Threats Tagged 'cve-2026-32815'
View all threats tagged with 'cve-2026-32815'. Filter and sort to focus on specific types of threats.
Stop chasing alerts. Route them.
Start free, then upgrade once to turn Radar into an automated delivery engine for your security stack.
Custom feeds / Automations: email, Slack, webhooks, SIEM/MISP / API access (baseline limits)
API access activates after upgrading in Console -> Billing.
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.
Filter Threats
Narrow down the results by type, severity, or affected countries
Threats Tagged 'cve-2026-32815'
Click on any threat for detailed analysis and mitigation recommendations
CVE-2026-32815: CWE-287: Improper Authentication in siyuan-note siyuanCVE-2026-32815 0 CVE-2026-32815 is an improper authentication vulnerability in SiYuan Note versions 3.6.0 and below. The WebSocket endpoint (/ws) allows unauthenticated connections when specific URL parameters are used, enabling external clients, including malicious websites, to connect and receive real-time server push events. This leaks sensitive metadata such as document titles, notebook names, file paths, and CRUD operations performed by authenticated users. The lack of Origin header validation allows cross-origin WebSocket connections, enabling silent monitoring of a victim's local SiYuan instance. The vulnerability has been fixed in version 3.6.1. The CVSS 4. Join the discussion | CVE Database V5 | 03/19/2026, 21:39:31 UTC Added: 03/19/2026, 21:54:23 UTC |
Showing 1 to 1 of 1 result