SiYuan Vulnerable to Arbitrary File Read in Desktop Publish Service

Summary In SiYuan, /api/lute/html2BlockDOM on the desktop copies local files pointed to by file:// links in pasted HTML into the workspace assets directory without validating paths against a sensitive-path list. Together with GET /assets/path, which only requires authentication, a publish-service...

CVE-2026-26217

CVE-2026-26217 affects Crawl4AI

EUVD-2013-6289

Malware in sbrugna...

Butterfly 安全漏洞

Butterfly is a modular web application framework open-sourced by OpenRefine. A security vulnerability exists in Butterfly versions prior to 1.2.6, which stems from improper handling of the file protocol in URLs, and could lead to path traversal, server-side request forgery, and cross-site scripti...

Multiple Apple Products WebKit Page Loading Component Logic Issue Vulnerability

Apple iOS is an operating system developed for mobile devices. apple tvOS is an operating system for smart TVs. apple iPadOS is an operating system for iPad tablets. webKit Page Loading is one of the WebKit Page Loading components. loading component. A security vulnerability exists in the WebKit...

WebKit 沙盒安全限制绕过漏洞(CVE-2012-3697)

BUGTRAQ ID: 54697 CVE ID: CVE-2012-3697 WebKit 是一个开源的浏览器引擎，与之相应的引擎有Gecko（Mozilla Firefox 等使用的排版引擎）和Trident（也称为MSHTML，IE 使用的排版引擎）。同时WebKit 也是苹果Mac OS X 系统引擎框架版本的名称，主要用于Safari，Dashboard，Mail 和其他一些Mac OS X 程序。 Apple Safari 6.0之前版本的WebKit没有正确处理file: URL，可允许远程攻击者通过利用Web进程控制绕过目标沙盒限制和读取任意文件。 0 Apple...