf-4dbc-b833-a1e8a5ced76d</title>
      <link>https://vulnerability.circl.lu/sighting/3948f849-93cf-4dbc-b833-a1e8a5ced76d/export</link>
      <description>{"uuid": "3948f849-93cf-4dbc-b833-a1e8a5ced76d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-50551", "type": "seen", "source": "https://bsky.app/profile/stackflag.bsky.social/post/3mqd2wbs2yf22", "content": "CVE-2026-50551 - siyuan-note\nSiYuan, a personal knowledge management system, contains a security flaw that can allow an attacker to execute malicious code on users' computers. This vulnerability affects\u2026\n\nToo many irrelevant or confusing CVEs? Use stackflag.com\n\n#siyuannote #Golang #CVE #infosec", "creation_timestamp": "2026-07-10T21:14:06.260232Z"}</description>
      <content:encoded>{"uuid": "3948f849-93cf-4dbc-b833-a1e8a5ced76d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-50551", "type": "seen", "source": "https://bsky.app/profile/stackflag.bsky.social/post/3mqd2wbs2yf22", "content": "CVE-2026-50551 - siyuan-note\nSiYuan, a personal knowledge management system, contains a security flaw that can allow an attacker to execute malicious code on users' computers. This vulnerability affects\u2026\n\nToo many irrelevant or confusing CVEs? Use stackflag.com\n\n#siyuannote #Golang #CVE #infosec", "creation_timestamp": "2026-07-10T21:14:06.260232Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/3948f849-93cf-4dbc-b833-a1e8a5ced76d/export</guid>
      <pubDate>Fri, 10 Jul 2026 21:14:06 +0000</pubDate>
    </item>
    <item>
      <title>8ca24204-3de0-46a7-af21-4d51f948bdb6</title>
      <link>https://vulnerability.circl.lu/sighting/8ca24204-3de0-46a7-af21-4d51f948bdb6/export</link>
      <description>{"uuid": "8ca24204-3de0-46a7-af21-4d51f948bdb6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-50554", "type": "published-proof-of-concept", "source": "https://github.com/enchant97/note-mark/security/advisories/GHSA-588f-fvcv-xhvf", "content": "", "creation_timestamp": "2026-07-09T14:35:10.180343Z"}</description>
      <content:encoded>{"uuid": "8ca24204-3de0-46a7-af21-4d51f948bdb6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-50554", "type": "published-proof-of-concept", "source": "https://github.com/enchant97/note-mark/security/advisories/GHSA-588f-fvcv-xhvf", "content": "", "creation_timestamp": "2026-07-09T14:35:10.180343Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/8ca24204-3de0-46a7-af21-4d51f948bdb6/export</guid>
      <pubDate>Thu, 09 Jul 2026 14:35:10 +0000</pubDate>
    </item>
    <item>
      <title>142f7a2d-3d32-4524-8aac-f703f42bcf1c</title>
      <link>https://vulnerability.circl.lu/sighting/142f7a2d-3d32-4524-8aac-f703f42bcf1c/export</link>
      <description>{"uuid": "142f7a2d-3d32-4524-8aac-f703f42bcf1c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-50553", "type": "published-proof-of-concept", "source": "https://github.com/enchant97/note-mark/security/advisories/GHSA-rqrh-8wpv-x7hh", "content": "", "creation_timestamp": "2026-07-09T14:35:07.947259Z"}</description>
      <content:encoded>{"uuid": "142f7a2d-3d32-4524-8aac-f703f42bcf1c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-50553", "type": "published-proof-of-concept", "source": "https://github.com/enchant97/note-mark/security/advisories/GHSA-rqrh-8wpv-x7hh", "content": "", "creation_timestamp": "2026-07-09T14:35:07.947259Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/142f7a2d-3d32-4524-8aac-f703f42bcf1c/export</guid>
      <pubDate>Thu, 09 Jul 2026 14:35:07 +0000</pubDate>
    </item>
    <item>
      <title>2b4329ac-15df-44ee-a127-60faf2bd4c3e</title>
      <link>https://vulnerability.circl.lu/sighting/2b4329ac-15df-44ee-a127-60faf2bd4c3e/export</link>
      <description>{"uuid": "2b4329ac-15df-44ee-a127-60faf2bd4c3e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-50553", "type": "seen", "source": "https://bsky.app/profile/stackflag.bsky.social/post/3mq7sctc67r25", "content": "CVE-2026-50553 - enchant97\nNote Mark's export feature can write files outside the intended directory due to unsanitized book and note slugs. This can happen because the software does not properly check the\u2026\n\nToo many irrelevant or confusing CVEs? Use stackflag.com\n\n#enchant97 #Golang #CVE #infosec", "creation_timestamp": "2026-07-09T14:02:22.529089Z"}</description>
      <content:encoded>{"uuid": "2b4329ac-15df-44ee-a127-60faf2bd4c3e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-50553", "type": "seen", "source": "https://bsky.app/profile/stackflag.bsky.social/post/3mq7sctc67r25", "content": "CVE-2026-50553 - enchant97\nNote Mark's export feature can write files outside the intended directory due to unsanitized book and note slugs. This can happen because the software does not properly check the\u2026\n\nToo many irrelevant or confusing CVEs? Use stackflag.com\n\n#enchant97 #Golang #CVE #infosec", "creation_timestamp": "2026-07-09T14:02:22.529089Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/2b4329ac-15df-44ee-a127-60faf2bd4c3e/export</guid>
