CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

12 matches found

SUSE CVE•added 2026/03/28 12:25 a.m.•4 views

SUSE CVE-2026-33194

SiYuan is a personal knowledge management system. Prior to version 3.6.2, the IsSensitivePath function in kernel/util/path.go uses a denylist approach that was recently expanded GHSA-h5vh-m7fg-w5h6, commit 9914fd1 but remains incomplete. Multiple security-relevant Linux directories are not blocke...

6.8CVSS5.9AI score0.00489EPSS

Exploits1References3

RedhatCVE•added 2026/03/26 3:9 p.m.•5 views

CVE-2026-33194

6.8CVSS5.8AI score0.00489EPSS

Exploits1References1

OSV•added 2026/03/23 6:14 p.m.•4 views

GO-2026-4766 SiYuan has an Incomplete Fix for IsSensitivePath Denylist Allows File Read from /opt, /usr, /home (GHSA-h5vh-m7fg-w5h6 Bypass) in github.com/siyuan-note/siyuan/kernel

SiYuan has an Incomplete Fix for IsSensitivePath Denylist Allows File Read from /opt, /usr, /home GHSA-h5vh-m7fg-w5h6 Bypass in github.com/siyuan-note/siyuan/kernel. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module...

6.8CVSS5.8AI score0.00489EPSS

Exploits1References1

NVD•added 2026/03/20 11:16 p.m.•4 views

CVE-2026-33194

6.8CVSS0.00489EPSS

Exploits1References1

CVE•added 2026/03/20 10:30 p.m.•14 views

CVE-2026-33194

SiYuan CVE-2026-33194 affects versions prior to 3.6.2. The vulnerability stems from an incomplete denylist in the IsSensitivePath() function (kernel/util/path.go) which was expanded but still does not block several Linux directories such as /opt, /usr, /home, /mnt, and /media. The affected endpoi...

6.8CVSS5.8AI score0.00489EPSS

Exploits1References1Affected Software1

Vulnrichment•added 2026/03/20 10:30 p.m.•0 views

CVE-2026-33194 SiYuan has an Incomplete Fix for IsSensitivePath Denylist Allows File Read from /opt, /usr, /home

6.8CVSS5.8AI score0.00489EPSS

Exploits1References1

Cvelist•added 2026/03/20 10:30 p.m.•21 views

CVE-2026-33194 SiYuan has an Incomplete Fix for IsSensitivePath Denylist Allows File Read from /opt, /usr, /home

6.8CVSS0.00489EPSS

Exploits1References1

CNNVD•added 2026/03/20 12:0 a.m.•5 views

SiYuan 路径遍历漏洞

SiYuan is a privacy-oriented personal knowledge management system developed by SiYuan OpenSource. Versions of SiYuan prior to 3.6.2 contained a path traversal vulnerability. This vulnerability stemmed from the IsSensitivePath function using an incomplete denial list method, which could allow the...

6.8CVSS6.4AI score0.00489EPSS

Exploits1References1

Snyk•added 2026/03/18 8:10 p.m.•2 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal through the IsSensitivePathp string bool path check in kernel/util/path.go. An attacker can copy and then read files outside the workspace, including data under /opt, /usr, and others, by abusing the globalCopyFiles...

6.9CVSS6.9AI score0.00489EPSS

Exploits1References2

OSV•added 2026/03/18 8:10 p.m.•4 views

GHSA-VM69-H85X-8P85 SiYuan has an Incomplete Fix for IsSensitivePath Denylist Allows File Read from /opt, /usr, /home (GHSA-h5vh-m7fg-w5h6 Bypass)

Summary The IsSensitivePath function in kernel/util/path.go uses a denylist approach that was recently expanded GHSA-h5vh-m7fg-w5h6, commit 9914fd1 but remains incomplete. Multiple security-relevant Linux directories are not blocked, including /opt application data, /usr local configs/binaries,...

6.8CVSS5.9AI score0.00489EPSS

Exploits1References3