RLSA-2026:19134 Important: grafana security update

Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Security Fixes: grafana: Grafana: Information disclosure of data-source passwords via public dashboards CVE-2026-27877 golang: internal/syscall/unix: Root.Chmod can follow symlinks out of...

Froxlor has privilege escalation in SSH key synchronization via symlinked `authorized_keys` path

Summary Froxlor 2.3.6 contains a symlink-following flaw in the root-owned SSH key synchronization path used for customer FTP users. The provisioning code appends public keys to /.ssh/authorizedkeys under a customer-controlled home directory without verifying that the target path is not a symbolic...

CVE-2026-7832 IObit Advanced SystemCare Service ASC.exe symlink

A security flaw has been discovered in IObit Advanced SystemCare 19. This affects an unknown part of the file ASC.exe of the component Service. The manipulation results in symlink following. Attacking locally is a requirement. This attack is characterized by high complexity. It is indicated that...

EUVD-2026-21080

A UNIX Symbolic Link Symlink Following vulnerability in the CLI of Juniper Networks Junos OS allows a local, authenticated attacker with low privileges to escalate their privileges to root which will lead to a complete compromise of the system. When after a user has performed a specific 'file lin...

EUVD-2026-13019

OpenClaw versions prior to 2026.3.2 contain a vulnerability in the stageSandboxMedia function in which it fails to validate destination symlinks during media staging, allowing writes to follow symlinks outside the sandbox workspace. Attackers can exploit this by placing symlinks in the...

PT-2026-24244

Name of the Vulnerable Software and Affected Versions Fortinet FortiClientLinux versions 7.2.2 through 7.2.12 Fortinet FortiClientLinux versions 7.4.0 through 7.4.4 Description A flaw exists in Fortinet FortiClientLinux that involves a symbolic link Symlink following issue. This can allow a local...

CVE-2026-1386

A UNIX symbolic link following issue in the jailer component in Firecracker version v1.13.1 and earlier and 1.14.0 on Linux may allow a local host user with write access to the pre-created jailer directories to overwrite arbitrary host files via a symlink attack during the initialization copy at...

CVE-2025-30662

Symlink following in the installer for the Zoom Workplace VDI Plugin macOS Universal installer before version 6.3.14, 6.4.14, and 6.5.10 in their respective tracks may allow an authenticated user to conduct a disclosure of information via network access...

CVE-2025-30662

Symlink following in the installer for the Zoom Workplace VDI Plugin macOS Universal installer before version 6.3.14, 6.4.14, and 6.5.10 in their respective tracks may allow an authenticated user to conduct a disclosure of information via network access...

EUVD-2025-175306

Symlink following in the installer for the Zoom Workplace VDI Plugin macOS Universal installer before version 6.3.14, 6.4.14, and 6.5.10 in their respective tracks may allow an authenticated user to conduct a disclosure of information via network access...

CVE-2025-30662

The CVE-2025-30662 issue is a symlink-following flaw in the macOS installer for Zoom Workplace VDI Plugin, affecting Universal installers prior to 6.3.14, 6.4.14, and 6.5.10. The root cause is symlink following during installation, which could allow an authenticated user to disclose information v...

PT-2025-46835

Name of the Vulnerable Software and Affected Versions Zoom Workplace VDI Plugin versions 6.3.0 through 6.3.13 Zoom Workplace VDI Plugin versions 6.4.0 through 6.4.13 Zoom Workplace VDI Plugin versions 6.5.0 through 6.5.9 Description The installer for the Zoom Workplace VDI Plugin on macOS is...

CVE-2025-64437 KubeVirt Isolation Detection Flaw Allows Arbitrary File Permission Changes

KubeVirt is a virtual machine management add-on for Kubernetes. In versions before 1.5.3 and 1.6.1, the virt-handler does not verify whether the launcher-sock is a symlink or a regular file. This oversight can be exploited, for example, to change the ownership of arbitrary files on the host node ...

PT-2025-45511

Name of the Vulnerable Software and Affected Versions KubeVirt versions prior to 1.5.3 KubeVirt versions prior to 1.6.1 Description KubeVirt, a virtual machine management add-on for Kubernetes, contains a flaw that permits a virtual machine VM to read arbitrary files from the virt-launcher pod's...

PT-2025-44840

Name of the Vulnerable Software and Affected Versions macOS versions prior to Sonoma 14.8.2 macOS versions prior to Sequoia 15.7.2 Description An application may be able to access protected user data due to improved handling of symlinks. Recommendations Update to macOS Sonoma version 14.8.2 or...

CVE-2025-43991

SupportAssist for Home PCs versions 4.8.2 and prior and SupportAssist for Business PCs versions 4.5.3 and prior, contain an UNIX Symbolic Link Symlink following vulnerability. A low privileged attacker with local access to the system could potentially exploit this vulnerability to delete arbitrar...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: multipath-tools (UTSA-2025-680596)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-680596 advisory. multipath-tools 0.7.7 through 0.9.x before 0.9.2 allows local users to obtain root access, as exploited in conjunction with CVE-2022-41974. Local users able to acces...

Linux Distros Unpatched Vulnerability : CVE-2021-25321

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A UNIX Symbolic Link Symlink Following vulnerability in arpwatch of SUSE Linux Enterprise Server 11-SP4-LTSS, SUSE Manager Server 4.0, SUSE OpenStack Cloud...

CVE-2025-54867 Youki Symlink Following Vulnerability

Youki is a container runtime written in Rust. Prior to version 0.5.5, if /proc and /sys in the rootfs are symbolic links, they can potentially be exploited to gain access to the host root filesystem. This issue has been patched in version 0.5.5...

UNIX Symbolic Link (Symlink) Following

Overview Affected versions of this package are vulnerable to UNIX Symbolic Link Symlink Following via improper checks of a path's existence under the .git directory. An attacker can execute arbitrary commands with the privileges of the configured account in RUNUSER. By exploiting this flaw, an...