Lucene search
K

9 matches found

EUVD
EUVD
added 5 days ago6 views

EUVD-2026-42768

decompress before 4.2.2 allows arbitrary hardlink creation during archive extraction, enabling file read disclosure and file corruption. When processing hardlink entries type === 'link', the x.linkname field from the archive is passed directly to fs.link without validation index.js line 113. An...

5.5CVSS6.1AI score0.00248EPSS
Exploits1References4
NVD
NVD
added 6 days ago6 views

CVE-2026-39243

decompress before 4.2.2 allows arbitrary hardlink creation during archive extraction, enabling file read disclosure and file corruption. When processing hardlink entries type === 'link', the x.linkname field from the archive is passed directly to fs.link without validation index.js line 113. An...

5.5CVSS0.00248EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 6 days ago6 views

CVE-2026-39243

decompress before 4.2.2 allows arbitrary hardlink creation during archive extraction, enabling file read disclosure and file corruption. When processing hardlink entries type === 'link', the x.linkname field from the archive is passed directly to fs.link without validation index.js line 113. An...

5.5CVSS6.1AI score0.00248EPSS
Exploits1References4
Cvelist
Cvelist
added 6 days ago29 views

CVE-2026-39243

decompress before 4.2.2 allows arbitrary hardlink creation during archive extraction, enabling file read disclosure and file corruption. When processing hardlink entries type === 'link', the x.linkname field from the archive is passed directly to fs.link without validation index.js line 113. An...

0.00248EPSS
Exploits1References3
CVE
CVE
added 2026/05/14 3:36 p.m.37 views

CVE-2026-42590

Gotenberg contains a vulnerability (CVE-2026-42590) where ExifTool group-prefix syntax can bypass the dangerous-tag blocklist in metadata handling, allowing arbitrary file rename, move, hardlinks, and symlinks on the server. The issue exists prior to version 8.30.0; the safeKeyPattern and prefix ...

8.2CVSS5.9AI score0.0029EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2026/05/07 12:55 a.m.15 views

GHSA-7V3R-M9C8-R855 Gotenberg's ExifTool group-prefix syntax bypasses dangerous-tag blocklist

Summary The ExifTool metadata write blocklist in Gotenberg v8 can be bypassed using ExifTool's group-prefix syntax, enabling arbitrary file rename, move, hardlink, and symlink creation on the server. This is a bypass of the fix for GHSA-qmwh-9m9c-h36m. Details The blocklist in...

8.2CVSS5.9AI score0.0029EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2025/05/22 3:44 p.m.8 views

CVE-2020-9451

An issue was discovered in Acronis True Image 2020 24.5.22510. antiransomwareservice.exe keeps a log in a folder where unprivileged users have write permissions. The logs are generated in a predictable pattern, allowing an unprivileged user to create a hardlink from a not yet created log file to...

5.5CVSS6.8AI score0.00384EPSS
Exploits1References1
UbuntuCve
UbuntuCve
added 2021/04/26 4:15 p.m.26 views

CVE-2021-27851

A security vulnerability that can lead to local privilege escalation has been found in ’guix-daemon’. It affects multi-user setups in which ’guix-daemon’ runs locally. The attack consists in having an unprivileged user spawn a build process, for instance with guix build, that makes its build...

5.5CVSS6AI score0.00334EPSS
Exploits0References4
GithubExploit
GithubExploit
added 2020/06/25 7:35 a.m.117 views

Exploit for Link Following in Docker Desktop

CVE-2020-10665 Docker Desktop Local Privilege Escalation POC...

7.2CVSS7AI score0.01435EPSS
Exploits2
Rows per page
Query Builder