Lucene search
+L

7843 matches found

CVE
CVE
added yesterday31 views

CVE-2026-50163

The CVE concerns the oras-go library (OCI artifacts) prior to version 2.6.2, where ensureLinkPath in content/file/utils.go can return an unresolved hardlink target. During tar extraction, a hardlink entry with a relative Linkname could be resolved against the process CWD, allowing a path like pay...

7.1CVSS5.3AI score
Exploits0References4
Cvelist
Cvelist
added yesterday18 views

CVE-2026-50163 oras-go: Hardlink entry with relative Linkname escapes extract dir via process CWD resolution in `oras-go` tar extraction

oras-go is a Go library for managing OCI artifacts. Prior to 2.6.2, ensureLinkPath in content/file/utils.go:262-275 validates a hardlink target relative to the extract base but returns the unresolved target, causing os.Link"victim.secret", "/payload.tar.gz/evilcwdlink" to resolve header.Linkname...

7.1CVSS
Exploits0References4
RedhatCVE
RedhatCVE
added yesterday5 views

CVE-2026-50526

A flaw was found in .NET. This vulnerability, stemming from improper link resolution before file access, allows an authorized local attacker to perform tampering. This could lead to unauthorized modification of data or system files...

7CVSS5.2AI score0.00159EPSS
Exploits0References4
Cvelist
Cvelist
added 2 days ago34 views

CVE-2026-44023 Docling Core has unsafe remote filename resolution

Docling Core defines core data types and transformations for the document processing application Docling. In versions 1.5.0 and above, prior to 2.74.1, docling-core did not sufficiently restrict remote request destinations and could resolve a server-provided Content-Disposition to a local path in...

8.6CVSS0.00286EPSS
Exploits0References2
CVE
CVE
added 2 days ago30 views

CVE-2026-44023

Docling Core (docling-core) versions >= 1.5.0 and = 2.74.1 is recommended. If upgrading isn’t immediately possible, a workaround is to avoid passing untrusted URLs into remote fetch functionality. There is no exploitation detail in the provided documents, and no in‑the‑wild exploit information...

8.6CVSS6.1AI score0.00286EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 4 days ago5 views

CVE-2026-50526

Improper link resolution before file access 'link following' in .NET allows an authorized attacker to perform tampering locally...

7CVSS6AI score0.00159EPSS
Exploits0References5
EUVD
EUVD
added 4 days ago4 views

EUVD-2026-44394

Improper link resolution before file access 'link following' in .NET allows an authorized attacker to perform tampering locally...

7CVSS6AI score0.00159EPSS
Exploits0References1
NVD
NVD
added 4 days ago3 views

CVE-2026-50469

Improper link resolution before file access 'link following' in Windows Projected File System allows an authorized attacker to elevate privileges locally...

7.8CVSS0.00278EPSS
Exploits0References1
NVD
NVD
added 4 days ago7 views

CVE-2026-58636

Improper link resolution before file access 'link following' in Window PC Manager allows an authorized attacker to elevate privileges locally...

7.8CVSS0.00267EPSS
Exploits0References1
NVD
NVD
added 4 days ago4 views

CVE-2026-49791

Improper link resolution before file access 'link following' in Windows Routing and Remote Access Service RRAS allows an authorized attacker to elevate privileges locally...

7.1CVSS0.00278EPSS
Exploits0References1
CVE
CVE
added 4 days ago5 views

CVE-2026-49791

CVE-2026-49791 affects Windows Routing and Remote Access Service (RRAS). The issue is an improper link resolution before file access (link following) that can allow an authorized, local attacker to elevate privileges. The vulnerability is triggered locally with low attack complexity and low privi...

7.1CVSS6.1AI score0.00278EPSS
Exploits0References1
Microsoft CVE
Microsoft CVE
added 4 days ago6 views

Microsoft PC Manager Elevation of Privilege Vulnerability

Improper link resolution before file access 'link following' in Window PC Manager allows an authorized attacker to elevate privileges locally...

7.8CVSS6.1AI score0.00267EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 4 days ago4 views

Microsoft PC Manager Elevation of Privilege Vulnerability

Improper link resolution before file access 'link following' in Microsoft PC Manager allows an authorized attacker to elevate privileges locally...

8.8CVSS6.1AI score0.00278EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 4 days ago6 views

Windows Backup Service Elevation of Privilege Vulnerability

Improper link resolution before file access 'link following' in Windows Server Backup allows an authorized attacker to elevate privileges locally...

7.3CVSS6.1AI score0.00343EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 4 days ago9 views

.NET Tampering Vulnerability

Improper link resolution before file access 'link following' in .NET allows an authorized attacker to perform tampering locally...

7CVSS6.1AI score0.00159EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 4 days ago5 views

Windows Routing and Remote Access Service (RRAS) Elevation of Privilege Vulnerability

Improper link resolution before file access 'link following' in Windows Routing and Remote Access Service RRAS allows an authorized attacker to elevate privileges locally...

7.1CVSS6.1AI score0.00278EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 4 days ago7 views

Windows Projected File System Elevation of Privilege Vulnerability

Improper link resolution before file access 'link following' in Windows Projected File System allows an authorized attacker to elevate privileges locally...

7.8CVSS6.1AI score0.00278EPSS
Exploits0
Cvelist
Cvelist
added 4 days ago24 views

CVE-2026-8384

In Eclipse Jetty, an HTTP URI of this form: /public;/../admin/secret.txt results in an unresolved path of: /public/../admin/secret.txt instead of the expected: /admin/secret.txt Jetty itself is not affected, as it will not serve the secret.txt file because it will not pass the alias checker only...

5.3CVSS0.00198EPSS
Exploits1References1
Cvelist
Cvelist
added 4 days ago26 views

CVE-2026-6851 Improper link resolution before file access in Bitdefender Total Security via Link Following (VA-13681)

An Improper link resolution before file access 'link following' vulnerability in the File Shredder module as used in Bitdefender Total Security and Internet Security on Windows allows a less-privileged local user to elevate rights by leveraging a race conditions via Symbolic Links. This issue...

7CVSS0.00121EPSS
Exploits0References1
EUVD
EUVD
added 4 days ago5 views

EUVD-2026-43632

An Improper link resolution before file access 'link following' vulnerability in the File Shredder module as used in Bitdefender Total Security and Internet Security on Windows allows a less-privileged local user to elevate rights by leveraging a race conditions via Symbolic Links. This issue...

7CVSS6.1AI score0.00121EPSS
Exploits0References1
Rows per page
Query Builder