Lucene search
K

6 matches found

OSV
OSV
added 2026/02/10 5:47 p.m.8 views

CVE-2026-25992 SiYuan has a File Read Interface Case Bypass Vulnerability

SiYuan is a personal knowledge management system. Prior to 3.5.5, the /api/file/getFile endpoint uses case-sensitive string equality checks to block access to sensitive files. On case-insensitive file systems such as Windows, attackers can bypass restrictions using mixed-case paths and read...

7.5CVSS5.5AI score0.00505EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2026/02/10 5:47 p.m.3 views

CVE-2026-25992 SiYuan has a File Read Interface Case Bypass Vulnerability

SiYuan is a personal knowledge management system. Prior to 3.5.5, the /api/file/getFile endpoint uses case-sensitive string equality checks to block access to sensitive files. On case-insensitive file systems such as Windows, attackers can bypass restrictions using mixed-case paths and read...

7.5CVSS5.5AI score0.00505EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/02/10 5:47 p.m.28 views

CVE-2026-25992 SiYuan has a File Read Interface Case Bypass Vulnerability

SiYuan is a personal knowledge management system. Prior to 3.5.5, the /api/file/getFile endpoint uses case-sensitive string equality checks to block access to sensitive files. On case-insensitive file systems such as Windows, attackers can bypass restrictions using mixed-case paths and read...

7.5CVSS0.00505EPSS
Exploits1References2
CNVD
CNVD
added 2020/09/14 12:0 a.m.2 views

Ingenico Telium 2 POS File Read Bypass Vulnerability

Ingenico Telium 2 POS is a cash register system. A file read bypass vulnerability exists in Ingenico Telium 2 POS NTPT3, which can be exploited by a remote attacker to submit a special request to read the contents of a system file in the application context...

4.6CVSS6.9AI score0.00527EPSS
Exploits1References1
OSV
OSV
added 2019/05/01 3:29 a.m.4 views

CVE-2019-11628

An issue was discovered in QlikView Server before 11.20 SR19, 12.00 and 12.10 before 12.10 SR11, 12.20 before SR9, and 12.30 before SR2; and Qlik Sense Enterprise and Qlik Analytics Platform installations that lack these patch levels: February 2018 Patch 4, April 2018 Patch 3, June 2018 Patch 3,...

6.5CVSS5.8AI score0.00991EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2017/12/27 5:8 p.m.2 views

CVE-2017-17876

Biometric Shift Employee Management System 3.0 allows remote attackers to bypass intended file-read restrictions via a user=download request with a pathname in the path parameter...

7.5CVSS5.6AI score0.09542EPSS
Exploits5References2
Rows per page
Query Builder