EUVD-2026-33677

Nextcloud is an open source content collaboration platform. From versions 1.15.0 to before 1.15.4, 1.16.0 to before 1.16.3, 1.17.0 to before 1.17.1, and 1.18.0 to before 1.18.1, a malicious user with access to an end-to-end encrypted files drop link was able to also drop files into other end-to-e...

CVE-2026-6892

The CVE-2026-6892 entry concerns improper handling of symbolic links in the macOS installer for Canon CUPS Printer Driver (affecting Canon PIXUS iX6800 Series and MG2500 Series). The underlying issue is symbolic-links manipulation during installation, which could allow a local user with login pri...

Trend Micro Apex One 后置链接漏洞

Trend Micro Apex One is a terminal protection software developed by Trend Micro, a US-based company. Trend Micro Apex One has a postback link vulnerability, which stems from issues with the scanning engine’s link tracking mechanism. This vulnerability may allow local attackers to gain elevated...

Microsoft Defender 后置链接漏洞

Microsoft Defender is a threat protection software developed by the American company Microsoft. Microsoft Defender has a postback link vulnerability, which stems from improper link resolution before file access. This vulnerability could allow authorized attackers to gain local privileges...

CVE-2026-44335

PraisonAI is a multi-agent teams system. Prior to version 1.6.32, the URL checking logic in PraisonAI has a logical flaw that could be bypassed by attackers, leading to SSRF attacks. This issue has been patched in version 1.6.32...

Tunnelblick 安全漏洞

Tunnelblick is a graphical user interface tool for the OpenVPN client developed by Tunnelblick. There are security vulnerabilities in versions 3.3beta26 to 9.0beta01 of Tunnelblick. These vulnerabilities stem from a symbolic link follow-up vulnerability in tunnelblick-helper, which may allow any...

CVE-2026-35578

ChurchCRM is an open-source church management system. Prior to 7.0.0, it was possible in many places across the ChurchCRM application to create a link that, when visited by an authenticated user, would redirect them to any URL chosen by an attacker if they clicked 'Cancel' button on the page. For...

BuildKit 后置链接漏洞

BuildKit is a concurrent, cache-efficient build tool package developed by Moby. Versions of BuildKit prior to 0.28.1 contained a post-link vulnerability. This vulnerability stemmed from insufficient validation of Git URL fragment sub-directory components, which could allow access to files outside...

Improper Handling Of Symbolic Links

github.com/argoproj/argo-workflows is vulnerable to Improper Handling Of Symbolic Links. The vulnerability is due to flawed validation in the untar process when resolving symbolic links, which allows an attacker to overwrite critical files such as /var/run/argo/argoexec with a malicious script th...

OpenClaw 后置链接漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.3.2 had a post-link vulnerability. This vulnerability stemmed from the stageSandboxMedia function not verifying target symbolic links, which could allow writing to files outside o...

Himmelblau 后置链接漏洞

Himmelblau is an open-source Azure Entra ID authentication module developed by Himmelblau. Versions prior to Himmelblau 3.1.0 and 2.3.8 had a post-link vulnerability, which was due to insufficient protection for symbolic links, potentially allowing local privilege escalation...

Zed 后置链接漏洞

Zed is a code editor developed by Zed Industries. Versions of Zed prior to 0.225.9 contained a post-link vulnerability. This vulnerability stemmed from symbolic link escapes in the Agent file tool, which could lead to the exposure of sensitive data...

QNAP Systems QTS和QNAP Systems QuTS hero 后置链接漏洞

QNAP Systems QTS and QNAP Systems QuTS Hero are software products with data storage and management functions developed by QNAP Systems, a company based in Taiwan, China. Versions of QNAP Systems QTS prior to 5.2.8.3350, as well as QNAP Systems QuTS Hero versions prior to h5.3.2.3354 and...

PT-2026-7123

Name of the Vulnerable Software and Affected Versions Dell Display and Peripheral Manager Windows versions prior to 2.2 Description Dell Display and Peripheral Manager Windows contains a flaw related to Improper Link Resolution Before File Access 'Link Following' in the Installer and Service. A...

CVE-2025-69431

The ZSPACE Q2C NAS contains a vulnerability related to incorrect symbolic link following. Attackers can format a USB drive to ext4, create a symbolic link to its root directory, insert the drive into the NAS device's slot, and then access the USB drive's directory mounted on the NAS using the Sam...

PT-2026-5972

Name of the Vulnerable Software and Affected Versions ZSPACE Q2C NAS affected versions not specified Description The ZSPACE Q2C NAS is affected by an issue involving incorrect symbolic link handling. An attacker can format a USB drive to ext4, create a symbolic link to its root directory, insert...

CVE-2025-9056

Unprotected service in the AudioLink component allows a local attacker to overwrite system files via unauthorized service invocation...

Apple多款产品 安全漏洞

Apple tvOS and others are products of Apple Inc. Apple tvOS is an operating system for smart TVs. apple watchOS is an operating system for smart watches. apple macOS is a specialized operating system developed for Mac computers. A security vulnerability exists in various Apple products that stems...

EUVD-2025-24255

Malicious code in bioql PyPI...

CVE-2025-5468

CVE-2025-5468 covers Ivanti products (Connect Secure, Policy Secure, ZTA Gateway, Neurons for Secure Access). The root cause is improper handling of symbolic links, enabling a local authenticated attacker to read arbitrary on-disk files. Affected versions include Ivanti Connect Secure before 22.7...