SiYuan: Path Traversal via Double URL Encoding in `/export/` Endpoint (Incomplete Fix Bypass for CVE-2026-30869)

Summary The fix for CVE-2026-30869 in SiYuan v3.5.10 only added a denylist check IsSensitivePath but did not address the root cause — a redundant url.PathUnescape call in serveExport. An authenticated attacker can use double URL encoding %252e%252e to traverse directories and read arbitrary...

EUVD-2017-16854

Malware in sbrugna...

CVE-2017-7879

SQL Injection vulnerability in flatCore version 1.4.6 allows an attacker to read the content database...

Description of the security update for SharePoint Server Subscription Edition Language Pack: December 14, 2021 (KB5002047)

Description of the security update for SharePoint Server Subscription Edition Language Pack: December 14, 2021 KB5002047 Summary This security update resolves a Microsoft SharePoint Server remote code execution vulnerability. To learn more about the vulnerability, see Microsoft Common...

[ASA-201908-2] python-django: multiple issues

Arch Linux Security Advisory ASA-201908-2 ========================================= Severity: Medium Date : 2019-08-05 CVE-ID : CVE-2019-14232 CVE-2019-14233 CVE-2019-14234 CVE-2019-14235 Package : python-django Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-1015...

CVE-2017-7879

SQL Injection vulnerability in flatCore version 1.4.6 allows an attacker to read the content database...

Lady Gaga website hacked and fans details stolen by Hackers

Lady Gaga website hacked and fans details stolen by Hackers Lady Gaga has called in police after thousands of her fans personal details were stolen from her website. Her record label Univeral acted after the site was hacked into by US cyber attackers SwagSec. A source said: "She's upset and hopes...

CVE-2001-0418

content.pl script in NCM Content Management System allows remote attackers to read arbitrary contents of the content database by inserting SQL characters into the id parameter...

Security update 1970-01-01

...