CVE-2026-40922
published 2026-04-17CVE-2026-40922: SiYuan is an open-source personal knowledge management system. In versions 3.6.1 through 3.6.3, a prior fix for XSS in bazaar README rendering (incomplete fix…
PriorityP429medium5.4CVSS 3.1
AVNACLPRLUIRSCCLILAN
EPSS
0.26%
17.3th percentile
SiYuan is an open-source personal knowledge management system. In versions 3.6.1 through 3.6.3, a prior fix for XSS in bazaar README rendering (incomplete fix for CVE-2026-33066) enabled the Lute HTML sanitizer, but the sanitizer does not block iframe tags, and its URL-prefix blocklist does not effectively filter srcdoc attributes which contain raw HTML rather than URLs. A malicious bazaar package author can include an iframe with a srcdoc attribute containing embedded scripts in their README. When other users view the package in SiYuan's marketplace UI, the payload executes in the Electron context with full application privileges, enabling arbitrary code execution on the user's machine. This issue has been fixed in version 3.6.4.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| b3log | siyuan | >= 3.6.1 < 3.6.4 | 3.6.4 |
| linux | linux_kernel | >= 6.7.0 < 6.18.6 | 6.18.6 |
CVSS provenance
nvdv3.15.4MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
nvdv4.05.3MEDIUMCVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
osv5.5MEDIUM
vendor_redhat5.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
idpf: fix error handling in the init_task on load
osv·2026-01-31·CVSS 5.5
CVE-2026-23017 idpf: fix error handling in the init_task on load
idpf: fix error handling in the init_task on load
In the Linux kernel, the following vulnerability has been resolved:
idpf: fix error handling in the init_task on load
If the init_task fails during a driver load, we end up without vports and
netdevs, effectively failing the entire process. In that state a
subsequent reset will result in a crash as the service task attempts to
access uninitialized resources. Following trace is from an error in the
init_task where the CREATE_VPORT (op 501) is rejected by the FW:
[40922.763136] idpf 0000:83:00.0: Device HW Reset initiated
[40924.449797] idpf 0000:83:00.0: Transaction failed (op 501)
[40958.148190] idpf 0000:83:00.0: HW reset detected
[40958.161202] BUG: kernel NULL pointer dereference, address: 00000000000000a8
...
[40958.168094] Workqueu
Red Hat
kernel: idpf: fix error handling in the init_task on load
vendor_redhat·2026-01-31·CVSS 5.5
CVE-2026-23017 [MEDIUM] CWE-476 kernel: idpf: fix error handling in the init_task on load
kernel: idpf: fix error handling in the init_task on load
In the Linux kernel, the following vulnerability has been resolved:
idpf: fix error handling in the init_task on load
If the init_task fails during a driver load, we end up without vports and
netdevs, effectively failing the entire process. In that state a
subsequent reset will result in a crash as the service task attempts to
access uninitialized resources. Following trace is from an error in the
init_task where the CREATE_VPORT (op 501) is rejected by the FW:
[40922.763136] idpf 0000:83:00.0: Device HW Reset initiated
[40924.449797] idpf 0000:83:00.0: Transaction failed (op 501)
[40958.148190] idpf 0000:83:00.0: HW reset detected
[40958.161202] BUG: kernel NULL pointer dereference, address: 00000000000000a8
...
[40958.168094] Wor
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://github.com/advisories/GHSA-4663-4mpg-879vhttps://github.com/siyuan-note/siyuan/commit/b382f50e1880ed996364509de5a10a72d7409428https://github.com/siyuan-note/siyuan/releases/tag/v3.6.4https://github.com/siyuan-note/siyuan/security/advisories/GHSA-8q5w-mmxf-48jghttps://github.com/siyuan-note/siyuan/security/advisories/GHSA-8q5w-mmxf-48jg
2026-04-17
Published