dotnet: .NET: Local file tampering via link following vulnerability

A flaw was found in .NET's System.Formats.Tar library. When extracting a specially crafted TAR archive containing symbolic links, the TarFile.ExtractToDirectory method may incorrectly follow those links and write files outside the intended extraction directory. An attacker could exploit this issu...

WordPress Simple File List plugin <= 6.3.7 - Missing Authorization to Unauthenticated File Modification via simplefilelist_edit_job AJAX Action vulnerability

Missing Authorization to Unauthenticated File Modification via simplefilelisteditjob AJAX Action vulnerability discovered by WordFence in WordPress Plugin Simple File List versions = 6.3.7...

CVE-2026-11912

The Simple File List plugin for WordPress is vulnerable to arbitrary file modification due to insufficient authorization checks in all versions up to, and including, 6.3.7. This makes it possible for unauthenticated attackers to delete and modify files on the serve. This vulnerability is...

CVE-2026-11912

The CVE-2026-11912 entry documents a vulnerability in the WordPress Simple File List plugin (≤ 6.3.7) where insufficient authorization allows arbitrary file modification. The issue affects all versions up to 6.3.7 and enables unauthenticated attackers to delete/modify files on the server. The roo...

EUVD-2026-38105

The Simple File List plugin for WordPress is vulnerable to arbitrary file modification due to insufficient authorization checks in all versions up to, and including, 6.3.7. This makes it possible for unauthenticated attackers to delete and modify files on the serve. This vulnerability is...

CVE-2026-11912

The Simple File List plugin for WordPress is vulnerable to arbitrary file modification due to insufficient authorization checks in all versions up to, and including, 6.3.7. This makes it possible for unauthenticated attackers to delete and modify files on the serve. This vulnerability is...

PT-2026-51132

Name of the Vulnerable Software and Affected Versions Simple File List versions prior to 6.3.8 Description The Simple File List plugin for WordPress contains insufficient authorization checks that allow unauthenticated attackers to delete and modify files on the server. This issue occurs within t...

CVE-2026-46748

A vulnerability has been identified in SINEC INS All versions V1.0 SP2 Update 6. The affected system includes a binary that is configured with the capdacoverride capability. This capability allows the process to bypass file system permission checks, resulting in unrestricted file system access...

Symlink Attack

Overview Affected versions of this package are vulnerable to Symlink Attack via improper link resolution before file access. An attacker can modify local files by exploiting symbolic links to redirect file operations to unintended locations. Remediation Upgrade...

Symlink Attack

Overview Affected versions of this package are vulnerable to Symlink Attack via improper link resolution before file access. An attacker can modify local files by exploiting symbolic links to redirect file operations to unintended locations. Remediation Upgrade...

Symlink Attack

Overview Affected versions of this package are vulnerable to Symlink Attack via improper link resolution before file access. An attacker can modify local files by exploiting symbolic links to redirect file operations to unintended locations. Remediation Upgrade...

Symlink Attack

Overview Affected versions of this package are vulnerable to Symlink Attack via improper link resolution before file access. An attacker can modify local files by exploiting symbolic links to redirect file operations to unintended locations. Remediation Upgrade...

CVE-2026-46748

A vulnerability has been identified in SINEC INS All versions V1.0 SP2 Update 6. The affected system includes a binary that is configured with the capdacoverride capability. This capability allows the process to bypass file system permission checks, resulting in unrestricted file system access...

EUVD-2026-35385

A vulnerability has been identified in SINEC INS All versions V1.0 SP2 Update 6. The affected system includes a binary that is configured with the capdacoverride capability. This capability allows the process to bypass file system permission checks, resulting in unrestricted file system access...

CVE-2026-42497

A flaw was found in perl-Archive-Tar. This vulnerability allows an attacker to craft a malicious tar archive that, when extracted, can create hardlinks to arbitrary files outside the intended extraction directory. This could lead to the modification of sensitive files on the system, potentially...

CVE-2026-8704

A flaw was found in Crypt-DSA for Perl. This vulnerability arises from the insecure use of the open function with two arguments, which can allow an attacker to modify existing files. This could lead to unauthorized alteration of data, impacting the integrity of the system. Mitigation Mitigation f...

CVE-2025-36145

IBM watsonx.data 2.2 through 2.3.1 IBM Lakehouse does not properly restrict inbound and outbound connections which could allow an attacker to transfer or modify files without restrictions...

CVE-2025-41670

A local user with low privileges may be able to influence the behavior of a privileged system service by manipulating configuration or application-related files located in user-writable areas of the filesystem. The affected service processes data from locations that are not sufficiently protected...

CVE-2026-36180

A lack of runtime integrity in GNCC GP5 v7.1.76 allows physically-proximate attackers to bypass file system read-only protections and modify system files and binaries for the duration of a boot session via a bind-mount attack...

PT-2026-46247

Name of the Vulnerable Software and Affected Versions GNCC GP5 version 7.1.76 Description A lack of runtime integrity allows physically-proximate attackers to bypass file system read-only protections. This enables the modification of system files and binaries for the duration of a boot session...