      <pubDate>Thu, 09 Jul 2026 14:02:22 +0000</pubDate>
    </item>
    <item>
      <title>c37039de-e6c1-4dcc-8f62-f9376a12b126</title>
      <link>https://vulnerability.circl.lu/sighting/c37039de-e6c1-4dcc-8f62-f9376a12b126/export</link>
      <description>{"uuid": "c37039de-e6c1-4dcc-8f62-f9376a12b126", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-50559", "type": "seen", "source": "https://bsky.app/profile/kriptabiz.bsky.social/post/3mps7ejvrvj2k", "content": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2026-50559 \u0432 Quarkus: \u0443\u0433\u0440\u043e\u0437\u044b \u0438 \u0441\u043f\u043e\u0441\u043e\u0431\u044b \u0437\u0430\u0449\u0438\u0442\u044b\n\n\n\nhttps://kripta.biz/posts/72E99481-D133-4F03-91BA-85DF881C986C", "creation_timestamp": "2026-07-04T04:18:24.281232Z"}</description>
      <content:encoded>{"uuid": "c37039de-e6c1-4dcc-8f62-f9376a12b126", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-50559", "type": "seen", "source": "https://bsky.app/profile/kriptabiz.bsky.social/post/3mps7ejvrvj2k", "content": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2026-50559 \u0432 Quarkus: \u0443\u0433\u0440\u043e\u0437\u044b \u0438 \u0441\u043f\u043e\u0441\u043e\u0431\u044b \u0437\u0430\u0449\u0438\u0442\u044b\n\n\n\nhttps://kripta.biz/posts/72E99481-D133-4F03-91BA-85DF881C986C", "creation_timestamp": "2026-07-04T04:18:24.281232Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/c37039de-e6c1-4dcc-8f62-f9376a12b126/export</guid>
      <pubDate>Sat, 04 Jul 2026 04:18:24 +0000</pubDate>
    </item>
    <item>
      <title>babe0fb6-b5f3-4be4-bb1a-d4257a58b70f</title>
      <link>https://vulnerability.circl.lu/sighting/babe0fb6-b5f3-4be4-bb1a-d4257a58b70f/export</link>
      <description>{"uuid": "babe0fb6-b5f3-4be4-bb1a-d4257a58b70f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-50556", "type": "seen", "source": "https://bsky.app/profile/kriptabiz.bsky.social/post/3mps6rfuwao2b", "content": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2026-50556 \u0432 Angular: \u0443\u0433\u0440\u043e\u0437\u0430 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0438 \u0441\u043f\u043e\u0441\u043e\u0431\u044b \u0437\u0430\u0449\u0438\u0442\u044b\n\n\n\nhttps://kripta.biz/posts/E76439F7-9055-4F59-80F3-F190FA8D35A2", "creation_timestamp": "2026-07-04T04:07:42.939173Z"}</description>
      <content:encoded>{"uuid": "babe0fb6-b5f3-4be4-bb1a-d4257a58b70f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-50556", "type": "seen", "source": "https://bsky.app/profile/kriptabiz.bsky.social/post/3mps6rfuwao2b", "content": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2026-50556 \u0432 Angular: \u0443\u0433\u0440\u043e\u0437\u0430 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0438 \u0441\u043f\u043e\u0441\u043e\u0431\u044b \u0437\u0430\u0449\u0438\u0442\u044b\n\n\n\nhttps://kripta.biz/posts/E76439F7-9055-4F59-80F3-F190FA8D35A2", "creation_timestamp": "2026-07-04T04:07:42.939173Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/babe0fb6-b5f3-4be4-bb1a-d4257a58b70f/export</guid>
      <pubDate>Sat, 04 Jul 2026 04:07:42 +0000</pubDate>
    </item>
    <item>
      <title>c1c2db4a-442c-4c60-9435-edf7860c4eb5</title>
      <link>https://vulnerability.circl.lu/sighting/c1c2db4a-442c-4c60-9435-edf7860c4eb5/export</link>
      <description>{"uuid": "c1c2db4a-442c-4c60-9435-edf7860c4eb5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-50551", "type": "seen", "source": "https://infosec.exchange/users/offseq/statuses/116808510648585515", "content": "CVE-2026-50551: SiYuan (&amp;lt;3.7.0) suffers CRITICAL stored XSS in Attribute View, enabling RCE via Electron client. Upgrade to v3.7.0+ to mitigate. No workaround available. Details: https://radar.offseq.com/threat/cve-2026-50551-cwe-79-improper-neutralization-of-i-e91ef5b4d83fcdb8 #OffSeq #XSS #SiYuan #Cybersecurity", "creation_timestamp": "2026-06-25T03:00:28.769501Z"}</description>
      <content:encoded>{"uuid": "c1c2db4a-442c-4c60-9435-edf7860c4eb5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-50551", "type": "seen", "source": "https://infosec.exchange/users/offseq/statuses/116808510648585515", "content": "CVE-2026-50551: SiYuan (&amp;lt;3.7.0) suffers CRITICAL stored XSS in Attribute View, enabling RCE via Electron client. Upgrade to v3.7.0+ to mitigate. No workaround available. Details: https://radar.offseq.com/threat/cve-2026-50551-cwe-79-improper-neutralization-of-i-e91ef5b4d83fcdb8 #OffSeq #XSS #SiYuan #Cybersecurity", "creation_timestamp": "2026-06-25T03:00:28.769501Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/c1c2db4a-442c-4c60-9435-edf7860c4eb5/export</guid>
      <pubDate>Thu, 25 Jun 2026 03:00:28 +0000</pubDate>
    </item>
  </channel>
</rss>
