EUVD-2026-17685

SiYuan Desktop: Stored XSS in imported .sy.zip content leads to arbitrary command execution...

GHSA-FF66-236V-P4FG SiYuan Desktop: Stored XSS in imported .sy.zip content leads to arbitrary command execution

Summary A vulnerability allows crafted block attribute values to bypass server-side attribute escaping when an HTML entity is mixed with raw special characters. An attacker can embed a malicious IAL value inside a .sy document, package it as a .sy.zip, and have the victim import it through the...

SiYuan Desktop: Stored XSS in imported .sy.zip content leads to arbitrary command execution

Summary A vulnerability allows crafted block attribute values to bypass server-side attribute escaping when an HTML entity is mixed with raw special characters. An attacker can embed a malicious IAL value inside a .sy document, package it as a .sy.zip, and have the victim import it through the...

CVE-2026-30289

An arbitrary file overwrite vulnerability in Tinybeans Private Family Album App v5.9.5-prod allows attackers to overwrite critical internal files via the file import process, leading to arbitrary code execution or information exposure...

CVE-2026-30289

An arbitrary file overwrite vulnerability in Tinybeans Private Family Album App v5.9.5-prod allows attackers to overwrite critical internal files via the file import process, leading to arbitrary code execution or information exposure...

Ora Tools PDF Reader 安全漏洞

Ora Tools PDF Reader is a document reading tool developed by Ora Tools Corporation in China. It supports browsing and basic processing of PDF files. There is a security vulnerability in the APPv4.3.5 version of Ora Tools PDF Reader. This vulnerability stems from the possibility of arbitrary file...

CVE-2026-30287

An arbitrary file overwrite vulnerability in Deep Thought Industries ACE Scanner PDF Scanner v1.4.5 allows attackers to overwrite critical internal files via the file import process, leading to arbitrary code execution or information exposure...

CVE-2026-30292

CVE-2026-30292 affects Docudepot PDF Reader: PDF Viewer APP v1.0.34. The vulnerability is an arbitrary file overwrite via the file import process, which can result in arbitrary code execution or information exposure. The available connected reports confirm the issue and its impact but do not prov...

CVE-2026-30291

An arbitrary file overwrite vulnerability in Ora Tools PDF Reader ' Reader & Editor APPv4.3.5 allows attackers to overwrite critical internal files via the file import process, leading to arbitrary code execution or information exposure...

CVE-2026-30287

An arbitrary file overwrite vulnerability in Deep Thought Industries ACE Scanner PDF Scanner v1.4.5 allows attackers to overwrite critical internal files via the file import process, leading to arbitrary code execution or information exposure...

CVE-2026-30292

An arbitrary file overwrite vulnerability in Docudepot PDF Reader: PDF Viewer APP v1.0.34 allows attackers to overwrite critical internal files via the file import process, leading to arbitrary code execution or information exposure...

PT-2026-29519

An arbitrary file overwrite vulnerability in Deep Thought Industries ACE Scanner PDF Scanner v1.4.5 allows attackers to overwrite critical internal files via the file import process, leading to arbitrary code execution or information exposure...

Tinybeans Private Family Album App 安全漏洞

Tinybeans Private Family Album App is a private album application developed by the American company Tinybeans. It is designed for recording and sharing family photos and moments of growth. The Tinybeans Private Family Album App v5.9.5-prod version has a security vulnerability. This vulnerability...

PT-2026-29520

An arbitrary file overwrite vulnerability in Tinybeans Private Family Album App v5.9.5-prod allows attackers to overwrite critical internal files via the file import process, leading to arbitrary code execution or information exposure...

PT-2026-29660

Summary A path traversal vulnerability in /api/chats/import allows an authenticated attacker to write attacker-controlled files outside the intended chats directory by injecting traversal sequences into character name. Details character name is used unsafely as part of the destination filename an...

Python Install Manager 安全漏洞

Python Install Manager is an open-source installation management tool for Python. Python Install Manager has a security vulnerability that stems from including the current working directory in the sys.path, which may allow malicious modules to be imported from a directory controlled by the attack...

CVE-2026-30291

CVE-2026-30291 affects Ora Tools PDF Reader/Editor (APP v4.3.5). The vulnerability allows arbitrary file overwrites through the file-import process, which can lead to arbitrary code execution or information exposure. Connected sources (Red Hat, ENISA EUVD, NVD, CVE lists) confirm the same descrip...

CVE-2026-30291

An arbitrary file overwrite vulnerability in Ora Tools PDF Reader ' Reader & Editor APPv4.3.5 allows attackers to overwrite critical internal files via the file import process, leading to arbitrary code execution or information exposure...

PT-2026-29532

An arbitrary file overwrite vulnerability in Docudepot PDF Reader: PDF Viewer APP v1.0.34 allows attackers to overwrite critical internal files via the file import process, leading to arbitrary code execution or information exposure...

CVE-2026-30292

An arbitrary file overwrite vulnerability in Docudepot PDF Reader: PDF Viewer APP v1.0.34 allows attackers to overwrite critical internal files via the file import process, leading to arbitrary code execution or information exposure...