Lucene search
+L

2448 matches found

NVD
NVD
added 4 days ago7 views

CVE-2026-6851

An Improper link resolution before file access 'link following' vulnerability in the File Shredder module as used in Bitdefender Total Security and Internet Security on Windows allows a less-privileged local user to elevate rights by leveraging a race conditions via Symbolic Links. This issue...

7CVSS0.00121EPSS
Exploits0References1
Cvelist
Cvelist
added 4 days ago26 views

CVE-2026-6851 Improper link resolution before file access in Bitdefender Total Security via Link Following (VA-13681)

An Improper link resolution before file access 'link following' vulnerability in the File Shredder module as used in Bitdefender Total Security and Internet Security on Windows allows a less-privileged local user to elevate rights by leveraging a race conditions via Symbolic Links. This issue...

7CVSS0.00121EPSS
Exploits0References1
CVE
CVE
added 4 days ago14 views

CVE-2026-6851

The CVE-2026-6851 entry concerns Bitdefender products on Windows: Bitdefender Total Security and Bitdefender Internet Security, specifically the File Shredder module. The vulnerability is described as an improper link resolution before file access (link following) that enables a less-privileged l...

7CVSS6.1AI score0.00121EPSS
Exploits0References1
EUVD
EUVD
added 4 days ago5 views

EUVD-2026-43632

An Improper link resolution before file access 'link following' vulnerability in the File Shredder module as used in Bitdefender Total Security and Internet Security on Windows allows a less-privileged local user to elevate rights by leveraging a race conditions via Symbolic Links. This issue...

7CVSS6.1AI score0.00121EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 4 days ago6 views

CVE-2026-6851

An Improper link resolution before file access 'link following' vulnerability in the File Shredder module as used in Bitdefender Total Security and Internet Security on Windows allows a less-privileged local user to elevate rights by leveraging a race conditions via Symbolic Links. This issue...

7CVSS6.1AI score0.00121EPSS
Exploits0References2
OSV
OSV
added 2026/07/08 5:17 p.m.5 views

UBUNTU-CVE-2026-39822

On Unix systems, opening a file in an os.Root improperly follows symlinks to locations outside of the Root when the final path component of the a path is a symbolic link and the path ends in /. For example, 'root.Open"symlink/"' will open "symlink" even when "symlink" is a symbolic link pointing...

7.8CVSS6.1AI score0.00183EPSS
Exploits0References4
EUVD
EUVD
added 2026/07/06 5:41 p.m.12 views

EUVD-2026-24963

chmod: --preserve-root bypassed by any path that resolves to root e.g. /../...

7.3CVSS5.9AI score0.00175EPSS
Exploits0References5
IBM Security Bulletins
IBM Security Bulletins
added 2026/07/02 7:36 p.m.5 views

Security Bulletin: Path Traversal Vulnerability in File Component Leading to Arbitrary File Read and Authentication Bypass

Summary A path traversal vulnerability existed in the File component's tar archive extraction functionality. An authenticated user could upload a specially crafted tar archive containing symbolic links to read arbitrary files accessible to the application process. The vulnerability allowed an...

7.5CVSS5.9AI score
Exploits0Affected Software1
OSV
OSV
added 2026/07/01 6:9 p.m.2 views

SUSE-SU-2026:2724-1 Security update for python-python-dotenv

This update for python-python-dotenv fixes the following issue: - CVE-2026-28684: follow symbolic links when rewriting .env files bsc1262423...

6.6CVSS6AI score0.00236EPSS
Exploits1References3
RedHat Linux
RedHat Linux
added 2026/06/29 6:18 p.m.7 views

dotnet: .NET: Local file tampering via link following vulnerability

A flaw was found in .NET's System.Formats.Tar library. When extracting a specially crafted TAR archive containing symbolic links, the TarFile.ExtractToDirectory method may incorrectly follow those links and write files outside the intended extraction directory. An attacker could exploit this issu...

