CVE-2026-45148

SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, broken access control in the searchAsset, searchTag, searchWidget, and searchTemplate publish-mode Readers can enumerate metadata from documents that are invisible to the publish service. This vulnerability is fixed in...

CVE-2026-45148

SiYuan (open-source personal knowledge management) before v3.7.0 has broken access control in publish-mode, allowing Readers to enumerate metadata across documents via the searchAsset, searchTag, searchWidget, and searchTemplate endpoints. The issue arises when a publish-mode RoleReader accesses ...

CVE-2026-45148 SiYuan: Broken access control in SiYuan publish-mode Readers can enumerate metadata

SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, broken access control in the searchAsset, searchTag, searchWidget, and searchTemplate publish-mode Readers can enumerate metadata from documents that are invisible to the publish service. This vulnerability is fixed in...

PraisonAI 路径遍历漏洞

PraisonAI is a low-code multi-agent collaboration framework developed by Mervin Praison. Versions of PraisonAI prior to 1.5.128 contained a path traversal vulnerability. This vulnerability stemmed from the listfiles tool not verifying the pattern parameter, allowing attackers to traverse relative...

Google Cloud Platform Compute Engine Instance Metadata Enumeration (Windows)

Binary data enumerategooglecomputeenginewin.nbin...

Google Cloud Platform Compute Engine Instance Metadata Enumeration (Unix)

The remote host appears to be a Google Compute Engine instance. Nessus was able to use the metadata API to collect information about the system. TRUSTED...