MAL-2026-4474 Malicious code in acc-document-editing (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7c82ee7b879d66ba2fb79ec7ad7fee47623c2c3b68c8a925510b1f42cd1e3456 The DocumentEditor React component exported by this package, when an end-user opens a.doc file, POSTs the raw file bytes to...

CVE-2026-41894 SiYuan: Incomplete Fix Bypass for CVE-2026-30869: Path Traversal via Double URL Encoding in `/export/` Endpoint

SiYuan is an open-source personal knowledge management system. Prior to 3.6.5, the fix for CVE-2026-30869 only added a denylist check IsSensitivePath but did not address the root cause — a redundant url.PathUnescape call in serveExport. An authenticated attacker can use double URL encoding...

Researchers Say Fiverr Left User Files Open to Google Search

Private Fiverr user documents, including tax records and IDs, were reportedly found in Google search results due to a storage configuration issue. Read more about the findings and the company’s response to the data exposure...

i2A CronosWeb 安全漏洞

i2A CronosWeb is an integration and automation tool for SAP environments from the Spanish company i2A. A security vulnerability exists in i2A CronosWeb version 25.00.00.12 and prior versions, which stems from the manipulation of the documentCode parameter that could lead to accessing other user...

CVE-2024-53450

RAGFlow 0.13.0 suffers from improper access control in document-hooks.ts, allowing unauthorized access to user documents...

CVE-2024-53450

RAGFlow 0.13.0 suffers from improper access control in document-hooks.ts, allowing unauthorized access to user documents...

CVE-2024-53450

RAGFlow 0.13.0 is affected by improper access control in document-hooks.ts, enabling unauthorized access to user documents. The issue is documented across multiple feeds (Red Hat, NVD, OSV, CNNVD, etc.) with no explicit attacker/vector details provided in the core CVE entry, but the root cause is...

CVE-2024-53450

RAGFlow 0.13.0 suffers from improper access control in document-hooks.ts, allowing unauthorized access to user documents...

CVE-2024-23451 Elasticsearch Incorrect Authorization in the Remote Cluster Security API key based security model

Incorrect Authorization issue exists in the API key based security model for Remote Cluster Security, which is currently in Beta, in Elasticsearch 8.10.0 and before 8.13.0. This allows a malicious user with a valid API key for a remote cluster configured to use the new Remote Cluster Security to...

Querybook Data Falsification Issue Vulnerability

Querybook is an open source big data query UI for Pinterest. A data forgery issue vulnerability exists in Querybook versions prior to 3.32.0, which stems from the presence of cross-site websocket hijacking that allows an attacker to read/edit/delete a user's data document...

Tennessee Valley Authority: Incorrect Authorization leads to see other users Documents Uploaded

Vulnerability description not provided...

SUSE CVE-2017-12635

Due to differences in the Erlang-based JSON parser and JavaScript-based JSON parser, it is possible in Apache CouchDB before 1.7.0 and 2.x before 2.1.1 to submit users documents with duplicate keys for 'roles' used for access control within the database, including the special case 'admin' role,...

XWiki Platform 安全漏洞

Xwiki Platform is a suite of wiki platforms for creating web collaboration applications from the French company Xwiki. A security vulnerability exists in XWiki Platform, which stems from the fact that a guest user who is not authorized to view a wiki page can still list documents related to the...

CVE-2020-7473

In certain situations, all versions of Citrix ShareFile StorageZones aka storage zones Controller, including the most recent 5.10.x releases as of May 2020, allow unauthenticated attackers to access the documents and folders of ShareFile users. NOTE: unlike most CVEs, exploitability depends on th...

Citrix Systems Citrix ShareFile storage zones Controller path traversal vulnerability

Citrix Systems Citrix ShareFile is a file sharing solution from Citrix Systems, Inc. storage zones Controller is one of the storage zones controllers. A path traversal vulnerability exists in Citrix Systems Citrix ShareFile storage zones Controller. An attacker can exploit this vulnerability to...

GitLab Directory Traversal Vulnerability

GitLab is a set of open source applications developed using Ruby on Rails to implement a self-hosted Git version control system project repository. GitLab suffers from a directory traversal vulnerability due to the program failing to properly check for symbolic links in user-supplied documents. A...