3 matches found
CVE-2026-58403
Hugo (static site generator) vulnerable from v0.123.0 through v0.163.0. A regression in RootMappingFs.statRoot caused it to call Stat (which follows symlinks) instead of Lstat, enabling os.ReadFile on a symlink to read the target file outside the mount. This could let a symlink inside a theme or ...
Symlink Attack
Overview Affected versions of this package are vulnerable to Symlink Attack via the os.ReadFile function during direct lookups via resources.Get. An attacker can access arbitrary files outside the intended directory by placing a symlink inside a mounted directory that points to files outside the...
Design/Logic Flaw
Multiple vulnerabilities in Cisco Identity Services Engine ISE could allow an authenticated attacker to delete or read arbitrary files on the underlying operating system. To exploit these vulnerabilities, an attacker must have valid credentials on an affected device. For more information about...