Lucene search
K

26 matches found

EUVD
EUVD
added 4 days ago6 views

EUVD-2026-39122

SiYuan: Path Traversal via Double URL Encoding in /assets/path publish mode arbitrary file─read, Incomplete fix of CVE-2026-41894...

7.5CVSS6.2AI score0.01892EPSS
Exploits0References2
CVE
CVE
added 2026/06/24 9:13 p.m.16 views

CVE-2026-54066

SiYuan

7.5CVSS6AI score0.01892EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.10 views

PT-2026-52107

Name of the Vulnerable Software and Affected Versions SiYuan versions prior to 3.7.0 Description An unauthenticated remote attacker can read arbitrary files within the WorkspaceDir when the system is in publish mode, which is an anonymous read-only HTTP endpoint. This is achieved by using...

7.5CVSS6.2AI score0.01892EPSS
Exploits0References8
Vulnrichment
Vulnrichment
added 2026/04/24 6:56 p.m.4 views

CVE-2026-41894 SiYuan: Incomplete Fix Bypass for CVE-2026-30869: Path Traversal via Double URL Encoding in `/export/` Endpoint

SiYuan is an open-source personal knowledge management system. Prior to 3.6.5, the fix for CVE-2026-30869 only added a denylist check IsSensitivePath but did not address the root cause — a redundant url.PathUnescape call in serveExport. An authenticated attacker can use double URL encoding...

7.1CVSS5.6AI score0.00313EPSS
Exploits0References3
EUVD
EUVD
added 2026/04/24 6:56 p.m.20 views

EUVD-2026-25626

SiYuan is an open-source personal knowledge management system. Prior to 3.6.5, the fix for CVE-2026-30869 only added a denylist check IsSensitivePath but did not address the root cause — a redundant url.PathUnescape call in serveExport. An authenticated attacker can use double URL encoding...

9.8CVSS5.6AI score0.01028EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/04/13 12:0 a.m.5 views

CVE-2025-70936

Vtiger CRM 8.4.0 contains a reflected cross-site scripting XSS vulnerability in the MailManager module. Improper handling of user-controlled input in the folder parameter allows a specially crafted, double URL-encoded payload to be reflected and executed in the context of an authenticated user s...

5.7AI score0.00138EPSS
Exploits0References2
CVE
CVE
added 2026/04/13 12:0 a.m.16 views

CVE-2025-70936

Vtiger CRM 8.4.0 is affected by a reflected XSS in the MailManager module, caused by improper handling of user-controlled input in the _folder parameter. The payload is reflected and executed in an authenticated user session, using a double URL-encoded input. The available connected sources confi...

5.4CVSS5.7AI score0.00138EPSS
Exploits0References2
OSV
OSV
added 2026/01/19 9:30 a.m.4 views

GHSA-C399-Q49H-QWC8 Apache Linkis: Arbitrary File Read via Double URL Encoding Bypass

A vulnerability in Apache Linkis. Problem Description When using the JDBC engine and data source functionality, if the URL parameter configured on the frontend has undergone multiple rounds of URL encoding, it may bypass the system's checks. This bypass can trigger a vulnerability that allows...

7.5CVSS5.6AI score0.00744EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/01/19 8:36 a.m.2 views

CVE-2025-29847 Apache Linkis: Arbitrary File Read via Double URL Encoding Bypass

A vulnerability in Apache Linkis. Problem Description When using the JDBC engine and da When using the JDBC engine and data source functionality, if the URL parameter configured on the frontend has undergone multiple rounds of URL encoding, it may bypass the system's checks. This bypass can trigg...

5.5AI score0.00744EPSS
Exploits0References1
CVE
CVE
added 2026/01/19 8:36 a.m.20 views

CVE-2025-29847

CVE-2025-29847 (Apache Linkis) : A vulnerability in Apache Linkis where, when using the JDBC engine and data source, multiple URL-encoded parameters on the frontend can bypass checks and allow unauthorized access to system files via JDBC parameters. Affected versions: 1.3.0–1.7.0. Impact: potenti...