6.2CVSS7AI score0.00388EPSS
Exploits0References5
OSV
OSV
added 2026/06/27 12:13 a.m.12 views

GHSA-QRV3-253H-G69C pnpm: Path traversal in configDependencies env lockfile allows symlink creation outside node_modules/.pnpm-config

Summary pnpm accepts package names from the env lockfile configDependencies section and uses those names directly when creating config dependency symlinks under nodemodules/.pnpm-config. A malicious repository can commit a crafted pnpm-lock.yaml whose env-lockfile document contains a...

8.2CVSS5.7AI score0.00257EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/06/25 2:9 a.m.14 views

CVE-2026-23879

A flaw was found in py7zr. An attacker can craft a malicious archive containing symbolic links that, when extracted, can lead to arbitrary file writes outside the intended directory. This vulnerability may allow for remote code execution, privilege escalation, data corruption, or denial of servic...

8CVSS6.1AI score0.00404EPSS
Exploits0References5
NVD
NVD
added 2026/06/24 8:16 p.m.9 views

CVE-2026-23879

py7zr is a Python-based library and utility to support 7zip archive compression, decompression, encryption and decryption. Versions 1.1.2 and below contain an an arbitrary file write vulnerability, which allows symbolic links to be recreated outside the destination directory via crafted malicious...

8CVSS0.00404EPSS
Exploits0References2
OSV
OSV
added 2026/06/24 8:16 p.m.3 views

UBUNTU-CVE-2026-23879

py7zr is a Python-based library and utility to support 7zip archive compression, decompression, encryption and decryption. Versions 1.1.2 and below contain an an arbitrary file write vulnerability, which allows symbolic links to be recreated outside the destination directory via crafted malicious...

8CVSS6.1AI score0.00404EPSS
Exploits0References4
CVE
CVE
added 2026/06/24 7:17 p.m.22 views

CVE-2026-23879

CVE-2026-23879 relates to py7zr, a Python library for 7z archives. Versions ≤1.1.2 contain an arbitrary file write vulnerability in extractall, where crafted symbolic link chains can bypass destination-directory checks and re-create links to arbitrary system paths. This allows writing files via s...

8CVSS6.2AI score0.00404EPSS
Exploits0References2
OSV
OSV
added 2026/06/24 7:17 p.m.2 views

CVE-2026-23879 py7zr: Arbitrary File Write Vulnerability

py7zr is a Python-based library and utility to support 7zip archive compression, decompression, encryption and decryption. Versions 1.1.2 and below contain an an arbitrary file write vulnerability, which allows symbolic links to be recreated outside the destination directory via crafted malicious...

8CVSS6.3AI score0.00404EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/06/23 6:48 p.m.11 views

dotnet: .NET: Local file tampering via link following vulnerability

A flaw was found in .NET's System.Formats.Tar library. When extracting a specially crafted TAR archive containing symbolic links, the TarFile.ExtractToDirectory method may incorrectly follow those links and write files outside the intended extraction directory. An attacker could exploit this issu...

6.2CVSS5.8AI score0.00388EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/06/23 1:27 a.m.8 views

samba: Missing access check on reparse point operations

A flaw was found in Samba’s handling of NTFS-style reparse points on shares configured with read only = yes. Due to missing SMB-layer access checks, authenticated users with underlying filesystem write permissions may create or delete reparse point metadata through SMB operations even on read-onl...

7.1CVSS5.8AI score0.00862EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/06/22 8:59 p.m.15 views

golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root

A flaw was found in the internal/syscall/unix package in the Go standard library. If the target of the Root.Chmod function is replaced with a symbolic link during execution, specifically after Root.Chmod checks the target but before acting, the chmod operation will be performed on the file the...

6.4CVSS7AI score0.00292EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2026/06/22 6:28 p.m.9 views

dotnet: .NET: Local file tampering via link following vulnerability

A flaw was found in .NET's System.Formats.Tar library. When extracting a specially crafted TAR archive containing symbolic links, the TarFile.ExtractToDirectory method may incorrectly follow those links and write files outside the intended extraction directory. An attacker could exploit this issu...

6.2CVSS5.8AI score0.00388EPSS
Exploits0References5
Rows per page
Query Builder