EUVD-2026-3292

SiYuan vulnerable to Arbitrary file Read / SSRF...

PT-2026-3871

Name of the Vulnerable Software and Affected Versions Copier versions prior to 9.11.2 Description Copier, a library and CLI app for rendering project templates, exhibited a flaw where it incorrectly identified templates as safe, even if they contained arbitrary files and directories outside the...

5ire security vulnerabilities

5ire is a cross-platform desktop AI assistant developed by Ironben’s developers. Versions of 5ire prior to 0.15.3 contained security vulnerabilities. These vulnerabilities stemmed from insecure HTML rendering, which allowed unauthorized HTML execution. This could allow attackers to inject malicio...

PT-2026-3863

Name of the Vulnerable Software and Affected Versions 5ire versions prior to 0.15.3 Description 5ire is a cross-platform desktop artificial intelligence assistant and model context protocol client. Prior to version 0.15.3, unsafe HTML rendering allows untrusted HTML, including on event attributes...

CVE-2026-23850

SiYuan is a personal knowledge management system. In versions prior to 3.5.4, the markdown feature allows unrestricted server side html-rendering which allows arbitrary file read LFD. Version 3.5.4 fixes the issue...

MiracleLinux 8 : grub2-2.02-142.el8.1.ML.1 (AXSA:2023-4726:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-4726:01 advisory. grub2: Buffer overflow in grubfontconstructglyph can lead to out-of-bound write and possible secure boot bypass CVE-2022-2601 grub2: Heap based...

MiracleLinux 9 : thunderbird-102.5.0-2.el9.ML.1 (AXSA:2023-5045:06)

The remote MiracleLinux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2023-5045:06 advisory. Mozilla: Service Workers might have learned size of cross-origin media files CVE-2022-45403 Mozilla: Fullscreen notification bypass CVE-2022-45404...

MiracleLinux 8 : tigervnc-1.13.1-10.el8 (AXSA:2024-8341:11)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-8341:11 advisory. xorg-x11-server: Heap buffer overread/data leakage in ProcXIGetSelectedEvents CVE-2024-31080 xorg-x11-server: Heap buffer overread/data leakage in...

MiracleLinux 9 : grub2-2.06-46.el9.3.ML.1 (AXSA:2023-5114:03)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-5114:03 advisory. grub2: Buffer overflow in grubfontconstructglyph can lead to out-of-bound write and possible secure boot bypass CVE-2022-2601 grub2: Heap based...

MiracleLinux 8 : firefox-102.5.0-1.el8.ML.1 (AXSA:2023-4657:01)

The remote MiracleLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2023-4657:01 advisory. Mozilla: Service Workers might have learned size of cross-origin media files CVE-2022-45403 Mozilla: Fullscreen notification bypass CVE-2022-45404...

CVE-2026-23850

SiYuan is a personal knowledge management system. In versions prior to 3.5.4, the markdown feature allows unrestricted server side html-rendering which allows arbitrary file read LFD. Version 3.5.4 fixes the issue...

CVE-2026-23850

SiYuan is a personal knowledge management system. In versions prior to 3.5.4, the markdown feature allows unrestricted server side html-rendering which allows arbitrary file read LFD. Version 3.5.4 fixes the issue...

CVE-2026-23850 SiYuan vulnerable to arbitrary file read

SiYuan is a personal knowledge management system. In versions prior to 3.5.4, the markdown feature allows unrestricted server side html-rendering which allows arbitrary file read LFD. Version 3.5.4 fixes the issue...

CVE-2026-23850 SiYuan vulnerable to arbitrary file read

SiYuan is a personal knowledge management system. In versions prior to 3.5.4, the markdown feature allows unrestricted server side html-rendering which allows arbitrary file read LFD. Version 3.5.4 fixes the issue...

CVE-2026-23850

SiYuan vulnerable to SSRF/LFD via createDocWithMd: unsanitized markdown can reach local files or internal resources. Affected versions prior to 3.5.4; fix is 3.5.4+. Public sources (OSV, GHSA, Snyk, Red Hat) describe SSRF through markdown handling in kernel/model/file.go and kernel/api/filetree.g...

Moderate: Red Hat Security Advisory: poppler security update

An update for poppler is now available for Red Hat Enterprise Linux 9.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

Moderate: Red Hat Security Advisory: poppler security update

An update for poppler is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service. Red Hat Product Security has rated this update as...

kernel: drm/sched: Fix potential double free in drm_sched_job_add_resv_dependencies

A flaw was found in the kernel subsystem handling of the DRM scheduler. Under certain error conditions, the function drmschedjobadddependency consumes a fence reference and then later erroneously attempts to free it again double free. This may lead to memory corruption and, in some configurations...

SiYuan path traversal vulnerability

SiYuan is a privacy-oriented personal knowledge management system developed by SiYuan. Versions of SiYuan prior to 3.5.4 contained a path traversal vulnerability. This vulnerability stemmed from the markdown feature, which allowed unlimited server-side HTML rendering, potentially leading to...

PT-2026-3496

Name of the Vulnerable Software and Affected Versions SiYuan versions prior to 3.5.4 Description The markdown feature in SiYuan allows unrestricted server-side HTML rendering, which can lead to arbitrary file read LFD and Server-Side Request Forgery SSRF. This issue occurs because the markdown...