bit7z 后置链接漏洞

bit7z is a file compression/uncompression tool developed by Riccardo as an individual project. Versions of bit7z prior to 4.0.12 had a post-installation link vulnerability. This vulnerability stemmed from the use of symbolic links during archive updates, allowing for arbitrary file overwriting...

Assisted Migration Agent 后置链接漏洞

Assisted Migration Agent is an open-source virtualization environment data collection and migration planning tool developed by KubeV2V. Assisted Migration Agent has a post-installation vulnerability, which stems from an unauthenticated attacker located within the same network. This attacker...

Debusine 后置链接漏洞

Debusine is a software supply management platform for the Debian community, focused on package building, testing, analysis, and distribution. Debusine has a post-installation vulnerability that stems from allowing arbitrary user-controlled paths during the parsing of Debian source packages and th...

Microsoft Winlogon 后置链接漏洞

Microsoft Winlogon is a component built into the Windows NT series operating system developed by Microsoft. There is a post-release vulnerability in Microsoft Winlogon. Attackers can exploit this vulnerability to gain elevated privileges. The following products and versions are affected: Windows ...

Froxlor 后置链接漏洞

Froxlor is a set of lightweight server management software developed by the Froxlor team. Version 2.3.6 of Froxlor contains a post-installation link vulnerability. This vulnerability stems from a symbolic link follow-up flaw in the SSH key synchronization path, which may allow root access via SSH...

CVE-2026-7365 IBM Operations Analytics - Log Analysis is affected by Information disclosure due to default passwords not being forced to be changed on post-installation

IBM Operations Analytics - Log Analysis and IBM SmartCloud Analytics - Log Analysis uses default passwords default passwords from the manufacturing process for use during the installation process, which could allow an attacker to bypass authentication...

CVE-2026-7365 IBM Operations Analytics - Log Analysis is affected by Information disclosure due to default passwords not being forced to be changed on post-installation

IBM Operations Analytics - Log Analysis and IBM SmartCloud Analytics - Log Analysis uses default passwords default passwords from the manufacturing process for use during the installation process, which could allow an attacker to bypass authentication...

cramfs-tools 后置链接漏洞

cramfs-tools is a compression read-only file system tool developed by Nicolas Pitre. Versions of cramfs-tools prior to 2.2 had a post-installation link vulnerability. This vulnerability stemmed from the operation of the changefilestatus function in the cramfsck.c file, which allowed symbolic link...

vm2 后置链接漏洞

vm2 is a high-level virtual machine/sandbox developed by Czech developer Patrik Simek. It runs untrusted code using Node’s built-in modules listed in the allowlist. In version 3.10.5 of vm2, there was a post-installation vulnerability that could lead to remote code execution. This vulnerability...

HashiCorp Nomad和HashiCorp Nomad Enterprise 后置链接漏洞

HashiCorp Nomad and HashiCorp Nomad Enterprise are both products from HashiCorp, a company based in the United States. HashiCorp Nomad is a simple and flexible scheduler and orchestrator. It’s used for managing containers and non-containerized applications on both local and cloud environments...

Froxlor 后置链接漏洞

Froxlor is a set of lightweight server management software developed by the Froxlor team. Versions of Froxlor prior to 2.3.6 had a post-installation link vulnerability. This vulnerability stemmed from the DataDump.add function not passing the $fixedhomedir parameter when constructing the export...

uutils coreutils 后置链接漏洞

uutils coreutils is a cross-platform core command-line toolset developed by Uutils Open Source. uutils coreutils has a post-installation link vulnerability. This vulnerability stems from the rm utility allowing bypass of the --preserve-root protection. Instead of using device and inode numbers fo...

uutils coreutils 后置链接漏洞

uutils coreutils is a cross-platform core command-line toolset developed by Uutils Open Source. uutils coreutils has a post-installation link vulnerability. This vulnerability arises because the tail utility may disclose sensitive file contents when using the --follow=name option. Unlike GNU tail...

uutils coreutils 后置链接漏洞

uutils coreutils is a cross-platform core command-line toolset developed by Uutils. uutils coreutils has a post-installation link vulnerability, which stems from a race condition. This vulnerability could allow attackers to bypass the intended references, enabling the privileged cp process to cop...

uutils coreutils 后置链接漏洞

uutils coreutils is a cross-platform core command-line toolset developed by Uutils. uutils coreutils has a post-installation link vulnerability, which arises from improper handling of directories containing symbolic links during the mv command’s file system boundary movement. This vulnerability m...

GHSA-8RH5-4MVX-XJ7J CI4MS Vulnerable to Post-Installation Re-entry via Cache-Dependent Install Guard Bypass

Summary The install route guard in ci4ms relies solely on a volatile cache check cache'settings' combined with .env file existence to block post-installation access to the setup wizard. When the database is temporarily unreachable during a cache miss TTL expiry or admin-triggered cache clear, the...

CVE-2026-39393 Post-Installation Re-entry via Cache-Dependent Install Guard Bypass in ci4ms

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to 0.31.4.0, the install route guard in ci4ms relies solely on a volatile cache check cache'settings' combined with .env file existence to block...

CVE-2026-39393

CVE-2026-39393 affects the ci4ms CodeIgniter 4-based CMS skeleton. Before 0.31.4.0, the install route guard uses a volatile cache check (cache('settings')) and .env existence to block setup access; if the database is temporarily unreachable during a cache miss, the guard can fail open, allowing a...

Microsoft Winlogon 后置链接漏洞

Microsoft Winlogon is a component built into the Windows NT series operating system developed by Microsoft. There is a post-release vulnerability in Microsoft Winlogon. Attackers can exploit this vulnerability to gain elevated privileges. The following products and versions are affected: Windows ...

Intego Personal Backup 后置链接漏洞

Intego Personal Backup is a backup tool developed by the Intego company. Intego Personal Backup has a post-installation vulnerability that stems from the fact that backup task definitions are stored in a location that can be written to by non-privileged users. However, these tasks are processed...