GHSA-QVVF-Q994-X79V SiYuan importSY/importZipMd: path traversal via multipart filename enables arbitrary file write

Summary POST /api/import/importSY and POST /api/import/importZipMd write uploaded archives to a path derived from the multipart filename field without sanitization, allowing an admin to write files to arbitrary locations outside the temp directory - including system paths that enable RCE. Details...

SiYuan importSY/importZipMd: path traversal via multipart filename enables arbitrary file write

Summary POST /api/import/importSY and POST /api/import/importZipMd write uploaded archives to a path derived from the multipart filename field without sanitization, allowing an admin to write files to arbitrary locations outside the temp directory - including system paths that enable RCE. Details...

GHSA-472V-J2G4-G9H2 Craft CMS has a Path Traversal Vulnerability in AssetsController

The AssetsController-replaceFile method has a targetFilename body parameter that is used unsanitized in a deleteFile call before Assets::prepareAssetName is applied on save. This allows an authenticated user with replaceFiles permission to delete arbitrary files within the same filesystem root by...

Craft CMS has a Path Traversal Vulnerability in AssetsController

The AssetsController-replaceFile method has a targetFilename body parameter that is used unsanitized in a deleteFile call before Assets::prepareAssetName is applied on save. This allows an authenticated user with replaceFiles permission to delete arbitrary files within the same filesystem root by...

Directory Traversal

Overview craftcms/cms is a content management system. Affected versions of this package are vulnerable to Directory Traversal via the replaceFile process. An attacker can delete arbitrary files within the same filesystem root by injecting path traversal sequences into the targetFilename parameter...

Security Bulletin: Multiple Vulnerabilities in IBM watsonx Code Assistant On Prem

Summary Multiple vulnerabilities were addressed in IBM watsonx Code Assistant On Prem V5.3.1 Vulnerability Details CVEID:CVE-2026-25990 DESCRIPTION: Pillow is a Python imaging library. From 10.3.0 to before 12.1.1, n out-of-bounds write may be triggered when loading a specially crafted PSD image...

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the fileName argument in the /api/file/download endpoint. An attacker can access arbitrary files on the server by supplying crafted path traversal sequences. Details A Directory Traversal attack also known as pat...

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal in the PathUtils.RemoveParentPath function of the /api/admin/plugins/install/actions/download endpoint. An attacker can access unauthorized files or directories by manipulating the path argument. PoC POST...

PT-2026-25803

Craft CMS is a content management system CMS. From version 4.0.0-RC1 to before version 4.17.5 and from version 5.0.0-RC1 to before version 5.9.11, the AssetsController-replaceFile method has a targetFilename body parameter that is used unsanitized in a deleteFile call before...

PT-2026-25816

Name of the Vulnerable Software and Affected Versions ZwickRoell Test Data Management versions prior to 3.0.8 Description The software contains a local file inclusion issue in the /server/node upgrade srv.js endpoint. An attacker can provide directory traversal sequences through the firmware...

PT-2026-25824

Name of the Vulnerable Software and Affected Versions SiYuan versions 3.6.0 and below Description SiYuan, a personal knowledge management system, contains a flaw in the handling of file uploads through the '/api/import/importSY' and '/api/import/importZipMd' API endpoints. These endpoints write...

Craft CMS 路径遍历漏洞

Craft CMS is an open-source content management system developed by Craft Studio. Versions of Craft CMS from 4.0.0-RC1 to 4.17.5, as well as 5.0.0-RC1 to 5.9.11, contained a path traversal vulnerability. This vulnerability stemmed from the targetFilename parameter in the AssetsController-replaceFi...

PT-2026-25856

Name of the Vulnerable Software and Affected Versions File Browser versions 2.61.2 and below Description File Browser, a file managing interface, has an issue where an authenticated user with Create or Rename permissions can bypass administrator-configured deny rules. This is due to the order in...

EulerOS 2.0 SP10 : httpd (EulerOS-SA-2026-1338)

According to the versions of the httpd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : moduserdir+suexec bypass via AllowOverride FileInfo vulnerability in Apache HTTP Server. Users with access to use the RequestHeader directive in...

EulerOS 2.0 SP12 : httpd (EulerOS-SA-2026-1365)

According to the versions of the httpd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Apache HTTP Server 2.4.65 and earlier with Server Side Includes SSI enabled and modcgid but not modcgi passes the shell-escaped query string to exe...

EulerOS 2.0 SP10 : httpd (EulerOS-SA-2026-1312)

According to the versions of the httpd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : moduserdir+suexec bypass via AllowOverride FileInfo vulnerability in Apache HTTP Server. Users with access to use the RequestHeader directive in...

EulerOS Virtualization 2.10.1 : httpd (EulerOS-SA-2026-1536)

According to the versions of the httpd packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : moduserdir+suexec bypass via AllowOverride FileInfo vulnerability in Apache HTTP Server. Users with access to use the RequestHeader...

EulerOS 2.0 SP11 : httpd (EulerOS-SA-2026-1609)

According to the versions of the httpd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Apache HTTP Server 2.4.65 and earlier with Server Side Includes SSI enabled and modcgid but not modcgi passes the shell-escaped query string to exe...

SUSE: Security Advisory (SUSE-SU-2026:0872-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2026-1396)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...