AnythingLLM 后置链接漏洞

AnythingLLM is an integrated AI application developed by Mintplex. Versions of AnythingLLM prior to 1.13.0 contained a post-link vulnerability. This vulnerability stemmed from the file system replication tool only verifying the top-level source and target paths. The recursive replication assistan...

node-tar 后置链接漏洞

node-tar is a software package for file compression/decompression developed by isaacs. Versions of node-tar prior to 7.5.10 had a post-installation link vulnerability. This vulnerability stemmed from the possibility of creating hard links pointing outside the extraction directory, which could lea...

CVE-2025-26625

A flaw was found in Git LFS. Running git lfs checkout and git lfs pull in a specially crafted repository, specifically with symbolic or hard links tracked by Git LFS and pointing to files outside the working tree or in a bare repository, can cause Git LFS to write to arbitrary file system locatio...

PT-2024-36707 · Gitingest · Gitingest

Name of the Vulnerable Software and Affected Versions: gitingest versions before 9996a06 Description: The issue is related to the mishandling of symbolic links that point outside of the base directory. This can lead to a symbolic link traversal vulnerability. Recommendations: For gitingest versio...