Lucene search
K

252 matches found

RedHat Linux
RedHat Linux
added 2 days ago6 views

postgresql: PostgreSQL: Operating system account hijack via symlink following in pg_basebackup and pg_rewind

A flaw was found in PostgreSQL. This vulnerability, related to symlink following in pgbasebackup plain format and pgrewind, allows an origin superuser to overwrite local files. By exploiting this, an attacker could potentially hijack the operating system account. This attack has practical...

8.8CVSS7.2AI score0.00324EPSS
Exploits0References5
EUVD
EUVD
added 3 days ago7 views

EUVD-2026-41724

A weakness has been identified in zcaceres markdownify-mcp up to 1.1.0. The affected element is the function assertPathAllowed of the file src/Markdownify.ts. Executing a manipulation can lead to symlink following. The attack can only be executed locally. The pull request to fix this issue awaits...

4.8CVSS5.6AI score0.00137EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 3 days ago6 views

CVE-2026-14699

A weakness has been identified in zcaceres markdownify-mcp up to 1.1.0. The affected element is the function assertPathAllowed of the file src/Markdownify.ts. Executing a manipulation can lead to symlink following. The attack can only be executed locally. The pull request to fix this issue awaits...

4.8CVSS5.6AI score0.00137EPSS
Exploits0References8Affected Software1
CVE
CVE
added 3 days ago13 views

CVE-2026-14699

CVE-2026-14699 affects zcaceres/markdownify-mcp prior to 1.1.0. The vulnerability is in assertPathAllowed (src/Markdownify.ts) and can be triggered by local manipulation, potentially causing symlink following. Exploitation is limited to local access. A fix is pending in a pull request and not yet...

4.8CVSS5.6AI score0.00137EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added last week4 views

postgresql: PostgreSQL: Operating system account hijack via symlink following in pg_basebackup and pg_rewind

A flaw was found in PostgreSQL. This vulnerability, related to symlink following in pgbasebackup plain format and pgrewind, allows an origin superuser to overwrite local files. By exploiting this, an attacker could potentially hijack the operating system account. This attack has practical...

8.8CVSS5.9AI score0.00324EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/07/01 6:40 a.m.6 views

postgresql: PostgreSQL: Operating system account hijack via symlink following in pg_basebackup and pg_rewind

A flaw was found in PostgreSQL. This vulnerability, related to symlink following in pgbasebackup plain format and pgrewind, allows an origin superuser to overwrite local files. By exploiting this, an attacker could potentially hijack the operating system account. This attack has practical...

8.8CVSS7.4AI score0.00324EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/06/29 12:26 p.m.5 views

postgresql: PostgreSQL: Operating system account hijack via symlink following in pg_basebackup and pg_rewind

A flaw was found in PostgreSQL. This vulnerability, related to symlink following in pgbasebackup plain format and pgrewind, allows an origin superuser to overwrite local files. By exploiting this, an attacker could potentially hijack the operating system account. This attack has practical...

8.8CVSS5.9AI score0.00324EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/06/29 12:0 a.m.6 views

TencentOS Server 3: postgresql:15 (TSSA-2026:0555)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2026:0555 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

8.8CVSS7.5AI score0.00668EPSS
Exploits0References5
OSV
OSV
added 2026/06/25 10:34 p.m.5 views

GO-2026-5622 Arbitrary host CRI log file read via symlink following in CRI checkpoint restore in github.com/containerd/containerd

Arbitrary host CRI log file read via symlink following in CRI checkpoint restore in github.com/containerd/containerd...

8.2CVSS5.8AI score0.00208EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/25 5:37 p.m.28 views

CVE-2026-54094 File Browser: Symlink following lets scoped users read, overwrite, and share files outside their filebrowser scope

File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to 2.63.14, it does not stop the HTTP file handlers from following symbolic links before they open, serve, write, share, or list a file. As a result, a...

7.5CVSS0.0046EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/06/25 3:13 p.m.6 views

postgresql: PostgreSQL: Operating system account hijack via symlink following in pg_basebackup and pg_rewind

A flaw was found in PostgreSQL. This vulnerability, related to symlink following in pgbasebackup plain format and pgrewind, allows an origin superuser to overwrite local files. By exploiting this, an attacker could potentially hijack the operating system account. This attack has practical...

