EUVD-2024-18120

Malicious code in bioql PyPI...

EUVD-2021-28223

Malicious code in bioql PyPI...

Exploit for Command Injection in Tp-Link Tl-Wr940N_Firmware

Python Exploit for TP-Link TL-WR940N/TL-WR841N Command Injecti...

CVE-2024-11857 Realtek Bluetooth HCI Adaptor - Privilege Escalation

Bluetooth HCI Adaptor from Realtek has a Link Following vulnerability. Local attackers with regular privileges can create a symbolic link with the same name as a specific file, causing the product to delete arbitrary files pointed to by the link. Subsequently, attackers can leverage arbitrary fil...

PT-2025-23457 · Realtek · Bluetooth Hci Adaptor

Name of the Vulnerable Software and Affected Versions: Bluetooth HCI Adaptor from Realtek affected versions not specified Description: The issue allows local attackers with regular privileges to create a symbolic link with the same name as a specific file, causing the product to delete arbitrary...

CVE-2024-56962

An issue in Tencent Technology Shanghai Co., Ltd WeSing iOS v9.3.39 allows attackers to access sensitive user information via supplying a crafted link...

CVE-2023-28868

Support Assistant in NCP Secure Enterprise Client before 12.22 allows attackers to delete arbitrary files on the operating system by creating a symbolic link...

CVE-2022-45440

A vulnerability exists in the FTP server of the Zyxel AX7501-B0 firmware prior to V5.17ABPC.3C0, which processes symbolic links on external storage media. A local authenticated attacker with administrator privileges could abuse this vulnerability to access the root file system by creating a...

CVE-2022-39196

Blackboard Learn 1.10.1 allows remote authenticated users to read unintended files by entering student credentials and then directly visiting a certain webapps/bbcms/execute/ URL. Note: The vendor disputes this stating this cannot be reproduced...

CVE-2021-26947

Cross-site scripting XSS issue Odoo Community 15.0 and earlier and Odoo Enterprise 15.0 and earlier, allows remote attackers to inject arbitrary web script in the browser of a victim, via a crafted link...

CVE-2025-1683 Symbolic Link Exploit in 1E Client's - Nomad module allows Arbitrary File Deletion

Improper link resolution before file access in the Nomad module of the 1E Client, in versions prior to 25.3, enables an attacker with local unprivileged access on a Windows system to delete arbitrary files on the device by exploiting symbolic links...

CVE-2025-25324

An issue in Shandong Provincial Big Data Center AiShanDong iOS 5.0.0 allows attackers to access sensitive user information via supplying a crafted link...

Govee Home 安全漏洞

Govee Home is an application from Govee, Inc. A security vulnerability exists in Govee Home version 6.5.01 that originates from an attacker being able to access sensitive user information by providing a carefully crafted link...

CVE-2024-56947

An issue in Xiamen Meitu Technology Co., Ltd. BeautyCam iOS v12.3.60 allows attackers to access sensitive user information via supplying a crafted link...

CVE-2024-6450

HyperView Geoportal Toolkit in versions lower than 8.5.0 is vulnerable to Reflected Cross-Site Scripting XSS. An unauthenticated attacker might trick somebody into using a crafted URL, which will cause a script to be run in user's browser...

The vulnerability of the QTS operating system’s network storage solutions on QNAP allows attackers to carry out XSS attacks.

The vulnerability of the QTS operating system and QNAP network storage devices exists due to insufficient data cleaning. Exploiting this vulnerability allows a malicious actor to carry out XSS attacks using a specially created link...

ROS-2-1894

2.1894 Multiple Exim Server Vulnerabilities 1. Vulnerability description: CVE-2020-28007 A vulnerability in the Exim message forwarding agent, is related to a symbolic link in the Exim log directory. Exploitation of the vulnerability could allow an attacker to create a special symbolic link to a...

ROS-2-2029

2.2029 Multiple Exim Server Vulnerabilities 1. Vulnerability description: CVE-2020-28007 A vulnerability in the Exim message forwarding agent, is related to a symbolic link in the Exim log directory. Exploitation of the vulnerability could allow an attacker to create a special symbolic link to a...

CVE-2023-48496

Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting DOM-based XSS vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the...

CVE-2023-2779

creationtimestamp| type| source ---|---|--- 2023-06-20 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/51534...