444 matches found
UBUNTU-CVE-2026-45842
In the Linux kernel, the following vulnerability has been resolved: slip: reject VJ receive packets on instances with no rstate array slhcinit accepts rslots == 0 as a valid configuration, with the documented meaning of 'no receive compression'. In that case the allocation loop in slhcinit is...
CVE-2026-44470
The Claude Desktop app gives you Claude Code with a graphical interface built for running multiple sessions side by side. Prior to 1.3834.0, the CoworkVMService component in Claude Desktop for Windows ran as SYSTEM and did not validate whether the VM bundle directory was a real directory or an NT...
CVE-2026-44470 Claude Desktop: Local Privilege Escalation via Directory Junction in CoworkVMService
The Claude Desktop app gives you Claude Code with a graphical interface built for running multiple sessions side by side. Prior to 1.3834.0, the CoworkVMService component in Claude Desktop for Windows ran as SYSTEM and did not validate whether the VM bundle directory was a real directory or an NT...
CVE-2026-44470
CVE-2026-44470 affects the Claude Desktop application for Windows, specifically the CoworkVMService component. Prior to version 1.3834.0, the service ran as SYSTEM and did not validate whether the VM bundle directory was a real directory or an NTFS directory junction before creating files. A loca...
EUVD-2026-30049
The Claude Desktop app gives you Claude Code with a graphical interface built for running multiple sessions side by side. Prior to 1.3834.0, the CoworkVMService component in Claude Desktop for Windows ran as SYSTEM and did not validate whether the VM bundle directory was a real directory or an NT...
CVE-2026-44470
The Claude Desktop app gives you Claude Code with a graphical interface built for running multiple sessions side by side. Prior to 1.3834.0, the CoworkVMService component in Claude Desktop for Windows ran as SYSTEM and did not validate whether the VM bundle directory was a real directory or an NT...
Claude Code 后置链接漏洞
Claude Code is an open-source terminal-native AI programming tool developed by Anthropic. Versions of Claude Code prior to 1.3834.0 contained a post-installation vulnerability. This vulnerability stemmed from the CoworkVMService component running with SYSTEM privileges and without verifying wheth...
Norton Secure VPN Installation Insecure Operation On Junction Privilege Escalation Vulnerability
Talos Vulnerability Report TALOS-2025-2276 Norton Secure VPN Installation Insecure Operation On Junction Privilege Escalation Vulnerability May 4, 2026 CVE Number CVE-2025-58074 SUMMARY A privilege escalation vulnerability exists during the installation of Norton Secure VPN via the Microsoft Stor...
Tenable Nessus Agent < 11.1.3 Arbitrary File Deletion (TNS-2026-12)
According to its self-reported version, the Tenable Nessus Agent running on the remote Windows host is prior to 11.1.3. It is, therefore, affected by an arbitrary file deletion vulnerability as referenced in the TNS-2026-12 advisory. - A vulnerability exists in Nessus Agent on Windows where an...
EUVD-2026-25265
This vulnerability allows an attacker to create a junction, enabling the deletion of arbitrary files with SYSTEM privileges. As a result, this condition potentially facilitates arbitrary code execution, whereby an attacker may exploit the vulnerability to execute malicious code with elevated SYST...
CVE-2026-33694
This vulnerability allows an attacker to create a junction, enabling the deletion of arbitrary files with SYSTEM privileges. As a result, this condition potentially facilitates arbitrary code execution, whereby an attacker may exploit the vulnerability to execute malicious code with elevated SYST...
[R1] Nessus Versions 10.11.4 and 10.12.0 Fixes Arbitrary File Deletion
R1 Nessus Versions 10.11.4 and 10.12.0 Fixes Arbitrary File Deletion Jason Schavel Thu, 04/23/2026 - 14:30 A vulnerability has been identified in Nessus on Windows where an attacker to create a junction, enabling the deletion of arbitrary files with SYSTEM privileges. As a result, this condition...
[R1] Nessus Agent Version 11.1.3 Fixes Arbitrary File Deletion
R1 Nessus Agent Version 11.1.3 Fixes Arbitrary File Deletion Jason Schavel Thu, 04/23/2026 - 14:10 A vulnerability has been identified in Nessus Agent on Windows where an attacker to create a junction, enabling the deletion of arbitrary files with SYSTEM privileges. As a result, this condition...
CVE-2026-33694 Junction File Manipulation
This vulnerability allows an attacker to create a junction, enabling the deletion of arbitrary files with SYSTEM privileges. As a result, this condition potentially facilitates arbitrary code execution, whereby an attacker may exploit the vulnerability to execute malicious code with elevated SYST...
CVE-2026-33694 Junction File Manipulation
This vulnerability allows an attacker to create a junction, enabling the deletion of arbitrary files with SYSTEM privileges. As a result, this condition potentially facilitates arbitrary code execution, whereby an attacker may exploit the vulnerability to execute malicious code with elevated SYST...
CVE-2026-33694
This vulnerability allows an attacker to create a junction, enabling the deletion of arbitrary files with SYSTEM privileges. As a result, this condition potentially facilitates arbitrary code execution, whereby an attacker may exploit the vulnerability to execute malicious code with elevated SYST...
CVE-2026-33694
CVE-2026-33694 describes a junction file manipulation vulnerability where an attacker can create a junction to delete arbitrary files with SYSTEM privileges, potentially enabling arbitrary code execution at SYSTEM level. The description explicitly notes elevated privileges and the possibility of ...
PT-2026-34718
Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description An issue allows an attacker to create a junction, which enables the deletion of arbitrary files with SYSTEM privileges. This condition potentially facilitates...
GHSA-FFGH-3JRF-8WVH Weblate: Prefix-Based Repository Boundary Check Bypass via Symlink/Junction Path Prefix Collision
Impact Weblate repository-boundary validation relies on string prefix checks on resolved absolute paths. In multiple code paths, the check uses startswith against the repository root path. This is not path-segment aware and can be bypassed when the external path shares the same string prefix as t...
@tinacms/graphql's Media Endpoints Can Escape the Media Root via Symlinks or Junctions
Summary @tinacms/cli recently added lexical path-traversal checks to the dev media routes, but the implementation still validates only the path string and does not resolve symlink or junction targets. If a link already exists under the media root, Tina accepts a path like...