8.8CVSS6AI score0.00324EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/06/25 12:30 p.m.4 views

postgresql: PostgreSQL: Operating system account hijack via symlink following in pg_basebackup and pg_rewind

A flaw was found in PostgreSQL. This vulnerability, related to symlink following in pgbasebackup plain format and pgrewind, allows an origin superuser to overwrite local files. By exploiting this, an attacker could potentially hijack the operating system account. This attack has practical...

8.8CVSS5.9AI score0.00324EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/06/25 10:35 a.m.4 views

postgresql: PostgreSQL: Operating system account hijack via symlink following in pg_basebackup and pg_rewind

A flaw was found in PostgreSQL. This vulnerability, related to symlink following in pgbasebackup plain format and pgrewind, allows an origin superuser to overwrite local files. By exploiting this, an attacker could potentially hijack the operating system account. This attack has practical...

8.8CVSS5.9AI score0.00324EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/06/25 2:49 a.m.4 views

postgresql: PostgreSQL: Operating system account hijack via symlink following in pg_basebackup and pg_rewind

A flaw was found in PostgreSQL. This vulnerability, related to symlink following in pgbasebackup plain format and pgrewind, allows an origin superuser to overwrite local files. By exploiting this, an attacker could potentially hijack the operating system account. This attack has practical...

8.8CVSS6AI score0.00324EPSS
Exploits0References5
NVD
NVD
added 2026/06/23 4:17 p.m.13 views

CVE-2026-56692

NanoClaw before 2.1.17 contains a symlink following vulnerability in forwardAttachedFiles that allows container-controlled agents to exfiltrate host-readable files. The host validates attachment filenames using only isSafeAttachmentName before copying with fs.copyFileSync, which follows symlinks...

6.8CVSS0.00131EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/23 3:34 p.m.7 views

EUVD-2026-38464

NanoClaw before 2.1.17 contains a symlink following vulnerability in forwardAttachedFiles that allows container-controlled agents to exfiltrate host-readable files. The host validates attachment filenames using only isSafeAttachmentName before copying with fs.copyFileSync, which follows symlinks...

6.8CVSS5.9AI score0.00131EPSS
Exploits0References3
CVE
CVE
added 2026/06/23 3:34 p.m.21 views

CVE-2026-56692

Vulnerability summary (CVE-2026-56692): NanoClaw prior to 2.1.17 contains a symlink-following flaw in forwardAttachedFiles that can exfiltrate host-readable files. The host validates attachments with isSafeAttachmentName, then copies via fs.copyFileSync, which follows symlinks without containment...

6.8CVSS5.9AI score0.00131EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/23 3:34 p.m.37 views

CVE-2026-56692 NanoClaw < 2.1.17 - Arbitrary File Read via Symlink Following in forwardAttachedFiles

NanoClaw before 2.1.17 contains a symlink following vulnerability in forwardAttachedFiles that allows container-controlled agents to exfiltrate host-readable files. The host validates attachment filenames using only isSafeAttachmentName before copying with fs.copyFileSync, which follows symlinks...

6.8CVSS0.00131EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.11 views

PT-2026-51524

Name of the Vulnerable Software and Affected Versions pwnlift versions prior to d7a9544 Description In a privileged deployment, the upload handler in 'Components/Pages/Home.razor' contains a symlink following issue. This occurs when the application follows symbolic links files that point to anoth...

7.4CVSS5.9AI score0.00142EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/06/22 8:17 p.m.4 views

postgresql: PostgreSQL: Operating system account hijack via symlink following in pg_basebackup and pg_rewind

A flaw was found in PostgreSQL. This vulnerability, related to symlink following in pgbasebackup plain format and pgrewind, allows an origin superuser to overwrite local files. By exploiting this, an attacker could potentially hijack the operating system account. This attack has practical...

8.8CVSS6AI score0.00324EPSS
Exploits0References5
Rows per page
Query Builder