CVE-2026-23851

SiYuan is a personal knowledge management system. Versions prior to 3.5.4 contain a logic vulnerability in the /api/file/globalCopyFiles endpoint. The function allows authenticated users to copy files from any location on the server's filesystem into the application's workspace without proper pat...

CVE-2026-23851 SiYuan Vulnerable to Arbitrary File Read via File Copy Functionality

SiYuan is a personal knowledge management system. Versions prior to 3.5.4 contain a logic vulnerability in the /api/file/globalCopyFiles endpoint. The function allows authenticated users to copy files from any location on the server's filesystem into the application's workspace without proper pat...

CVE-2026-23851 SiYuan Vulnerable to Arbitrary File Read via File Copy Functionality

SiYuan is a personal knowledge management system. Versions prior to 3.5.4 contain a logic vulnerability in the /api/file/globalCopyFiles endpoint. The function allows authenticated users to copy files from any location on the server's filesystem into the application's workspace without proper pat...

CVE-2026-23851

SiYuan Note (v3.5.3–pre-3.5.4) contains a logic flaw in /api/file/globalCopyFiles that lets authenticated users copy files from arbitrary locations on the server filesystem into the app workspace due to missing validation of source paths against the workspace boundary. The vulnerability exists in...

PT-2026-3497

Name of the Vulnerable Software and Affected Versions SiYuan versions prior to 3.5.4 Description SiYuan is a personal knowledge management system with a logic issue in the /api/file/globalCopyFiles API endpoint. The issue allows authenticated users to copy files from any location on the server’s...

ROS-20260119-7340

A vulnerability in the security/safesetid/securityfs.c component of the Linux kernel is related to buffer copying without input validation. Exploitation of the vulnerability could allow an attacker to cause a denial of service...

CVE-2025-15079

When doing SSH-based transfers using either SCP or SFTP, and setting the knownhosts file, libcurl could still mistakenly accept connecting to hosts not present in the specified file if they were added as recognized in the libssh global knownhosts file...

SUSE CVE-2025-71123

In the Linux kernel, the following vulnerability has been resolved: ext4: fix string copying in parseapplysbmountoptions strscpypad can't be used to copy a non-NUL-term string into a NUL-term string of possibly bigger size. Commit 0efc5990bca5 "string.h: Introduce memtostr and memtostrpad" provid...

MiracleLinux 7 : ocaml-4.01.0-22.7.el7 (AXSA:2016-530:01)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2016-530:01 advisory. Security issues fixed with this release: CVE-2015-8869 OCamel before 4.03.0 does not properly handle sign extensions, which allows remote attackers to conduct...

RockyLinux 8 : firefox (RLSA-2026:0667)

The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:0667 advisory. firefox: Spoofing issue in the Downloads Panel component CVE-2025-14327 firefox: Use-after-free in the JavaScript: GC component CVE-2026-0885 firefox:...

MiracleLinux 3 : gnome-vfs2-2.16.2-10.AXS3 (AXSA:2013-42:01)

The remote MiracleLinux 3 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2013-42:01 advisory. GNOME VFS is the GNOME virtual file system. It is the foundation of the Nautilus file manager. It provides a modular architecture and ships with several module...

MiracleLinux 4 : samba4-4.0.0-67.AXS4.rc4 (AXSA:2016-012:01)

The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2016-012:01 advisory. Samba is the standard Windows interoperability suite of programs for Linux and Unix. Security issues fixed with this release: CVE-2015-3223 The...

MiracleLinux 7 : samba-4.2.3-11.el7 (AXSA:2016-023:01)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2016-023:01 advisory. Samba is the standard Windows interoperability suite of programs for Linux and Unix. Security issues fixed with this release: CVE-2015-3223 The...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-003977)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003977 advisory. A memory leak in the rpmsgeptdevwriteiter function in drivers/rpmsg/rpmsgchar.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service memo...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-003901)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003901 advisory. A memory leak in the cryptoreportstat function in drivers/virt/vboxguest/vboxguestutils.c in the Linux kernel before 5.3.9 allows attackers to cause a denial of...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-001239)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001239 advisory. An issue was discovered in the Linux kernel through 4.17.2. vbgmiscdeviceioctl in drivers/virt/vboxguest/vboxguestlinux.c reads the same user data twice with...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-003829)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003829 advisory. A memory leak in the bnxtrecreatesrq function in drivers/infiniband/hw/bnxtre/ibverbs.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003969)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003969 advisory. A use after free in the Linux kernel File System notify functionality was found in the way user triggers copyinforecordstouser call to fail in copyeventtouser. A loc...

MiracleLinux 4 : samba-3.6.23-24.AXS4 (AXSA:2016-013:01)

The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2016-013:01 advisory. Samba is the suite of programs by which a lot of PC-related machines share files, printers, and other information such as lists of available files an...

Important: Red Hat Security Advisory: firefox security update

An update for firefox is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...