44 matches found
CMS Made Simple(CMSMS) 路径遍历漏洞
CMS Made Simple CMSMS is an open-source content management system developed by the Cmsms team. This system supports role-based permission management, wizard-based installation and update mechanisms, and intelligent caching features. Version 2.2.22 and earlier of CMS Made Simple contained a path...
PT-2026-29288
A vulnerability was found in CMS Made Simple up to 2.2.22. This impacts the function copyFilesToFolder in the library modules/UserGuide/lib/class.UserGuideImporterExporter.php of the component UserGuide Module XML Import. The manipulation results in path traversal. It is possible to launch the...
CVE-2026-33194
SiYuan CVE-2026-33194 affects versions prior to 3.6.2. The vulnerability stems from an incomplete denylist in the IsSensitivePath() function (kernel/util/path.go) which was expanded but still does not block several Linux directories such as /opt, /usr, /home, /mnt, and /media. The affected endpoi...
CVE-2026-32747
SiYuan is a personal knowledge management system. In versions 3.6.0 and below, the globalCopyFiles API eads source files using filepath.Abs with no workspace boundary check, relying solely on util.IsSensitivePath whose blocklist omits /proc/, /run/secrets/, and home directory dotfiles. An admin c...
SiYuan has an Incomplete Fix for IsSensitivePath Denylist Allows File Read from /opt, /usr, /home (GHSA-h5vh-m7fg-w5h6 Bypass)
Summary The IsSensitivePath function in kernel/util/path.go uses a denylist approach that was recently expanded GHSA-h5vh-m7fg-w5h6, commit 9914fd1 but remains incomplete. Multiple security-relevant Linux directories are not blocked, including /opt application data, /usr local configs/binaries,...
Directory Traversal
Overview Affected versions of this package are vulnerable to Directory Traversal through the IsSensitivePathp string bool path check in kernel/util/path.go. An attacker can copy and then read files outside the workspace, including data under /opt, /usr, and others, by abusing the globalCopyFiles...
SiYuan globalCopyFiles: incomplete sensitive path blocklist allows reading /proc and Docker secrets
Summary POST /api/file/globalCopyFiles reads source files using filepath.Abs with no workspace boundary check, relying solely on util.IsSensitivePath whose blocklist omits /proc/, /run/secrets/, and home directory dotfiles. An admin can copy /proc/1/environ or Docker secrets into the workspace an...
GHSA-H5VH-M7FG-W5H6 SiYuan globalCopyFiles: incomplete sensitive path blocklist allows reading /proc and Docker secrets
Summary POST /api/file/globalCopyFiles reads source files using filepath.Abs with no workspace boundary check, relying solely on util.IsSensitivePath whose blocklist omits /proc/, /run/secrets/, and home directory dotfiles. An admin can copy /proc/1/environ or Docker secrets into the workspace an...
Incomplete List of Disallowed Inputs
Overview Affected versions of this package are vulnerable to Incomplete List of Disallowed Inputs through the globalCopyFiles file-copy process and IsSensitivePath path filter in the kernel file handling components. An attacker can exfiltrate readable sensitive files, including environment...
SUSE CVE-2026-25059
OpenList Frontend is a UI component for OpenList. Prior to 4.1.10, the application contains path traversal vulnerability in multiple file operation handlers in server/handles/fsmanage.go. Filename components in req.Names are directly concatenated with validated directories using stdpath.Join. Thi...
GHSA-X4Q4-7PHH-42J9 Alist vulnerable to Path Traversal in multiple file operation handlers
Summary The application contains a Path Traversal vulnerability CWE-22 in multiple file operation handlers. An authenticated attacker can bypass directory-level authorisation by injecting traversal sequences into filename components, enabling unauthorised file removal, movement and copying across...
GHSA-94C7-G2FJ-7682 SiYuan Vulnerable to Arbitrary File Read via File Copy Functionality
Summary The SiYuan Note application v3.5.3 contains a logic vulnerability in the /api/file/globalCopyFiles endpoint. The function allows authenticated users to copy files from any location on the server's filesystem into the application's workspace without proper path validation Details The...
Out-of-bounds Read
Overview Affected versions of this package are vulnerable to Out-of-bounds Read via the globalCopyFiles function. An attacker can access sensitive files outside the intended directory by supplying arbitrary file paths to the API endpoint. Remediation Upgrade github.com/siyuan-note/siyuan/kernel/a...
Out-of-bounds Read
Overview Affected versions of this package are vulnerable to Out-of-bounds Read via the globalCopyFiles function. An attacker can access sensitive files outside the intended directory by supplying arbitrary file paths to the API endpoint. Remediation Upgrade...
CVE-2026-23851 SiYuan Vulnerable to Arbitrary File Read via File Copy Functionality
SiYuan is a personal knowledge management system. Versions prior to 3.5.4 contain a logic vulnerability in the /api/file/globalCopyFiles endpoint. The function allows authenticated users to copy files from any location on the server's filesystem into the application's workspace without proper pat...
CVE-2026-23851
SiYuan Note (v3.5.3–pre-3.5.4) contains a logic flaw in /api/file/globalCopyFiles that lets authenticated users copy files from arbitrary locations on the server filesystem into the app workspace due to missing validation of source paths against the workspace boundary. The vulnerability exists in...
PT-2026-3497
Name of the Vulnerable Software and Affected Versions SiYuan versions prior to 3.5.4 Description SiYuan is a personal knowledge management system with a logic issue in the /api/file/globalCopyFiles API endpoint. The issue allows authenticated users to copy files from any location on the server’s...
EUVD-2023-33849
Malicious code in bioql PyPI...
CVE-2025-10015
The Sparkle framework includes an XPC service Downloader.xpc, by default this service is private to the application its bundled with. A local unprivileged attacker can register this XPC service globally which will inherit TCC permissions of the application. Lack of validation of connecting client...
CVE-2023-28465
The package-decompression feature in HL7 Health Level 7 FHIR Core Libraries before 5.6.106 allows attackers to copy arbitrary files to certain directories via directory traversal, if an allowed directory name is a substring of the directory name chosen by the attacker. NOTE: this issue exists...