Lucene search
K

169 matches found

Cvelist
Cvelist
added 2026/04/01 1:40 a.m.32 views

CVE-2026-3776 Null pointer dereference in Foxit PDF Editor/Reader when accessing stamp annotation

The application does not validate the presence of required appearance AP data before accessing stamp annotation resources. When a PDF contains a stamp annotation missing its AP entry, the code continues to dereference the associated object without a prior null or validity check, which allows a...

5.5CVSS0.00103EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/01 1:40 a.m.3 views

CVE-2026-3776

The application does not validate the presence of required appearance AP data before accessing stamp annotation resources. When a PDF contains a stamp annotation missing its AP entry, the code continues to dereference the associated object without a prior null or validity check, which allows a...

5.5CVSS5.9AI score0.00103EPSS
Exploits0References2Affected Software2
Positive Technologies
Positive Technologies
added 2026/04/01 12:0 a.m.6 views

PT-2026-29436

The application does not validate the presence of required appearance AP data before accessing stamp annotation resources. When a PDF contains a stamp annotation missing its AP entry, the code continues to dereference the associated object without a prior null or validity check, which allows a...

5.5CVSS5.9AI score0.00103EPSS
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/03/30 4:6 p.m.7 views

Malicious code in dremel (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 27df3a2ebf6e129a3e640d55b9dd03b5f21cef1694cd6ccdae97e456f098ce2c Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

6AI score
Exploits0References1
SUSE CVE
SUSE CVE
added 2026/03/28 12:25 a.m.6 views

SUSE CVE-2026-33476

SiYuan is a personal knowledge management system. Prior to version 3.6.2, the Siyuan kernel exposes an unauthenticated file-serving endpoint under /appearance/filepath. Due to improper path sanitization, attackers can perform directory traversal and read arbitrary files accessible to the server...

7.5CVSS6AI score0.03256EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2026/03/26 3:0 p.m.4 views

CVE-2026-33476

SiYuan is a personal knowledge management system. Prior to version 3.6.2, the Siyuan kernel exposes an unauthenticated file-serving endpoint under /appearance/filepath. Due to improper path sanitization, attackers can perform directory traversal and read arbitrary files accessible to the server...

7.5CVSS5.9AI score0.03256EPSS
Exploits1References1
Circl
Circl
added 2026/03/24 1:4 p.m.4 views

CVE-2019-25627

creationtimestamp| type| source ---|---|--- 2026-03-24 13:04:08+00:00| seen| https://bsky.app/profile/postac001.bsky.social/post/3mhsn6qacuy2p...

8.6CVSS5.8AI score0.00257EPSS
Exploits1References1
NVD
NVD
added 2026/03/20 11:16 p.m.4 views

CVE-2026-33476

SiYuan is a personal knowledge management system. Prior to version 3.6.2, the Siyuan kernel exposes an unauthenticated file-serving endpoint under /appearance/filepath. Due to improper path sanitization, attackers can perform directory traversal and read arbitrary files accessible to the server...

7.5CVSS0.03256EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/03/20 10:34 p.m.2 views

CVE-2026-33476

SiYuan is a personal knowledge management system. Prior to version 3.6.2, the Siyuan kernel exposes an unauthenticated file-serving endpoint under /appearance/filepath. Due to improper path sanitization, attackers can perform directory traversal and read arbitrary files accessible to the server...

7.5CVSS5.8AI score0.03256EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/20 10:34 p.m.4 views

CVE-2026-33476 SiYuan has an Unauthenticated Arbitrary File Read via Path Traversal

SiYuan is a personal knowledge management system. Prior to version 3.6.2, the Siyuan kernel exposes an unauthenticated file-serving endpoint under /appearance/filepath. Due to improper path sanitization, attackers can perform directory traversal and read arbitrary files accessible to the server...

