CVE-2026-23851 SiYuan Vulnerable to Arbitrary File Read via File Copy Functionality

SiYuan is a personal knowledge management system. Versions prior to 3.5.4 contain a logic vulnerability in the /api/file/globalCopyFiles endpoint. The function allows authenticated users to copy files from any location on the server's filesystem into the application's workspace without proper pat...

CVE-2021-29460

Kirby is an open source CMS. An editor with write access to the Kirby Panel can upload an SVG file that contains harmful content like tags. The direct link to that file can be sent to other users or visitors of the site. If the victim opens that link in a browser where they are logged in to Kirby...