3 matches found
CVE-2026-32749 SiYuan importSY/importZipMd: Path Traversal via multipart filename enables arbitrary file write
SiYuan is a personal knowledge management system. In versions 3.6.0 and below, POST /api/import/importSY and POST /api/import/importZipMd write uploaded archives to a path derived from the multipart filename field without sanitization, allowing an admin to write files to arbitrary locations outsi...
EUVD-2026-12131
SiYuan Vulnerable to Path Traversal in /export Endpoint Allows Arbitrary File Read and Secret Leakage...
SiYuan 路径遍历漏洞
SiYuan is a privacy-first personal knowledge management system from SiYuan open source. A path traversal vulnerability exists in SiYuan versions prior to 3.1.16, which stems from vulnerability to cross-site scripting attacks that write to and store arbitrary files on the host...