11218 matches found
CVE-2026-33476 SiYuan has an Unauthenticated Arbitrary File Read via Path Traversal
SiYuan is a personal knowledge management system. Prior to version 3.6.2, the Siyuan kernel exposes an unauthenticated file-serving endpoint under /appearance/filepath. Due to improper path sanitization, attackers can perform directory traversal and read arbitrary files accessible to the server...
CVE-2026-33476 SiYuan has an Unauthenticated Arbitrary File Read via Path Traversal
SiYuan is a personal knowledge management system. Prior to version 3.6.2, the Siyuan kernel exposes an unauthenticated file-serving endpoint under /appearance/filepath. Due to improper path sanitization, attackers can perform directory traversal and read arbitrary files accessible to the server...
CVE-2026-33476 SiYuan has an Unauthenticated Arbitrary File Read via Path Traversal
SiYuan is a personal knowledge management system. Prior to version 3.6.2, the Siyuan kernel exposes an unauthenticated file-serving endpoint under /appearance/filepath. Due to improper path sanitization, attackers can perform directory traversal and read arbitrary files accessible to the server...
CVE-2026-33476
SiYuan kernel has an unauthenticated file-serving endpoint at /appearance/*filepath prior to version 3.6.2. Due to improper path sanitization, an attacker can perform directory traversal and read arbitrary files accessible to the server, bypassing authentication. Multiple sources (NVD, Red Hat ad...
CVE-2026-33194 SiYuan has an Incomplete Fix for IsSensitivePath Denylist Allows File Read from /opt, /usr, /home
SiYuan is a personal knowledge management system. Prior to version 3.6.2, the IsSensitivePath function in kernel/util/path.go uses a denylist approach that was recently expanded GHSA-h5vh-m7fg-w5h6, commit 9914fd1 but remains incomplete. Multiple security-relevant Linux directories are not blocke...
CVE-2026-33166
Allure 2 is the version 2.x branch of Allure Report, a multi-language test reporting tool. The Allure report generator prior to version 2.38.0 is vulnerable to an arbitrary file read via path traversal when processing test results. An attacker can craft a malicious result file -result.json,...
CVE-2026-33171
Statamic is a Laravel and Git powered content management system CMS. Prior to versions 5.73.14 and 6.7.0, authenticated Control Panel users could read arbitrary .json, .yaml, and .csv files from the server by manipulating the file dictionary's filename configuration parameter in the fieldtype's...
CVE-2026-23536
A security issue was discovered in the Feast Feature Server's /read-document endpoint that allows an unauthenticated remote attacker to read any file accessible to the server process. By sending a specially crafted HTTP POST request, an attacker can bypass intended access restrictions to...
CVE-2026-23536 Feast: unauthenticated arbitrary file read
A security issue was discovered in the Feast Feature Server's /read-document endpoint that allows an unauthenticated remote attacker to read any file accessible to the server process. By sending a specially crafted HTTP POST request, an attacker can bypass intended access restrictions to...
CVE-2026-23536
The CVE-2026-23536 issue affects Feast Feature Server, specifically the /read-document endpoint, allowing an unauthenticated remote attacker to read any file accessible to the server process. The root cause is a bypass of access restrictions via a crafted HTTP POST request, enabling potential exp...
CVE-2026-23536 Feast: unauthenticated arbitrary file read
A security issue was discovered in the Feast Feature Server's /read-document endpoint that allows an unauthenticated remote attacker to read any file accessible to the server process. By sending a specially crafted HTTP POST request, an attacker can bypass intended access restrictions to...
CVE-2026-33166 Allure Report has an Arbitrary File Read via Path Traversal in Attachment Processing (Allure 1, Allure 2, and XCTest Readers)
Allure 2 is the version 2.x branch of Allure Report, a multi-language test reporting tool. The Allure report generator prior to version 2.38.0 is vulnerable to an arbitrary file read via path traversal when processing test results. An attacker can craft a malicious result file -result.json,...
CVE-2026-33166
CVE-2026-33166 (Allure Report path traversal): Allure 2.x prior to 2.38.0 is vulnerable to arbitrary file read via path traversal when processing test results. An attacker can craft a malicious result file (-result.json, -container.json, or .plist) that points an attachment source to a sensitive ...
CVE-2026-33166
Allure 2 is the version 2.x branch of Allure Report, a multi-language test reporting tool. The Allure report generator prior to version 2.38.0 is vulnerable to an arbitrary file read via path traversal when processing test results. An attacker can craft a malicious result file -result.json,...
CVE-2026-33166 Allure Report has an Arbitrary File Read via Path Traversal in Attachment Processing (Allure 1, Allure 2, and XCTest Readers)
Allure 2 is the version 2.x branch of Allure Report, a multi-language test reporting tool. The Allure report generator prior to version 2.38.0 is vulnerable to an arbitrary file read via path traversal when processing test results. An attacker can craft a malicious result file -result.json,...
CVE-2026-33166 Allure Report has an Arbitrary File Read via Path Traversal in Attachment Processing (Allure 1, Allure 2, and XCTest Readers)
Allure 2 is the version 2.x branch of Allure Report, a multi-language test reporting tool. The Allure report generator prior to version 2.38.0 is vulnerable to an arbitrary file read via path traversal when processing test results. An attacker can craft a malicious result file -result.json,...
Directory Traversal
Overview org.webjars.npm:h3 is a Minimal HTTP framework built for high performance and portability. Affected versions of this package are vulnerable to Directory Traversal via the serveStatic utility. An attacker can access arbitrary files from backend storage by sending specially crafted request...
AVideo has a Path Traversal in import.json.php Allows Private Video Theft and Arbitrary File Read/Deletion via fileURI Parameter
Summary The objects/import.json.php endpoint accepts a user-controlled fileURI POST parameter with only a regex check that the value ends in .mp4. Unlike objects/listFiles.json.php, which was hardened with a realpath + directory prefix check to restrict paths to the videos/ directory,...
EUVD-2026-13914
Siyuan has an Unauthenticated Arbitrary File Read via Path Traversal...
External Control of File Name or Path
Overview Affected versions of this package are vulnerable to External Control of File Name or Path through the /appearance/filepath file-serving handler in kernel/server/serve.go. An attacker can read arbitrary files accessible to the server process by requesting crafted ../ paths. Notes -...