7.5CVSS5.8AI score0.03256EPSS
Exploits1References2
OSV
OSV
added 2026/03/20 10:34 p.m.4 views

CVE-2026-33476 SiYuan has an Unauthenticated Arbitrary File Read via Path Traversal

SiYuan is a personal knowledge management system. Prior to version 3.6.2, the Siyuan kernel exposes an unauthenticated file-serving endpoint under /appearance/filepath. Due to improper path sanitization, attackers can perform directory traversal and read arbitrary files accessible to the server...

7.5CVSS6.4AI score0.03256EPSS
Exploits1References4
CVE
CVE
added 2026/03/20 10:34 p.m.23 views

CVE-2026-33476

SiYuan kernel has an unauthenticated file-serving endpoint at /appearance/*filepath prior to version 3.6.2. Due to improper path sanitization, an attacker can perform directory traversal and read arbitrary files accessible to the server, bypassing authentication. Multiple sources (NVD, Red Hat ad...

7.5CVSS5.8AI score0.03256EPSS
Exploits1References2Affected Software1
Snyk
Snyk
added 2026/03/20 8:43 p.m.4 views

External Control of File Name or Path

Overview Affected versions of this package are vulnerable to External Control of File Name or Path through the /appearance/filepath file-serving handler in kernel/server/serve.go. An attacker can read arbitrary files accessible to the server process by requesting crafted ../ paths. Notes -...

8.7CVSS6.5AI score0.03256EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2026/03/20 8:43 p.m.13 views

Siyuan has an Unauthenticated Arbitrary File Read via Path Traversal

Summary The Siyuan kernel exposes an unauthenticated file-serving endpoint under /appearance/filepath. Due to improper path sanitization, attackers can perform directory traversal and read arbitrary files accessible to the server process. Authentication checks explicitly exclude this endpoint,...

7.5CVSS6AI score0.03256EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2026/03/20 8:43 p.m.4 views

GHSA-HHGJ-GG9H-RJP7 Siyuan has an Unauthenticated Arbitrary File Read via Path Traversal

Summary The Siyuan kernel exposes an unauthenticated file-serving endpoint under /appearance/filepath. Due to improper path sanitization, attackers can perform directory traversal and read arbitrary files accessible to the server process. Authentication checks explicitly exclude this endpoint,...

7.5CVSS6AI score0.03256EPSS
Exploits1References4
CNNVD
CNNVD
added 2026/03/20 12:0 a.m.9 views

SiYuan 安全漏洞

SiYuan is a privacy-oriented personal knowledge management system developed by SiYuan. Versions of SiYuan prior to 3.6.2 contained security vulnerabilities. These vulnerabilities were caused by improper handling of the /appearance/filepath endpoint, which could lead to directory traversal and...

7.5CVSS6.8AI score0.03256EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/03/20 12:0 a.m.4 views

PT-2026-26689

Summary The Siyuan kernel exposes an unauthenticated file-serving endpoint under /appearance/filepath. Due to improper path sanitization, attackers can perform directory traversal and read arbitrary files accessible to the server process. Authentication checks explicitly exclude this endpoint,...

7.5CVSS6AI score0.03256EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2026/03/16 12:0 a.m.6 views

PT-2026-25651

An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds read, potentially leading to the disclosure of sensitive information...

7.1CVSS5.8AI score0.00268EPSS
Exploits1References6
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/02/10 10:28 p.m.9 views

Malicious code in gpu-discovery (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 ea1fffa4a4969c85232301df3c8d107642ac143fbf51600d166cfd2f8d536e10 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

5.8AI score
Exploits0References1
OSV
OSV
added 2026/02/02 8:29 p.m.20 views

CVE-2026-24737 jsPDF has a PDF Injection in AcroFormChoiceField which allows Arbitrary JavaScript Execution

jsPDF is a library to generate PDFs in JavaScript. Prior to 4.1.0, user control of properties and methods of the Acroform module allows users to inject arbitrary PDF objects, such as JavaScript actions. If given the possibility to pass unsanitized input to one of the following methods or...

8.1CVSS5.5AI score0.00532EPSS
Exploits1References10
Rows per page
Query Builder