2 matches found
GO-2026-5229 SiYuan: Publish Reader Can Arbitrarily Delete Attribute View Files via `/api/av/removeUnusedAttributeView` in github.com/siyuan-note/siyuan/kernel
SiYuan: Publish Reader Can Arbitrarily Delete Attribute View Files via /api/av/removeUnusedAttributeView in github.com/siyuan-note/siyuan/kernel...
PT-2026-32054
Name of the Vulnerable Software and Affected Versions SiYuan versions 3.x through 3.6.3 Description An issue exists where the '/api/av/removeUnusedAttributeView' endpoint is protected only by generic authentication that accepts publish-service RoleReader tokens. The handler passes a...