Lucene search
K

101 matches found

EUVD
EUVD
added 17 hours ago4 views

EUVD-2026-43541

Glarysoft Glary Utilities Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Glarysoft Glary Utilities. An attacker must first obtain the ability to execute low-privileged code on the target system...

7.3CVSS7.2AI score
Exploits0References2
CVE
CVE
added yesterday7 views

CVE-2026-15682

The CVE-2026-15682 vulnerability affects AnyDesk’s Send Support Information feature. By creating a junction, an attacker who can run low-privilege code locally can abuse the process to create arbitrary files, enabling a denial-of-service condition on affected installations. The flaw is localized ...

4.7CVSS6.3AI score
Exploits0References1
Cvelist
Cvelist
added yesterday23 views

CVE-2026-15684 Glarysoft Glary Utilities Link Following Local Privilege Escalation Vulnerability

Glarysoft Glary Utilities Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Glarysoft Glary Utilities. An attacker must first obtain the ability to execute low-privileged code on the target system...

7.3CVSS
Exploits0References1
CVE
CVE
added 2026/04/01 4:8 p.m.18 views

CVE-2026-34603

CVE-2026-34603 affects TinaCMS: its media endpoints in @tinacms/cli (and related GraphQL handling) allow escaping the media root when symlinks or junctions exist in the media directory. The issue stems from lexical path-traversal checks that do not resolve symlink targets, enabling operations (li...

8.3CVSS5.8AI score0.00408EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/01 4:5 p.m.2 views

CVE-2026-34604 @tinacms/graphql's `FilesystemBridge` Path Validation Can Be Bypassed via Symlinks or Junctions

Tina is a headless content management system. Prior to version 2.2.2, @tinacms/graphql uses string-based path containment checks in FilesystemBridge. That blocks plain ../ traversal, but it does not resolve symlink or junction targets. If a symlink/junction already exists under the allowed conten...

7.1CVSS5.8AI score0.00372EPSS
Exploits0References2
OSV
OSV
added 2026/04/01 12:25 a.m.4 views

GHSA-G9C2-GF25-3X67 @tinacms/graphql's `FilesystemBridge` Path Validation Can Be Bypassed via Symlinks or Junctions

Summary @tinacms/graphql uses string-based path containment checks in FilesystemBridge: - path.resolvepath.joinbaseDir, filepath - startsWithresolvedBase + path.sep That blocks plain ../ traversal, but it does not resolve symlink or junction targets. If a symlink/junction already exists under the...

7.1CVSS5.9AI score0.00372EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/04/01 12:25 a.m.9 views

@tinacms/graphql's `FilesystemBridge` Path Validation Can Be Bypassed via Symlinks or Junctions

Summary @tinacms/graphql uses string-based path containment checks in FilesystemBridge: - path.resolvepath.joinbaseDir, filepath - startsWithresolvedBase + path.sep That blocks plain ../ traversal, but it does not resolve symlink or junction targets. If a symlink/junction already exists under the...

8.8CVSS5.9AI score0.00372EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/04/01 12:23 a.m.5 views

GHSA-G87C-R2JP-293W @tinacms/graphql's Media Endpoints Can Escape the Media Root via Symlinks or Junctions

Summary @tinacms/cli recently added lexical path-traversal checks to the dev media routes, but the implementation still validates only the path string and does not resolve symlink or junction targets. If a link already exists under the media root, Tina accepts a path like...

7.1CVSS5.8AI score0.00408EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/04/01 12:0 a.m.17 views

PT-2026-29498

Name of the Vulnerable Software and Affected Versions Tina versions prior to 2.2.2 Description A path-traversal issue exists in Tina, a headless content management system, due to insufficient validation of file paths in the dev media routes. The implementation validates only the path string and...

8.3CVSS5.4AI score0.00408EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2026/01/29 8:39 a.m.3 views

CVE-2026-23563 Privilege escalation in TeamViewer DEX via DeleteFileByPath instruction

Improper Link Resolution Before File Access invoked by 1E‑Explorer‑TachyonCore‑DeleteFileByPath instruction in TeamViewer DEX - 1E Client before version 26.1 on Windows allows a low‑privileged local attacker to delete protected system files via a crafted RPC control junction or symlink that is...

5.7CVSS5.9AI score0.00195EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/01/29 12:0 a.m.7 views

PT-2026-5250

Name of the Vulnerable Software and Affected Versions TeamViewer DEX - 1E Client versions prior to 26.1 Description The software contains a flaw related to improper link resolution before file access. This issue, triggered by the 1E‑Explorer‑TachyonCore‑DeleteFileByPath instruction, allows a loca...

7.1CVSS5.7AI score0.00195EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2025/12/23 9:41 p.m.3 views

CVE-2025-12838 MSP360 Free Backup Link Following Local Privilege Escalation Vulnerability

MSP360 Free Backup Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MSP360 Free Backup. An attacker must first obtain the ability to execute low-privileged code on the target system in order to...

7.3CVSS7.2AI score0.00147EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/12/23 9:41 p.m.41 views

CVE-2025-12838 MSP360 Free Backup Link Following Local Privilege Escalation Vulnerability

MSP360 Free Backup Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MSP360 Free Backup. An attacker must first obtain the ability to execute low-privileged code on the target system in order to...

7.3CVSS0.00147EPSS
Exploits0References1
CVE
CVE
added 2025/12/23 9:41 p.m.15 views

CVE-2025-12838

MSP360 Free Backup is affected by a local privilege escalation vulnerability (CVE-2025-12838) in the restore functionality. The flaw allows an attacker who can run low-privileged code and must induce admin interaction to create a junction that enables arbitrary file creation, enabling privilege e...

7.3CVSS7.6AI score0.00147EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2025/11/11 12:0 a.m.6 views

MSP360 Free Backup Link Following Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of MSP360 Free Backup. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. User interaction on the part of an administrator ...

7.3CVSS7.4AI score0.00147EPSS
Exploits0
Zero Day Initiative
Zero Day Initiative
added 2025/10/27 12:0 a.m.6 views

Veeam Agent for Microsoft Windows Link Following Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Veeam Agent for Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. User interaction on the part of an...

7.3CVSS8.3AI score0.0016EPSS
Exploits0References1
CVE
CVE
added 2025/10/13 8:13 a.m.16 views

CVE-2025-9968

CVE-2025-9968 affects the Armoury Crate product family, specifically the UnifyScanner component. A link following vulnerability can be triggered by crafting a junction, potentially allowing local privilege escalation. Impact is described as high for confidentiality and integrity with local attack...

8.5CVSS6.1AI score0.00183EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.8 views

EUVD-2020-2328

Malware in sbrugna...

7.8CVSS7.4AI score0.00911EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.8 views

EUVD-2019-10040

Malware in sbrugna...

7.8CVSS7.5AI score0.01751EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2020-29006

Malware in sbrugna...

5.5CVSS5.6AI score0.00466EPSS
Exploits0References3
Rows per page
Query Builder