CVE-2026-33669 SiYuan has Arbitrary Document Reading within the Publishing Service

SiYuan is a personal knowledge management system. Prior to version 3.6.2, document IDs were retrieved via the /api/file/readDir interface, and then the /api/block/getChildBlocks interface was used to view the content of all documents. Version 3.6.2 patches the issue...

CVE-2026-33669 SiYuan has Arbitrary Document Reading within the Publishing Service

SiYuan is a personal knowledge management system. Prior to version 3.6.2, document IDs were retrieved via the /api/file/readDir interface, and then the /api/block/getChildBlocks interface was used to view the content of all documents. Version 3.6.2 patches the issue...

CVE-2026-33669 SiYuan has Arbitrary Document Reading within the Publishing Service

SiYuan is a personal knowledge management system. Prior to version 3.6.2, document IDs were retrieved via the /api/file/readDir interface, and then the /api/block/getChildBlocks interface was used to view the content of all documents. Version 3.6.2 patches the issue...

GO-2026-4842 SiYuan has Arbitrary Document Reading within the Publishing Service in github.com/siyuan-note/siyuan/kernel

SiYuan has Arbitrary Document Reading within the Publishing Service in github.com/siyuan-note/siyuan/kernel...

GHSA-XMW9-6R43-X9WW SiYuan has directory traversal within its publishing service

Details The /api/file/readDir interface was used to traverse and retrieve the file names of all documents under a notebook. PoC python !/usr/bin/env python3 """POC: SiYuan /api/file/readDir 未鉴权目录遍历""" import requests, json, sys def poctarget: base = target.rstrip"/" url = f"base/api/file/readDir"...

GHSA-34XJ-66V3-6J83 SiYuan has Arbitrary Document Reading within the Publishing Service

Details Document IDs were retrieved via the /api/file/readDir interface, and then the /api/block/getChildBlocks interface was used to view the content of all documents. PoC python !/usr/bin/env python3 """SiYuan /api/block/getChildBlocks 文档内容读取""" import requests import json import sys def...

SiYuan has Arbitrary Document Reading within the Publishing Service

Details Document IDs were retrieved via the /api/file/readDir interface, and then the /api/block/getChildBlocks interface was used to view the content of all documents. PoC python !/usr/bin/env python3 """SiYuan /api/block/getChildBlocks 文档内容读取""" import requests import json import sys def...

Adobe Acrobat Reader XML External Entity Injection Vulnerability

Adobe Acrobat Reader is a PDF viewer from the American company Audobee Adobe. The software is used to print, sign and annotate PDF. Adobe Acrobat Reader has an XML External Entity Injection vulnerability that originates from a network system or product that is not set up with the correct filters ...

Adobe Acrobat Reader 代码问题漏洞

Adobe Acrobat Reader is a PDF viewer from the American company Audobee Adobe. The software is used to print, sign and annotate PDF. Adobe Acrobat Reader has an XML External Entity Injection vulnerability that originates from a network system or product that is not set up with the correct filters ...

Adobe Acrobat and Adobe Reader Resource Management Error Vulnerability (CNVD-2022-56089)

Adobe Acrobat and Adobe Reader are the United States of America Odo than Adobe company's products. Adobe Acrobat is a set of PDF file editing and conversion tools. Adobe Reader is a set of PDF document reading software. Adobe Acrobat and Adobe Reader there are resource management error...

Multiple Adobe Products Uninitialized Pointer Access Vulnerabilities (CNVD-2022-87167)

Adobe Acrobat is a set of PDF file editing and conversion tools. Adobe Reader is a set of PDF document reading software. A number of Adobe products exist uninitialized pointer access vulnerability, the vulnerability arises from the existence of a post-release reuse error when processing PDF files...

CVE-2000-0884

IIS 4.0 and 5.0 allows remote attackers to read documents outside of the web root, and possibly execute arbitrary commands, via malformed URLs that contain UNICODE encoded characters, aka the "Web Server Folder Traversal" vulnerability...

ie50.xml.txt

Disclaimer: The opinions expressed in this advisory and program are my own and not of any company. The usual standard disclaimer applies, especially the fact that Georgi Guninski is not liable for any damages caused by direct or indirect use of the information or functionality provided by this...