36 matches found
EUVD-2026-42056
AWS Research and Engineering Studio RES is an open-source solution that enables researchers and engineers to create and manage secure virtual desktops and computing resources on AWS. Improper link resolution before file access issue CWE-59 in the Auth.GetUserPrivateKey API. An authenticated remot...
CVE-2026-44274
Dell Wyse Management Suite WMS, versions prior to WMS 2605, contain an Improper Link Resolution Before File Access vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Unauthorized access...
Dell iDRAC Tools < 11.4.1.0 Improper Link Resolution (DSA-2026-239)
According to its self-reported version, the Dell iDRAC Tools installation on the remote host is affected by a link following vulnerability. Dell iDRAC Tools, versions prior to 11.4.1.0, contains an Improper Link Resolution Before File Access 'Link Following' vulnerability. A low privileged attack...
EUVD-2026-37781
Use of an incorrectly resolved name or reference in the pinget backend in Devolutions UniGetUI 2026.2.0 and earlier allows a WinGet community catalog contributor to cause an installed application to be correlated to an unrelated, attacker-controlled catalog package and to execute an...
PT-2026-50524
Name of the Vulnerable Software and Affected Versions Devolutions UniGetUI versions prior to 2026.2.1 Description The pinget backend contains an issue where names or references are incorrectly resolved. This allows a WinGet community catalog contributor to correlate an installed application with ...
CVE-2026-41116
Dell Inventory Collector Client, versions prior to 13.8.0, contain an Improper Link Resolution Before File Access 'Link Following' vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Arbitrary File Write...
CVE-2026-41116
Dell Inventory Collector Client, versions prior to 13.8.0, contain an Improper Link Resolution Before File Access 'Link Following' vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Arbitrary File Write...
BIT-GITLAB-2026-4868 Authorization Bypass Through User-Controlled Key in GitLab
GitLab has remediated an issue in GitLab EE affecting all versions from 18.8 before 18.10.7, 18.11 before 18.11.4, and 19.0 before 19.0.1 that, under certain conditions, could have allowed an authenticated user to cause specific Duo AI workflows to run under another user's identity due to imprope...
CVE-2026-4868
GitLab has remediated an issue in GitLab EE affecting all versions from 18.8 before 18.10.7, 18.11 before 18.11.4, and 19.0 before 19.0.1 that, under certain conditions, could have allowed an authenticated user to cause specific Duo AI workflows to run under another user's identity due to imprope...
Astra Linux – Vulnerability in libarchive
An improper link resolution flaw during the extraction of an archive can cause changes to the access control list ACL of the target of the link. An attacker may provide a malicious archive to a victim user, triggering this flaw when the victim tries to extract the archive. A local attacker may...
VulnCheck KEV: CVE-2026-41091
Improper link resolution before file access 'link following' in Microsoft Defender allows an authorized attacker to elevate privileges locally...
Incorrect Authorization
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Incorrect Authorization via the policy resolution process in the Google Chat and Zalouser extensions. An attacker can gain unauthorized interaction with bots by exploiting a flaw where...
CVE-2026-33578
OpenClaw before 2026.3.28 contains a sender policy bypass vulnerability in the Google Chat and Zalouser extensions where route-level group allowlist policies silently downgrade to open policy. Attackers can exploit this policy resolution flaw to bypass sender restrictions and interact with bots...
CVE-2026-33663
n8n is an open source workflow automation platform. Prior to versions 2.14.1, 2.13.3, and 1.123.27, an authenticated user with the global:member role could exploit chained authorization flaws in n8n's credential pipeline to steal plaintext secrets from generic HTTP credentials httpBasicAuth,...
CVE-2026-27748
Avira Internet Security contains an improper link resolution vulnerability in the Software Updater component. During the update process, a privileged service running as SYSTEM deletes a file under C:\ProgramData without validating whether the path resolves through a symbolic link or reparse point...
GHSA-MW96-CPMX-2VGC Rollup 4 has Arbitrary File Write via Path Traversal
Summary The Rollup module bundler specifically v4.x and present in current source is vulnerable to an Arbitrary File Write via Path Traversal. Insecure file name sanitization in the core engine allows an attacker to control output filenames e.g., via CLI named inputs, manual chunk aliases, or...
Fortinet FortiClientWindows 后置链接漏洞
Fortinet FortiClientWindows is a Windows-based mobile device security solution provided by the American company Fortinet. When connected to the FortiGate firewall device, this solution offers features such as IPsec and SSL encryption, wide-area network optimization, terminal compliance, and...
CVE-2025-15543
Improper link resolution in USB HTTP access path in VX800v v1.0 allows a crafted USB device to expose root filesystem contents, giving an attacker with physical access read‑only access to system files...
EUVD-2025-93510
Improper link resolution before file access 'link following' for some IntelR Server Configuration Utility software and IntelR Server Firmware Update Utility software before version 16.0.12. within Ring 3: User Applications may allow an escalation of privilege. System software adversary with an...
CVE-2025-62427 Server-Side Request Forgery (SSRF) in Angular SSR
The Angular CLI is a command-line interface tool for Angular applications. The vulnerability is a Server-Side Request Forgery SSRF flaw within the URL resolution mechanism of Angular's Server-Side Rendering package @angular/ssr before 19.2.18, 20.3.6, and 21.0.0-next.8. The function...