Lucene search
K

51 matches found

Positive Technologies
Positive Technologies
added 5 days ago10 views

PT-2026-57011

Name of the Vulnerable Software and Affected Versions SiYuan versions prior to 3.7.1 Description An authenticated administrator or API-token user can exfiltrate sensitive files from the host system. The 'POST /api/file/globalCopyFiles' endpoint accepts absolute source paths and uses the...

4.9CVSS6.1AI score0.00278EPSS
Exploits0References6
NVD
NVD
added 6 days ago7 views

CVE-2026-55878

Symfony UX is a JavaScript ecosystem for Symfony. From 2.32.0 before 2.36.1 and from 3.0.0 before 3.2.0, the ux:install console command installs files from a recipe kit by copying paths listed in a copy-files map, and because Path::isRelative accepts paths like ../../../etc, a crafted or...

7.8CVSS0.00146EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 6 days ago5 views

CVE-2026-55878

Symfony UX is a JavaScript ecosystem for Symfony. From 2.32.0 before 2.36.1 and from 3.0.0 before 3.2.0, the ux:install console command installs files from a recipe kit by copying paths listed in a copy-files map, and because Path::isRelative accepts paths like ../../../etc, a crafted or...

7.8CVSS6AI score0.00146EPSS
Exploits0References5Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.19 views

PT-2026-51123

Name of the Vulnerable Software and Affected Versions Symfony UX versions 2.32.0 through 2.36.0 Symfony UX versions 3.0.0 through 3.1.9 Description The ux:install console command installs files from a recipe kit by copying paths listed in a copy-files map. Due to improper validation in...

7.8CVSS6.1AI score0.00146EPSS
Exploits0References9
Veracode
Veracode
added 2026/05/16 5:32 a.m.7 views

Path Traversal

Alist is vulnerable to Path Traversal. The vulnerability is due to insufficient validation of filename components in multiple file operation handlers, which allows an authenticated attacker to inject path traversal sequences to bypass directory-level authorization and perform unauthorized file...

8.8CVSS5.8AI score0.00721EPSS
Exploits1References4Affected Software1
CNNVD
CNNVD
added 2026/03/31 12:0 a.m.8 views

CMS Made Simple(CMSMS) 路径遍历漏洞

CMS Made Simple CMSMS is an open-source content management system developed by the Cmsms team. This system supports role-based permission management, wizard-based installation and update mechanisms, and intelligent caching features. Version 2.2.22 and earlier of CMS Made Simple contained a path...

5.8CVSS5.8AI score0.00317EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/03/31 12:0 a.m.3 views

PT-2026-29288

A vulnerability was found in CMS Made Simple up to 2.2.22. This impacts the function copyFilesToFolder in the library modules/UserGuide/lib/class.UserGuideImporterExporter.php of the component UserGuide Module XML Import. The manipulation results in path traversal. It is possible to launch the...

5.8CVSS5.5AI score0.00317EPSS
Exploits1References5
CVE
CVE
added 2026/03/20 10:30 p.m.18 views

CVE-2026-33194

SiYuan CVE-2026-33194 affects versions prior to 3.6.2. The vulnerability stems from an incomplete denylist in the IsSensitivePath() function (kernel/util/path.go) which was expanded but still does not block several Linux directories such as /opt, /usr, /home, /mnt, and /media. The affected endpoi...

6.8CVSS5.8AI score0.00489EPSS
Exploits1References1Affected Software1
NVD
NVD
added 2026/03/19 9:17 p.m.6 views

CVE-2026-32747

SiYuan is a personal knowledge management system. In versions 3.6.0 and below, the globalCopyFiles API eads source files using filepath.Abs with no workspace boundary check, relying solely on util.IsSensitivePath whose blocklist omits /proc/, /run/secrets/, and home directory dotfiles. An admin c...

6.8CVSS0.00411EPSS
Exploits1References3
Snyk
Snyk
added 2026/03/18 8:10 p.m.3 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal through the IsSensitivePathp string bool path check in kernel/util/path.go. An attacker can copy and then read files outside the workspace, including data under /opt, /usr, and others, by abusing the globalCopyFiles...

6.9CVSS6.9AI score0.00489EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2026/03/18 8:10 p.m.10 views

SiYuan has an Incomplete Fix for IsSensitivePath Denylist Allows File Read from /opt, /usr, /home (GHSA-h5vh-m7fg-w5h6 Bypass)

Summary The IsSensitivePath function in kernel/util/path.go uses a denylist approach that was recently expanded GHSA-h5vh-m7fg-w5h6, commit 9914fd1 but remains incomplete. Multiple security-relevant Linux directories are not blocked, including /opt application data, /usr local configs/binaries,...

