CVE-2026-44881

Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and ACI environments. From 2.33.0 to before 2.33.8, 2.39.2, and 2.41.0, Portainer supports deploying stacks from Git repositories. When a...

RHCOS 3 : OpenShift Container Platform 3.11 atomic-openshift (RHSA-2019:3905)

The remote Red Hat Enterprise Linux CoreOS 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:3905 advisory. - kubernetes: kubectl cp allows for arbitrary file write via double symlinks CVE-2019-11251 - kubernetes: YAML parsing vulnerable to...

OPENSUSE-SU-2026:20554-1 Security update for dovecot24

This update for dovecot24 fixes the following issues: - Update to v2.4.3 - CVE-2025-59028: Invalid base64 authentication can cause DoS for other logins bsc1260894. - CVE-2025-59031: decode2text.sh OOXML extraction may follow symlinks and read unintended files during indexing bsc1260895. -...

CVE-2026-27485

OpenClaw is a personal AI assistant. In versions 2026.2.17 and below, skills/skill-creator/scripts/packageskill.py a local helper script used when authors package skills previously followed symlinks while building .skill archives. If an author runs this script on a crafted local skill directory...

Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS : Pagure vulnerabilities (USN-7984-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7984-1 advisory. Thomas Chauchefoin discovered that Pagure incorrectly handled symbolic links in Git repositories. A remote attacker could possibl...

Important: git-lfs

Issue Overview: Git LFS is a Git extension for versioning large files. In Git LFS versions 0.5.2 through 3.7.0, when populating a Git repository's working tree with the contents of Git LFS objects, certain Git LFS commands may write to files visible outside the current Git working tree if symboli...

GHSA-6PVW-G552-53C5 Git LFS may write to arbitrary files via crafted symlinks

Impact When populating a Git repository's working tree with the contents of Git LFS objects, certain Git LFS commands may write to files visible outside the current Git working tree if symbolic or hard links exist which collide with the paths of files tracked by Git LFS. Git LFS has resolved this...

EUVD-2020-2272

Malware in sbrugna...

CVE-2025-57802 Airlink's Daemon Symlink Vulnerability

Airlink's Daemon interfaces with Docker and the Panel to provide secure access for controlling instances via the Panel. In version 1.0.0, an attacker with access to the affected container can create symbolic links inside the mounted directory /app/data. Because the container bind-mounts an...

CVE-2025-53109

Model Context Protocol Servers is a collection of reference implementations for the model context protocol MCP. Versions of Filesystem prior to 0.6.4 or 2025.7.01 could allow access to unintended files via symlinks within allowed directories. Users are advised to upgrade to 0.6.4 or 2025.7.01...

CVE-2025-53109

Model Context Protocol Servers is a collection of reference implementations for the model context protocol MCP. Versions of Filesystem prior to 0.6.4 or 2025.7.01 could allow access to unintended files via symlinks within allowed directories. Users are advised to upgrade to 0.6.4 or 2025.7.01...

CVE-2020-15076

Private Tunnel installer for macOS version 3.0.1 and older versions may corrupt system critical files it should not have access via symlinks in /tmp...

CVE-2020-0785

An elevation of privilege vulnerability exists when the Windows User Profile Service ProfSvc improperly handles symlinks, aka 'Windows User Profile Service Elevation of Privilege Vulnerability'...

jgit: arbitrary file overwrite

Arbitrary File Overwrite in Eclipse JGit = 6.6.0 In Eclipse JGit, all versions = 6.6.0.202305301015-r, a symbolic link present in a specially crafted git repository can be used to write a file to locations outside the working tree when this repository is cloned with JGit to a case-insensitive...

RLSA-2022:8554 Important: firefox security update

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.5.0 ESR. Security Fixes: Mozilla: Service Workers might have learned size of cross-origin media files CVE-2022-45403 Mozilla: Fullscreen...

UBUNTU-CVE-2019-11251

The Kubernetes kubectl cp command in versions 1.1-1.12, and versions prior to 1.13.11, 1.14.7, and 1.15.4 allows a combination of two symlinks provided by tar output of a malicious container to place a file outside of the destination directory specified in the kubectl cp invocation. This could be...

CVE-2011-4116

issafe in the File::Temp module for Perl does not properly handle symlinks...

CVE-2001-1171

Check Point Firewall-1 3.0b through 4.0 SP1 follows symlinks and creates a world-writable temporary .cpp file when compiling Policy rules, which could allow local users to gain privileges or modify the firewall policy...

CVE-2000-1156

StarOffice 5.2 follows symlinks and sets world-readable permissions for the /tmp/soffice.tmp directory, which allows a local user to read files of the user who is using StarOffice...