Lucene search
K

36 matches found

EUVD
EUVD
added yesterday5 views

EUVD-2026-42056

AWS Research and Engineering Studio RES is an open-source solution that enables researchers and engineers to create and manage secure virtual desktops and computing resources on AWS. Improper link resolution before file access issue CWE-59 in the Auth.GetUserPrivateKey API. An authenticated remot...

7.1CVSS6.2AI score
Exploits0References2
NVD
NVD
added 2026/06/22 8:16 p.m.10 views

CVE-2026-44274

Dell Wyse Management Suite WMS, versions prior to WMS 2605, contain an Improper Link Resolution Before File Access vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Unauthorized access...

7.8CVSS0.00127EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/06/19 12:0 a.m.12 views

Dell iDRAC Tools < 11.4.1.0 Improper Link Resolution (DSA-2026-239)

According to its self-reported version, the Dell iDRAC Tools installation on the remote host is affected by a link following vulnerability. Dell iDRAC Tools, versions prior to 11.4.1.0, contains an Improper Link Resolution Before File Access 'Link Following' vulnerability. A low privileged attack...

6CVSS6AI score0.00095EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/17 6:43 p.m.8 views

EUVD-2026-37781

Use of an incorrectly resolved name or reference in the pinget backend in Devolutions UniGetUI 2026.2.0 and earlier allows a WinGet community catalog contributor to cause an installed application to be correlated to an unrelated, attacker-controlled catalog package and to execute an...

7.5CVSS5.4AI score0.00268EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.10 views

PT-2026-50524

Name of the Vulnerable Software and Affected Versions Devolutions UniGetUI versions prior to 2026.2.1 Description The pinget backend contains an issue where names or references are incorrectly resolved. This allows a WinGet community catalog contributor to correlate an installed application with ...

7.5CVSS5.8AI score0.00268EPSS
Exploits0References5
NVD
NVD
added 2026/06/09 6:16 p.m.13 views

CVE-2026-41116

Dell Inventory Collector Client, versions prior to 13.8.0, contain an Improper Link Resolution Before File Access 'Link Following' vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Arbitrary File Write...

6.3CVSS0.00085EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/09 5:31 p.m.8 views

CVE-2026-41116

Dell Inventory Collector Client, versions prior to 13.8.0, contain an Improper Link Resolution Before File Access 'Link Following' vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Arbitrary File Write...

6.3CVSS5.4AI score0.00085EPSS
Exploits0References1
OSV
OSV
added 2026/05/28 9:12 a.m.12 views

BIT-GITLAB-2026-4868 Authorization Bypass Through User-Controlled Key in GitLab

GitLab has remediated an issue in GitLab EE affecting all versions from 18.8 before 18.10.7, 18.11 before 18.11.4, and 19.0 before 19.0.1 that, under certain conditions, could have allowed an authenticated user to cause specific Duo AI workflows to run under another user's identity due to imprope...

8.2CVSS5.8AI score0.00341EPSS
Exploits0References4
NVD
NVD
added 2026/05/27 7:16 p.m.15 views

CVE-2026-4868

GitLab has remediated an issue in GitLab EE affecting all versions from 18.8 before 18.10.7, 18.11 before 18.11.4, and 19.0 before 19.0.1 that, under certain conditions, could have allowed an authenticated user to cause specific Duo AI workflows to run under another user's identity due to imprope...

8.2CVSS0.00341EPSS
Exploits0References3
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.3 views

Astra Linux – Vulnerability in libarchive

An improper link resolution flaw during the extraction of an archive can cause changes to the access control list ACL of the target of the link. An attacker may provide a malicious archive to a victim user, triggering this flaw when the victim tries to extract the archive. A local attacker may...

7.8CVSS7.4AI score0.00367EPSS
Exploits0References2
VulnCheck KEV
VulnCheck KEV
added 2026/05/19 12:0 a.m.24 views

VulnCheck KEV: CVE-2026-41091

Improper link resolution before file access 'link following' in Microsoft Defender allows an authorized attacker to elevate privileges locally...

