PT-2026-48120

Hermes WebUI before version 0.51.303 contains a time-of-check time-of-use TOCTOU race condition vulnerability in the git discard function within api/workspace git.py that allows attackers to delete files outside the configured workspace boundary by replacing a validated path component with a...

CVE-2026-49492

Markdown Preview Enhanced before 0.8.28 opens external files and links from the preview through a shell and does not validate untrusted inputs taken from the markdown document - the diagram filename attribute, imported file paths, and the latexengine code-chunk attribute. On Windows, a crafted...

CVE-2026-49492 Markdown Preview Enhanced OS Command Injection in External File and Link Opening

Markdown Preview Enhanced before 0.8.28 opens external files and links from the preview through a shell and does not validate untrusted inputs taken from the markdown document - the diagram filename attribute, imported file paths, and the latexengine code-chunk attribute. On Windows, a crafted...

CVE-2026-49492 Markdown Preview Enhanced OS Command Injection in External File and Link Opening

Markdown Preview Enhanced before 0.8.28 opens external files and links from the preview through a shell and does not validate untrusted inputs taken from the markdown document - the diagram filename attribute, imported file paths, and the latexengine code-chunk attribute. On Windows, a crafted...

EUVD-2026-34331

Hermes WebUI prior to v0.51.221 contains a path traversal vulnerability that allows attackers to escape the workspace boundary by supplying symlinks that resolve to files or directories outside the designated workspace root. Attackers can exploit the workspace file and listing APIs, which resolve...

Markdown Preview Enhanced 操作系统命令注入漏洞

Markdown Preview Enhanced is a highly powerful markup extension developed by Yiyi Wang. Versions of Markdown Preview Enhanced prior to 0.8.28 contained a vulnerability related to operating system command injection. This vulnerability stemmed from opening external files and links via the shell...

PT-2026-47023

Name of the Vulnerable Software and Affected Versions Markdown Preview Enhanced versions prior to 0.8.28 Description On Windows, the software opens external files and links from the preview through a shell without validating untrusted inputs from the markdown document. This allows for the injecti...

CVE-2026-11322

Hermes WebUI prior to v0.51.221 contains a path traversal vulnerability that allows attackers to escape the workspace boundary by supplying symlinks that resolve to files or directories outside the designated workspace root. Attackers can exploit the workspace file and listing APIs, which resolve...

CVE-2026-11322 Hermes WebUI before 0.51.221 Path Traversal via Symlink Workspace Bypass

Hermes WebUI prior to v0.51.221 contains a path traversal vulnerability that allows attackers to escape the workspace boundary by supplying symlinks that resolve to files or directories outside the designated workspace root. Attackers can exploit the workspace file and listing APIs, which resolve...

CVE-2026-11322 Hermes WebUI before 0.51.221 Path Traversal via Symlink Workspace Bypass

Hermes WebUI prior to v0.51.221 contains a path traversal vulnerability that allows attackers to escape the workspace boundary by supplying symlinks that resolve to files or directories outside the designated workspace root. Attackers can exploit the workspace file and listing APIs, which resolve...

Hermes Web UI 后置链接漏洞

Hermes Web UI is a lightweight, dark-themed web interface developed by Nathan Esquenazi. Versions of Hermes Web UI prior to v0.51.221 contained a backlink vulnerability. This vulnerability was caused by a path traversal issue, which could allow attackers to escape the working area’s boundaries by...

PT-2026-46394

Name of the Vulnerable Software and Affected Versions Hermes WebUI versions prior to 0.51.221 Description A path traversal issue allows attackers to escape the workspace boundary by providing symlinks that resolve to files or directories outside the designated workspace root. By exploiting the...

Path Traversal

Hugo is vulnerable to Path Traversal. The vulnerability is due to unrestricted execution of Node-based asset pipeline tools such as PostCSS, Babel, and TailwindCSS during site builds, allowing code from untrusted sites to read or write files outside the project's working directory when processed ...

OSV-2026-728 Stack-buffer-overflow in autoload_external_files

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=512622269 Crash type: Stack-buffer-overflow READ 4 Crash state: autoloadexternalfiles loadexternaloptsthread workerthread...

CVE-2026-44220 ciguard: discover_pipeline_files follows symlinks out of scan root

ciguard is a static security auditor for CI/CD pipelines. From 0.8.0 to 0.8.1 , the discoverpipelinefiles function in src/ciguard/discovery.py walks a directory tree following symlinks, with cycle protection via tracking visited resolved paths. An attacker who can plant a symlink in a directory t...

Microsoft Teams Spoofing Vulnerability

Files or directories accessible to external parties in Microsoft Teams allows an unauthorized attacker to perform spoofing locally...

Path Traversal

Mako is vulnerable to Path Traversal. The vulnerability is due to inconsistent slash-stripping behavior in TemplateLookup.gettemplate, where URIs beginning with // can bypass path restrictions and access arbitrary files outside the intended template directory, allowing disclosure of files readabl...

Astra Linux – Vulnerability in libarchive

An improper link resolution flaw can occur during the extraction of an archive, resulting in changes to the mode, times, access control lists, and flags of a file within the archive. An attacker may provide a malicious archive to a victim user, triggering this flaw when the victim attempts to...

CVE-2026-41525

A flaw was found in KDE Dolphin. This vulnerability allows applications operating within a Flatpak or AppArmor sandbox to bypass security restrictions. By exploiting the FileManager1 protocol, a malicious application can prompt users to open files, including scripts or executables, located outsid...

UNIX Symbolic Link (Symlink) Following

Overview liquidjs is an A simple, expressive, safe and Shopify compatible template engine in pure JavaScript. Affected versions of this package are vulnerable to UNIX Symbolic Link Symlink Following through the include, render, and layout directories, when symlinks are placed within a trusted...