CVE-2026-42590

Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.30.0, The ExifTool metadata write blocklist in Gotenberg can be bypassed using ExifTool's group-prefix syntax, enabling arbitrary file rename, move, hardlink, and symlink creation on the server. ExifTool supports group-prefix...

CVE-2026-40281

Gotenberg 8.x (

CVE-2026-40281 Gotenberg vulnerable to argument injection via newlines in ExifTool metadata values

Gotenberg is a Docker-powered stateless API for PDF files. In versions 8.30.1 and earlier, the metadata write endpoint validates metadata keys for control characters but leaves metadata values unsanitized. A newline character in a metadata value splits the ExifTool stdin line into two separate...

EUVD-2009-1889

Malware in sbrugna...

CVE-2017-14484

The Gentoo sci-mathematics/gimps package before 28.10-r1 for Great Internet Mersenne Prime Search GIMPS allows local users to gain privileges by creating a hard link under /var/lib/gimps, because an unsafe "chown -R" command is executed...

CVE-2009-1894

Race condition in PulseAudio 0.9.9, 0.9.10, and 0.9.14 allows local users to gain privileges via vectors involving creation of a hard link, related to the application setting LDBINDNOW to 1, and then calling execv on the target of the /proc/self/exe symlink...

PT-2009-4355 · Pulseaudio · Pulseaudio

Name of the Vulnerable Software and Affected Versions: PulseAudio versions 0.9.9 through 0.9.14 Description: A race condition exists that allows local users to gain privileges. This issue involves the creation of a hard link and is related to the application setting LD BIND NOW to 1, and then...

Multiple bugs in QNX

User can create the hard link for a file not owned by him. ptrace can be attached to suid process, signals may be passed to any process, buffer overflows and privelege escalations in many utilities...