7.8CVSS5.8AI score0.08371EPSS
In wildExploits2References4
Snyk
Snyk
added 2026/03/31 4:54 p.m.2 views

Incorrect Authorization

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Incorrect Authorization via the policy resolution process in the Google Chat and Zalouser extensions. An attacker can gain unauthorized interaction with bots by exploiting a flaw where...

5.3CVSS5.9AI score0.00297EPSS
Exploits0References2
NVD
NVD
added 2026/03/31 3:16 p.m.6 views

CVE-2026-33578

OpenClaw before 2026.3.28 contains a sender policy bypass vulnerability in the Google Chat and Zalouser extensions where route-level group allowlist policies silently downgrade to open policy. Attackers can exploit this policy resolution flaw to bypass sender restrictions and interact with bots...

5.3CVSS0.00297EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/03/25 5:11 p.m.3 views

CVE-2026-33663

n8n is an open source workflow automation platform. Prior to versions 2.14.1, 2.13.3, and 1.123.27, an authenticated user with the global:member role could exploit chained authorization flaws in n8n's credential pipeline to steal plaintext secrets from generic HTTP credentials httpBasicAuth,...

8.5CVSS6AI score0.00392EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/03/05 3:16 p.m.8 views

CVE-2026-27748

Avira Internet Security contains an improper link resolution vulnerability in the Software Updater component. During the update process, a privileged service running as SYSTEM deletes a file under C:\ProgramData without validating whether the path resolves through a symbolic link or reparse point...

7.1CVSS5.9AI score0.00179EPSS
Exploits0References4
OSV
OSV
added 2026/02/25 10:37 p.m.4 views

GHSA-MW96-CPMX-2VGC Rollup 4 has Arbitrary File Write via Path Traversal

Summary The Rollup module bundler specifically v4.x and present in current source is vulnerable to an Arbitrary File Write via Path Traversal. Insecure file name sanitization in the core engine allows an attacker to control output filenames e.g., via CLI named inputs, manual chunk aliases, or...

9.3CVSS6.2AI score0.01402EPSS
Exploits1References9
CNNVD
CNNVD
added 2026/02/10 12:0 a.m.8 views

Fortinet FortiClientWindows 后置链接漏洞

Fortinet FortiClientWindows is a Windows-based mobile device security solution provided by the American company Fortinet. When connected to the FortiGate firewall device, this solution offers features such as IPsec and SSL encryption, wide-area network optimization, terminal compliance, and...

7.1CVSS7.2AI score0.00214EPSS
Exploits0References2
NVD
NVD
added 2026/01/29 7:16 p.m.6 views

CVE-2025-15543

Improper link resolution in USB HTTP access path in VX800v v1.0 allows a crafted USB device to expose root filesystem contents, giving an attacker with physical access read‑only access to system files...

5.1CVSS0.00188EPSS
Exploits0References2
EUVD
EUVD
added 2025/11/11 6:30 p.m.4 views

EUVD-2025-93510

Improper link resolution before file access 'link following' for some IntelR Server Configuration Utility software and IntelR Server Firmware Update Utility software before version 16.0.12. within Ring 3: User Applications may allow an escalation of privilege. System software adversary with an...

6.7CVSS6AI score0.00111EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/10/16 6:50 p.m.10 views

CVE-2025-62427 Server-Side Request Forgery (SSRF) in Angular SSR

The Angular CLI is a command-line interface tool for Angular applications. The vulnerability is a Server-Side Request Forgery SSRF flaw within the URL resolution mechanism of Angular's Server-Side Rendering package @angular/ssr before 19.2.18, 20.3.6, and 21.0.0-next.8. The function...

8.7CVSS6.6AI score0.00397EPSS
Exploits1References2
Rows per page
Query Builder