755 matches found
EUVD-2026-41579
Improper link resolution before file access 'link following' in Microsoft Edge Chromium-based allows an unauthorized attacker to disclose information over a network...
EUVD-2026-41546
Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an improper link resolution before file access 'Link following' vulnerabilit...
CVE-2026-46464
Dell PowerProtect Data Domain contains an improper link resolution before file access vulnerability (CVE-2026-46464) affecting 7.7.1.0–8.7, LTS2026 8.6.1.0–8.6.1.10, LTS2025 8.3.1.0–8.3.1.30, and LTS2024 7.13.1.0–7.13.1.70. A high‑privileged, remote attacker could cause information disclosure. Th...
EUVD-2026-41542
Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an improper link resolution before file access 'Link following' vulnerabilit...
CVE-2026-46468
CVE-2026-46468 affects Dell PowerProtect Data Domain: affected versions include 7.7.1.0–8.7, and specific LTS2024/2025/2026 ranges. The issue is an improper link resolution before file access (link following) that can be exploited by a high-privilege, local attacker to cause information exposure....
EUVD-2026-41532
Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an improper link resolution before file access 'link following' vulnerabilit...
postgresql: PostgreSQL: Operating system account hijack via symlink following in pg_basebackup and pg_rewind
A flaw was found in PostgreSQL. This vulnerability, related to symlink following in pgbasebackup plain format and pgrewind, allows an origin superuser to overwrite local files. By exploiting this, an attacker could potentially hijack the operating system account. This attack has practical...
postgresql: PostgreSQL: Operating system account hijack via symlink following in pg_basebackup and pg_rewind
A flaw was found in PostgreSQL. This vulnerability, related to symlink following in pgbasebackup plain format and pgrewind, allows an origin superuser to overwrite local files. By exploiting this, an attacker could potentially hijack the operating system account. This attack has practical...
postgresql: PostgreSQL: Operating system account hijack via symlink following in pg_basebackup and pg_rewind
A flaw was found in PostgreSQL. This vulnerability, related to symlink following in pgbasebackup plain format and pgrewind, allows an origin superuser to overwrite local files. By exploiting this, an attacker could potentially hijack the operating system account. This attack has practical...
GO-2026-5622 Arbitrary host CRI log file read via symlink following in CRI checkpoint restore in github.com/containerd/containerd
Arbitrary host CRI log file read via symlink following in CRI checkpoint restore in github.com/containerd/containerd...
CVE-2026-54094 File Browser: Symlink following lets scoped users read, overwrite, and share files outside their filebrowser scope
File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to 2.63.14, it does not stop the HTTP file handlers from following symbolic links before they open, serve, write, share, or list a file. As a result, a...
postgresql: PostgreSQL: Operating system account hijack via symlink following in pg_basebackup and pg_rewind
A flaw was found in PostgreSQL. This vulnerability, related to symlink following in pgbasebackup plain format and pgrewind, allows an origin superuser to overwrite local files. By exploiting this, an attacker could potentially hijack the operating system account. This attack has practical...
postgresql: PostgreSQL: Operating system account hijack via symlink following in pg_basebackup and pg_rewind
A flaw was found in PostgreSQL. This vulnerability, related to symlink following in pgbasebackup plain format and pgrewind, allows an origin superuser to overwrite local files. By exploiting this, an attacker could potentially hijack the operating system account. This attack has practical...
postgresql: PostgreSQL: Operating system account hijack via symlink following in pg_basebackup and pg_rewind
A flaw was found in PostgreSQL. This vulnerability, related to symlink following in pgbasebackup plain format and pgrewind, allows an origin superuser to overwrite local files. By exploiting this, an attacker could potentially hijack the operating system account. This attack has practical...
postgresql: PostgreSQL: Operating system account hijack via symlink following in pg_basebackup and pg_rewind
A flaw was found in PostgreSQL. This vulnerability, related to symlink following in pgbasebackup plain format and pgrewind, allows an origin superuser to overwrite local files. By exploiting this, an attacker could potentially hijack the operating system account. This attack has practical...
CVE-2026-56692
NanoClaw before 2.1.17 contains a symlink following vulnerability in forwardAttachedFiles that allows container-controlled agents to exfiltrate host-readable files. The host validates attachment filenames using only isSafeAttachmentName before copying with fs.copyFileSync, which follows symlinks...
Security Bulletin: SSRF via HTTP Redirect Following in Langflow API Request Component
Summary Langflow OSS contains SSRF vulnerability in API Request component allowing authenticated flow authors to read localhost/private HTTP services via redirect following. APIRequestComponent.makeapirequest validates only initial URL with validateandresolveurl and pins DNS for initial hostname,...
CVE-2026-56692 NanoClaw < 2.1.17 - Arbitrary File Read via Symlink Following in forwardAttachedFiles
NanoClaw before 2.1.17 contains a symlink following vulnerability in forwardAttachedFiles that allows container-controlled agents to exfiltrate host-readable files. The host validates attachment filenames using only isSafeAttachmentName before copying with fs.copyFileSync, which follows symlinks...
EUVD-2026-38464
NanoClaw before 2.1.17 contains a symlink following vulnerability in forwardAttachedFiles that allows container-controlled agents to exfiltrate host-readable files. The host validates attachment filenames using only isSafeAttachmentName before copying with fs.copyFileSync, which follows symlinks...
CVE-2026-56692
Vulnerability summary (CVE-2026-56692): NanoClaw prior to 2.1.17 contains a symlink-following flaw in forwardAttachedFiles that can exfiltrate host-readable files. The host validates attachments with isSafeAttachmentName, then copies via fs.copyFileSync, which follows symlinks without containment...