CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Positive Technologies•added 2026/06/17 12:0 a.m.•11 views

PT-2026-50562

Name of the Vulnerable Software and Affected Versions github workflows affected versions not specified Description The github workflows module constructs local directory paths using repository names provided by the user without validating for symlinks. A local attacker with access to the scan...

2.2CVSS5.2AI score0.00091EPSS

Snyk•added 2026/06/16 3:3 p.m.•7 views

Symlink Attack

Overview langchain-anthropic is an Integration package connecting Claude Anthropic APIs and LangChain Affected versions of this package are vulnerable to Symlink Attack via the file-search middleware and loaders that resolve filesystem paths and search patterns without confining the resolved path...

6.9CVSS5.9AI score0.0017EPSS

Exploits0References3

OPENSUSE Linux•added 2026/06/15 12:0 a.m.•4 views

Security update for python-python-dotenv (moderate)

openSUSE security update: security update for python-python-dotenv ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20952-1 Rating: moderate References: bsc1262423 Cross-References: CVE-2026-28684 CVSS scores: CVE-2026-28684 SUSE : 6.6...

6.6CVSS7.4AI score0.00236EPSS

Tenable Nessus•added 2026/06/13 12:0 a.m.•10 views

Linux Distros Unpatched Vulnerability : CVE-2026-54230

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A symlink following vulnerability was found in the ABRT post-create event handler scripts in libreport. Event scripts write output files using shell redirection...

7CVSS5.7AI score0.00122EPSS

NVD•added 2026/06/12 9:16 p.m.•10 views

CVE-2026-54056

Kitty is a cross-platform GPU based terminal. In versions 0.47.0 and 0.47.1, kitten dnd can allow a malicious remote drag-and-drop source to overwrite or truncate arbitrary files writable by the local kitty user. Remote text/uri-list drops are staged in a temporary directory, but on case-sensitiv...

7.6CVSS0.00268EPSS

OSV•added 2026/06/12 9:16 p.m.•9 views

DEBIAN-CVE-2026-54056

7.1CVSS5.7AI score0.00268EPSS

OSV•added 2026/06/12 8:16 p.m.•4 views

DEBIAN-CVE-2026-54055

Kitty is a cross-platform GPU based terminal. In versions prior to 0.47.2, a local privilege escalation vulnerability exists in kitty's file transmission protocol where a child process running in the terminal can write to arbitrary files on the filesystem by exploiting a TOCTOU...

5CVSS5.5AI score0.00072EPSS

Vulnrichment•added 2026/06/12 8:6 p.m.•6 views

CVE-2026-54056 Kitty has an arbitrary file overwrite via symlink following in `kitten dnd` remote drop staging

7.6CVSS5.6AI score0.00268EPSS

CVE•added 2026/06/11 5:4 a.m.•42 views

CVE-2026-41001

CVE-2026-41001 affects Spring Boot’s ArtemisEmbeddedConfigurationFactory, which uses a fixed, static path for the embedded Artemis broker data directory when no explicit path is configured. A local attacker on the same host can pre-create this predictable directory or place a symlink before appli...

5.3CVSS5.5AI score0.00094EPSS

OSV•added 2026/06/10 11:16 p.m.•4 views

DEBIAN-CVE-2026-49219

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-24, an incorrect parsing of the filename can result in a policy bypass and read files disallowed by a security policy using a symlink. This issue has been patched i...

5.5CVSS5.4AI score0.00128EPSS

NVD•added 2026/06/10 10:16 p.m.•8 views

CVE-2026-45384

bit7z is a cross-platform C++ static library that allows the compression/extraction of archive files. Prior to version 4.0.12, there is an arbitrary file overwrite vulnerability via symlink attack on predictable temp files during archive update. This issue has been patched in version 4.0.12...

6.1CVSS0.00125EPSS

Cvelist•added 2026/06/10 8:0 p.m.•27 views

CVE-2026-45384 bit7z: Arbitrary File Overwrite via Symlink Attack on Predictable Temp File During Archive Update

6.1CVSS0.00125EPSS

Vulnrichment•added 2026/06/10 8:0 p.m.•6 views

CVE-2026-45384 bit7z: Arbitrary File Overwrite via Symlink Attack on Predictable Temp File During Archive Update

6.1CVSS5.5AI score0.00125EPSS

EUVD•added 2026/06/10 8:0 p.m.•7 views

EUVD-2026-36115

6.1CVSS5.5AI score0.00125EPSS

CVE•added 2026/06/10 8:0 p.m.•20 views

CVE-2026-45384

Summary of CVE-2026-45384 (bit7z) Affected: bit7z library (cross-platform C++ library used for archive compression/extraction). Vulnerability: Prior to v4.0.12, an arbitrary file overwrite vulnerability exists via a symlink attack on predictable temporary files during an archive update. This stem...

6.1CVSS5.5AI score0.00125EPSS

CNNVD•added 2026/06/10 12:0 a.m.•8 views

Ansible 后置链接漏洞

Ansible is an easy-to-use IT automation system developed under the open source license. Ansible has a post-installation link vulnerability, which originates from the Posix authorizedkey module. The keyfile function uses os.chown instead of os.lchown, and does not use ONOFOLLOW to open files, whic...

7.3CVSS5.2AI score0.00127EPSS

EUVD•added 2026/06/09 6:31 p.m.•6 views

EUVD-2026-35706

Hermes WebUI before version 0.51.303 contains a time-of-check time-of-use TOCTOU race condition vulnerability in the gitdiscard function within api/workspacegit.py that allows attackers to delete files outside the configured workspace boundary by replacing a validated path component with a symlin...

5CVSS5.6AI score0.00081EPSS

Exploits0References6

Snyk•added 2026/06/09 5:4 p.m.•9 views

Symlink Attack

Overview Affected versions of this package are vulnerable to Symlink Attack via improper link resolution before file access. An attacker can modify local files by exploiting symbolic links to redirect file operations to unintended locations. Remediation Upgrade...

6.9CVSS5.3AI score0.00388EPSS

Snyk•added 2026/06/09 5:4 p.m.•3 views

Symlink Attack

6.9CVSS5.3AI score0.00388EPSS