{"vulnerability": "CVE-2026-54067", "sightings": [{"uuid": "f6cedd9a-41e2-4edd-a868-99f7c4fc130f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-54067", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mp3bm7kwmr25", "content": "CVE-2026-54067 - SiYuan: Stored XSS to RCE via CSS-snippet breakout in renderSnippet()\nCVE ID : CVE-2026-54067\n \n Published : June 24, 2026, 9:14 p.m. | 3\u00a0hours, 56\u00a0minutes ago\n \n Description : SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, CSS ...", "creation_timestamp": "2026-06-25T01:27:15.025006Z"}, {"uuid": "3084936b-f780-43fb-91b5-7a5d3502c64e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-54067", "type": "seen", "source": "https://bsky.app/profile/stackflag.bsky.social/post/3mqcwdlr5ns2t", "content": "CVE-2026-54067 - siyuan-note\nAn attacker with access to your SiYuan workspace can inject malicious code that runs on all devices syncing the workspace. This happens even if you've disabled running\u2026\n\nToo many irrelevant or confusing CVEs? Use stackflag.com\n\n#siyuannote #Golang #CVE #infosec", "creation_timestamp": "2026-07-10T19:52:04.997285Z"}, {"uuid": "08ffa1a1-727c-46eb-86ac-22eb3f5dcf53", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-54067", "type": "published-proof-of-concept", "source": "https://github.com/siyuan-note/siyuan/security/advisories/GHSA-mvjr-vv3c-w4qv", "content": "", "creation_timestamp": "2026-07-10T20:35:21.535640Z"}]}