7.5CVSS5.6AI score0.00744EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2025/12/09 12:0 a.m.6 views

Astro 安全漏洞

Astro is an Astro open source web framework for content-driven websites. A security vulnerability exists in Astro versions 5.15.7 and below, which stems from a double URL encoding bypass that could allow an unauthenticated attacker to access protected routes...

6.5CVSS6.5AI score0.00284EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2025/12/08 4:26 p.m.10 views

Astro has an Authentication Bypass via Double URL Encoding, a bypass for CVE-2025-64765

Authentication Bypass via Double URL Encoding in Astro Bypass for CVE-2025-64765 / GHSA-ggxq-hp9w-j794 --- Summary A double URL encoding bypass allows any unauthenticated attacker to bypass path-based authentication checks in Astro middleware, granting unauthorized access to protected routes. Whi...

6.9CVSS7.3AI score0.00481EPSS
Exploits1References6Affected Software1
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-30380

Malicious code in bioql PyPI...

9.8CVSS9.3AI score0.00839EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2025/09/22 6:30 p.m.8 views

H2O affected by a deserialization vulnerability

A deserialization vulnerability exists in h2oai/h2o-3 versions = 3.46.0.7, allowing attackers to read arbitrary system files and execute arbitrary code. The vulnerability arises from improper handling of JDBC connection parameters, which can be exploited by bypassing regular expression checks and...

9.8CVSS7.3AI score0.00839EPSS
Exploits1References4Affected Software2
OSV
OSV
added 2025/09/22 6:30 p.m.2 views

GHSA-5W3J-GWGH-4RFV H2O affected by a deserialization vulnerability

A deserialization vulnerability exists in h2oai/h2o-3 versions = 3.46.0.7, allowing attackers to read arbitrary system files and execute arbitrary code. The vulnerability arises from improper handling of JDBC connection parameters, which can be exploited by bypassing regular expression checks and...

9.8CVSS6.1AI score0.00839EPSS
Exploits1References4
Cvelist
Cvelist
added 2025/09/21 9:0 a.m.10 views

CVE-2025-6544 Deserialization Vulnerability in h2oai/h2o-3

A deserialization vulnerability exists in h2oai/h2o-3 versions = 3.46.0.8, allowing attackers to read arbitrary system files and execute arbitrary code. The vulnerability arises from improper handling of JDBC connection parameters, which can be exploited by bypassing regular expression checks and...

9.8CVSS0.00839EPSS
Exploits1References2
OSV
OSV
added 2025/09/21 9:0 a.m.4 views

CVE-2025-6544 Deserialization Vulnerability in h2oai/h2o-3

A deserialization vulnerability exists in h2oai/h2o-3 versions = 3.46.0.8, allowing attackers to read arbitrary system files and execute arbitrary code. The vulnerability arises from improper handling of JDBC connection parameters, which can be exploited by bypassing regular expression checks and...

9.8CVSS6.1AI score0.00839EPSS
Exploits1References4
Prion
Prion
added 2023/01/13 6:15 a.m.24 views

Path traversal

keycloak: path traversal via double URL encoding. A flaw was found in Keycloak, where it does not properly validate URLs included in a redirect. An attacker can use this flaw to construct a malicious request to bypass validation and access other URLs and potentially sensitive information within t...

6.4CVSS9.2AI score0.05796EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2023/01/11 4:58 p.m.392 views

CVE-2022-3782

CVE-2022-3782 affects Keycloak / Red Hat Single Sign-On: path traversal via double URL encoding due to improper validation of redirect URLs, enabling an attacker to traverse to arbitrary files within the domain when wildcard Redirect URIs are used. Connected sources confirm the issue and indicate...

9.1CVSS8.9AI score0.05796EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2022/12/13 7:44 p.m.51 views

GHSA-G8Q8-FGGX-9R3Q Keycloak vulnerable to path traversal via double URL encoding

Keycloak does not properly validate URLs included in a redirect. An attacker could construct a malicious request to bypass validation and access other URLs and potentially sensitive information within the domain, or possibly conduct further attacks...

9.1CVSS8.6AI score0.05796EPSS
Exploits0References5
Rows per page
Query Builder