Eaea0001

An issue in SNMP4J-Agent 3.8.3 allows a remote attacker to execute arbitrary code via the snmp4jCfgStoragePath component.

**Name of the Vulnerable Software and Affected Versions** remotion version 4.0.409 **Description** A remote code execution (RCE) issue was discovered, which allows an attacker to execute arbitrary code on the target system. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

remotion-dev remotion v4.0.409 was discovered to contain an arbitrary file write vulnerability.

**Name of the Vulnerable Software and Affected Versions** SiYuan versions prior to 3.5.5 **Description** The `/api/file/getFile` endpoint uses case-sensitive string equality checks to block access to sensitive files. On case-insensitive file systems, such as Windows, attackers can bypass these restrictions using mixed-case paths and read protected configuration files. This can lead to the disclosure of sensitive information, including access codes, API Tokens, and sync configurations. The issue is remotely exploitable when the service is published without authentication. The root cause is path comparison using strict case-sensitive string matching without case normalization or identical file validation. The vulnerable parameter is `path` in the request to the `/api/file/getFile` endpoint. **Recommendations** Versions prior to 3.5.5 should be updated to version 3.5.5 or later. Normalize path casing before comparison on Windows and macOS. Use file-level comparison methods such as `os.SameFile`. Apply blacklist validation on sensitive paths after case normalization.