MiracleLinux 8 : firefox-102.6.0-1.el8.ML.1 (AXSA:2023-4679:02)

The remote MiracleLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2023-4679:02 advisory. Mozilla: Arbitrary file read from a compromised content process CVE-2022-46872 Mozilla: Memory safety bugs fixed in Firefox ESR 102.6 and Thunderbir...

MiracleLinux 9 : librsvg2-2.50.7-1.el9.1 (AXSA:2023-6396:01)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2023-6396:01 advisory. librsvg: Arbitrary file read when xinclude href has special characters CVE-2023-38633 Tenable has extracted the preceding description block directly from the...

MiracleLinux 7 : tomcat-7.0.76-11.el7 (AXSA:2020-4508:01)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2020-4508:01 advisory. tomcat: Apache Tomcat AJP File Read/Inclusion Vulnerability CVE-2020-1938 Tenable has extracted the preceding description block directly from the MiracleLinu...

MiracleLinux 8 : firefox-102.7.0-1.el8.ML.1 (AXSA:2023-4857:04)

The remote MiracleLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2023-4857:04 advisory. Mozilla: libusrsctp library out of date CVE-2022-46871 Mozilla: Arbitrary file read from GTK drag and drop on Linux CVE-2023-23598 Mozilla: Memory...

CVE-2026-22218 Chainlit < 2.9.4 Arbitrary File Read via /project/element

Chainlit versions prior to 2.9.4 contain an arbitrary file read vulnerability in the /project/element update flow. An authenticated client can send a custom Element with a user-controlled path value, causing the server to copy the referenced file into the attacker’s session. The resulting element...

CVE-2026-22218 Chainlit < 2.9.4 Arbitrary File Read via /project/element

Chainlit versions prior to 2.9.4 contain an arbitrary file read vulnerability in the /project/element update flow. An authenticated client can send a custom Element with a user-controlled path value, causing the server to copy the referenced file into the attacker’s session. The resulting element...

CVE-2026-22218

Chainlit versions prior to 2.9.4 contain an arbitrary file read vulnerability in the /project/element update flow. An authenticated client can send a custom Element with a user-controlled path value, causing the server to copy the referenced file into the attacker’s session. The resulting element...

CVE-2026-22218

Chainlit CVE-2026-22218 affects versions prior to 2.9.4 and is an arbitrary file read in the /project/element update flow. An authenticated client can submit a user-controlled path in a custom Element, causing the server to copy that file into the attacker’s session. The attacker can then retriev...

CVE-2026-23850

SiYuan is a personal knowledge management system. In versions prior to 3.5.4, the markdown feature allows unrestricted server side html-rendering which allows arbitrary file read LFD. Version 3.5.4 fixes the issue...

CVE-2026-23851 SiYuan Vulnerable to Arbitrary File Read via File Copy Functionality

SiYuan is a personal knowledge management system. Versions prior to 3.5.4 contain a logic vulnerability in the /api/file/globalCopyFiles endpoint. The function allows authenticated users to copy files from any location on the server's filesystem into the application's workspace without proper pat...

CVE-2026-23851 SiYuan Vulnerable to Arbitrary File Read via File Copy Functionality

SiYuan is a personal knowledge management system. Versions prior to 3.5.4 contain a logic vulnerability in the /api/file/globalCopyFiles endpoint. The function allows authenticated users to copy files from any location on the server's filesystem into the application's workspace without proper pat...

CVE-2026-23851 SiYuan Vulnerable to Arbitrary File Read via File Copy Functionality

SiYuan is a personal knowledge management system. Versions prior to 3.5.4 contain a logic vulnerability in the /api/file/globalCopyFiles endpoint. The function allows authenticated users to copy files from any location on the server's filesystem into the application's workspace without proper pat...

CVE-2026-23850

SiYuan vulnerable to SSRF/LFD via createDocWithMd: unsanitized markdown can reach local files or internal resources. Affected versions prior to 3.5.4; fix is 3.5.4+. Public sources (OSV, GHSA, Snyk, Red Hat) describe SSRF through markdown handling in kernel/model/file.go and kernel/api/filetree.g...

CVE-2026-23850 SiYuan vulnerable to arbitrary file read

SiYuan is a personal knowledge management system. In versions prior to 3.5.4, the markdown feature allows unrestricted server side html-rendering which allows arbitrary file read LFD. Version 3.5.4 fixes the issue...

CVE-2026-23850

SiYuan is a personal knowledge management system. In versions prior to 3.5.4, the markdown feature allows unrestricted server side html-rendering which allows arbitrary file read LFD. Version 3.5.4 fixes the issue...

CVE-2026-23850 SiYuan vulnerable to arbitrary file read

SiYuan is a personal knowledge management system. In versions prior to 3.5.4, the markdown feature allows unrestricted server side html-rendering which allows arbitrary file read LFD. Version 3.5.4 fixes the issue...

CVE-2026-23850 SiYuan vulnerable to arbitrary file read

SiYuan is a personal knowledge management system. In versions prior to 3.5.4, the markdown feature allows unrestricted server side html-rendering which allows arbitrary file read LFD. Version 3.5.4 fixes the issue...

GHSA-C399-Q49H-QWC8 Apache Linkis: Arbitrary File Read via Double URL Encoding Bypass

A vulnerability in Apache Linkis. Problem Description When using the JDBC engine and data source functionality, if the URL parameter configured on the frontend has undergone multiple rounds of URL encoding, it may bypass the system's checks. This bypass can trigger a vulnerability that allows...

CVE-2025-29847

CVE-2025-29847 (Apache Linkis) : A vulnerability in Apache Linkis where, when using the JDBC engine and data source, multiple URL-encoded parameters on the frontend can bypass checks and allow unauthorized access to system files via JDBC parameters. Affected versions: 1.3.0–1.7.0. Impact: potenti...

CVE-2025-29847 Apache Linkis: Arbitrary File Read via Double URL Encoding Bypass

A vulnerability in Apache Linkis. Problem Description When using the JDBC engine and da When using the JDBC engine and data source functionality, if the URL parameter configured on the frontend has undergone multiple rounds of URL encoding, it may bypass the system's checks. This bypass can trigg...