CVE-2026-23851 SiYuan Vulnerable to Arbitrary File Read via File Copy Functionality

SiYuan is a personal knowledge management system. Versions prior to 3.5.4 contain a logic vulnerability in the /api/file/globalCopyFiles endpoint. The function allows authenticated users to copy files from any location on the server's filesystem into the application's workspace without proper pat...

CVE-2025-67643

Jenkins Redpen - Pipeline Reporter for Jira Plugin 1.054.v7b9517b6b202 and earlier does not correctly perform path validation of the workspace directory while uploading artifacts to Jira, allowing attackers with Item/Configure permission to retrieve files present on the Jenkins controller workspa...

EUVD-2025-202451

Jenkins Redpen - Pipeline Reporter for Jira Plugin has a path traversal vulnerability...

CVE-2025-67643

Jenkins Redpen - Pipeline Reporter for Jira Plugin 1.054.v7b9517b6b202 and earlier does not correctly perform path validation of the workspace directory while uploading artifacts to Jira, allowing attackers with Item/Configure permission to retrieve files present on the Jenkins controller workspa...

Jenkins Redpen - Pipeline Reporter for Jira Plugin 安全漏洞

Jenkins Redpen - Pipeline Reporter for Jira Plugin is an open source plugin for Jenkins. A security vulnerability exists in Jenkins Redpen - Pipeline Reporter for Jira Plugin 1.054.v7b9517b6b202 and prior versions, which stems from failure to properly validate workspace directory paths, which cou...

CVE-2023-39459

Triangle MicroWorks SCADA Data Gateway Directory Traversal Arbitrary File Creation Vulnerability. This vulnerability allows remote attackers to create arbitrary files on affected installations of Triangle MicroWorks SCADA Data Gateway. User interaction is required to exploit this vulnerability in...

PT-2023-4408 · Triangle Microworks · Scada Data Gateway

Name of the Vulnerable Software and Affected Versions: Triangle MicroWorks SCADA Data Gateway affected versions not specified Description: This issue allows remote attackers to create arbitrary files on affected installations. User interaction is required, where the target must visit a malicious...