2 matches found
CVE-2026-32749
SiYuan is a personal knowledge management system. In versions 3.6.0 and below, POST /api/import/importSY and POST /api/import/importZipMd write uploaded archives to a path derived from the multipart filename field without sanitization, allowing an admin to write files to arbitrary locations outsi...
CVE-2026-32749
creationtimestamp| type| source ---|---|--- 2026-03-14 03:57:28+00:00| published-proof-of-concept| https://github.com/siyuan-note/siyuan/security/advisories/GHSA-qvvf-q994-x79v 2026-03-19 21:23:49+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mhgwrlsfdx2k 2026-03-19...