98 matches found
CVE-2026-34603
CVE-2026-34603 affects TinaCMS: its media endpoints in @tinacms/cli (and related GraphQL handling) allow escaping the media root when symlinks or junctions exist in the media directory. The issue stems from lexical path-traversal checks that do not resolve symlink targets, enabling operations (li...
CVE-2026-34604 @tinacms/graphql's `FilesystemBridge` Path Validation Can Be Bypassed via Symlinks or Junctions
Tina is a headless content management system. Prior to version 2.2.2, @tinacms/graphql uses string-based path containment checks in FilesystemBridge. That blocks plain ../ traversal, but it does not resolve symlink or junction targets. If a symlink/junction already exists under the allowed conten...
GHSA-G9C2-GF25-3X67 @tinacms/graphql's `FilesystemBridge` Path Validation Can Be Bypassed via Symlinks or Junctions
Summary @tinacms/graphql uses string-based path containment checks in FilesystemBridge: - path.resolvepath.joinbaseDir, filepath - startsWithresolvedBase + path.sep That blocks plain ../ traversal, but it does not resolve symlink or junction targets. If a symlink/junction already exists under the...
@tinacms/graphql's `FilesystemBridge` Path Validation Can Be Bypassed via Symlinks or Junctions
Summary @tinacms/graphql uses string-based path containment checks in FilesystemBridge: - path.resolvepath.joinbaseDir, filepath - startsWithresolvedBase + path.sep That blocks plain ../ traversal, but it does not resolve symlink or junction targets. If a symlink/junction already exists under the...
GHSA-G87C-R2JP-293W @tinacms/graphql's Media Endpoints Can Escape the Media Root via Symlinks or Junctions
Summary @tinacms/cli recently added lexical path-traversal checks to the dev media routes, but the implementation still validates only the path string and does not resolve symlink or junction targets. If a link already exists under the media root, Tina accepts a path like...
PT-2026-29498
Summary @tinacms/cli recently added lexical path-traversal checks to the dev media routes, but the implementation still validates only the path string and does not resolve symlink or junction targets. If a link already exists under the media root, Tina accepts a path like...
CVE-2026-23563 Privilege escalation in TeamViewer DEX via DeleteFileByPath instruction
Improper Link Resolution Before File Access invoked by 1E‑Explorer‑TachyonCore‑DeleteFileByPath instruction in TeamViewer DEX - 1E Client before version 26.1 on Windows allows a low‑privileged local attacker to delete protected system files via a crafted RPC control junction or symlink that is...
PT-2026-5250
Name of the Vulnerable Software and Affected Versions TeamViewer DEX - 1E Client versions prior to 26.1 Description The software contains a flaw related to improper link resolution before file access. This issue, triggered by the 1E‑Explorer‑TachyonCore‑DeleteFileByPath instruction, allows a loca...
CVE-2025-12838
MSP360 Free Backup is affected by a local privilege escalation vulnerability (CVE-2025-12838) in the restore functionality. The flaw allows an attacker who can run low-privileged code and must induce admin interaction to create a junction that enables arbitrary file creation, enabling privilege e...
CVE-2025-12838 MSP360 Free Backup Link Following Local Privilege Escalation Vulnerability
MSP360 Free Backup Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MSP360 Free Backup. An attacker must first obtain the ability to execute low-privileged code on the target system in order to...
CVE-2025-12838 MSP360 Free Backup Link Following Local Privilege Escalation Vulnerability
MSP360 Free Backup Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MSP360 Free Backup. An attacker must first obtain the ability to execute low-privileged code on the target system in order to...
MSP360 Free Backup Link Following Local Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of MSP360 Free Backup. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. User interaction on the part of an administrator ...
Veeam Agent for Microsoft Windows Link Following Local Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of Veeam Agent for Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. User interaction on the part of an...
CVE-2025-9968
CVE-2025-9968 affects the Armoury Crate product family, specifically the UnifyScanner component. A link following vulnerability can be triggered by crafting a junction, potentially allowing local privilege escalation. Impact is described as high for confidentiality and integrity with local attack...
EUVD-2021-13521
Malware in sbrugna...
EUVD-2019-10040
Malware in sbrugna...
EUVD-2020-2328
Malware in sbrugna...
EUVD-2020-29006
Malware in sbrugna...
EUVD-2020-2324
Malware in sbrugna...
EUVD-2020-12281
Malware in sbrugna...