6.8CVSS5.9AI score0.00489EPSS
Exploits1References3Affected Software1
Snyk
Snyk
added 2026/03/16 6:46 p.m.6 views

Incomplete List of Disallowed Inputs

Overview Affected versions of this package are vulnerable to Incomplete List of Disallowed Inputs through the globalCopyFiles file-copy process and IsSensitivePath path filter in the kernel file handling components. An attacker can exfiltrate readable sensitive files, including environment...

8.2CVSS5.8AI score0.00411EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2026/03/16 6:46 p.m.9 views

SiYuan globalCopyFiles: incomplete sensitive path blocklist allows reading /proc and Docker secrets

Summary POST /api/file/globalCopyFiles reads source files using filepath.Abs with no workspace boundary check, relying solely on util.IsSensitivePath whose blocklist omits /proc/, /run/secrets/, and home directory dotfiles. An admin can copy /proc/1/environ or Docker secrets into the workspace an...

6.8CVSS5.9AI score0.00411EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2026/03/16 6:46 p.m.5 views

GHSA-H5VH-M7FG-W5H6 SiYuan globalCopyFiles: incomplete sensitive path blocklist allows reading /proc and Docker secrets

Summary POST /api/file/globalCopyFiles reads source files using filepath.Abs with no workspace boundary check, relying solely on util.IsSensitivePath whose blocklist omits /proc/, /run/secrets/, and home directory dotfiles. An admin can copy /proc/1/environ or Docker secrets into the workspace an...

6.8CVSS5.9AI score0.00411EPSS
Exploits1References5
SUSE CVE
SUSE CVE
added 2026/02/07 12:24 a.m.5 views

SUSE CVE-2026-25059

OpenList Frontend is a UI component for OpenList. Prior to 4.1.10, the application contains path traversal vulnerability in multiple file operation handlers in server/handles/fsmanage.go. Filename components in req.Names are directly concatenated with validated directories using stdpath.Join. Thi...

8.8CVSS5.5AI score0.00598EPSS
Exploits1References3
OSV
OSV
added 2026/02/04 6:52 p.m.5 views

GHSA-X4Q4-7PHH-42J9 Alist vulnerable to Path Traversal in multiple file operation handlers

Summary The application contains a Path Traversal vulnerability CWE-22 in multiple file operation handlers. An authenticated attacker can bypass directory-level authorisation by injecting traversal sequences into filename components, enabling unauthorised file removal, movement and copying across...

8.8CVSS5.6AI score0.00721EPSS
Exploits1References6
Snyk
Snyk
added 2026/01/21 1:1 a.m.4 views

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read via the globalCopyFiles function. An attacker can access sensitive files outside the intended directory by supplying arbitrary file paths to the API endpoint. Remediation Upgrade github.com/siyuan-note/siyuan/kernel/a...

8.3CVSS5.7AI score0.00436EPSS
Exploits1References2
Snyk
Snyk
added 2026/01/21 1:1 a.m.2 views

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read via the globalCopyFiles function. An attacker can access sensitive files outside the intended directory by supplying arbitrary file paths to the API endpoint. Remediation Upgrade...

8.3CVSS5.7AI score0.00436EPSS
Exploits1References2
OSV
OSV
added 2026/01/21 1:1 a.m.8 views

GHSA-94C7-G2FJ-7682 SiYuan Vulnerable to Arbitrary File Read via File Copy Functionality

Summary The SiYuan Note application v3.5.3 contains a logic vulnerability in the /api/file/globalCopyFiles endpoint. The function allows authenticated users to copy files from any location on the server's filesystem into the application's workspace without proper path validation Details The...

8.3CVSS6AI score0.00436EPSS
Exploits1References6
Cvelist
Cvelist
added 2026/01/19 7:57 p.m.19 views

CVE-2026-23851 SiYuan Vulnerable to Arbitrary File Read via File Copy Functionality

SiYuan is a personal knowledge management system. Versions prior to 3.5.4 contain a logic vulnerability in the /api/file/globalCopyFiles endpoint. The function allows authenticated users to copy files from any location on the server's filesystem into the application's workspace without proper pat...

8.3CVSS0.00436EPSS
Exploits1References4
Rows per page
Query Builder