CVE-2026-44711

pamusb provides hardware authentication for Linux using ordinary removable media. Prior to 0.8.7, symlink attacks on pad directory and pad files enable authentication bypass and root file corruption. This vulnerability is fixed in 0.8.7...

CVE-2026-44711 pam_usb: Symlink attacks on pad directory and pad files enable authentication bypass and root file corruption

pamusb provides hardware authentication for Linux using ordinary removable media. Prior to 0.8.7, symlink attacks on pad directory and pad files enable authentication bypass and root file corruption. This vulnerability is fixed in 0.8.7...

EUVD-2026-32659

pamusb provides hardware authentication for Linux using ordinary removable media. Prior to 0.8.7, symlink attacks on pad directory and pad files enable authentication bypass and root file corruption. This vulnerability is fixed in 0.8.7...

Jenkins Pipeline: Groovy Libraries Plugin 安全漏洞

Jenkins Pipeline: The Groovy Libraries Plugin is an open-source Jenkins Pipeline plugin that manages Groovy libraries. The Jenkins Pipeline: Groovy Libraries Plugin versions 797.v90eaa9be45a0 and earlier have security vulnerabilities. These vulnerabilities stem from the lack of protection against...

PT-2026-39523

CyberPanel 2.1 contains a command execution vulnerability that allows authenticated attackers to read arbitrary files and execute remote code by exploiting symlink attacks through the filemanager controller endpoint. Attackers can manipulate the completeStartingPath parameter in POST requests to...

CLSA-2026-1778127227 pcp: Fix of 2 CVEs

CVE-2024-45770: guard pmpost against symlink attacks on $PCPLOGDIR/NOTICES - CVE-2024-45769: harden libpcp pmDecodeValueSet to prevent heap corruption from crafted PDUs...

XDG Desktop Portal 安全漏洞

XDG Desktop Portal is a frontend service for the desktop application sandbox environment developed by Flatpak. Versions of XDG Desktop Portal prior to 1.20.4 and 1.21.1 contained security vulnerabilities. These vulnerabilities stemmed from the possibility for any Flatpak application to manipulate...

IBM Concert 安全漏洞

IBM Concert is a new tool developed by the American international business company IBM. It utilizes generative AI to assist in managing complex cloud-native applications. Versions of IBM Concert from 1.0.0 to 2.2.0 contained security vulnerabilities. These vulnerabilities stemmed from the creatio...

Security Bulletin: Vulnerabilities in llama_index_core bundled with IBM Fusion, IBM Fusion HCI and Content-Aware Storage.

Summary IBM Fusion, IBM Fusion HCI and Content-Aware Storage includes llamaindexcore which could allow Denial of Service DoS, steal proprietary models, poison cached embeddings, conduct symlink attacks. CVE-2025-5472, CVE-2024-12911, CVE-2024-12704, CVE-2025-5302, CVE-2025-7647. Vulnerability...

EulerOS 2.0 SP11 : python-pip (EulerOS-SA-2026-1590)

According to the versions of the python-pip packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : When extracting a tar archive pip may not check symbolic links point into the extraction directory if the tarfile module doesn't implement PEP...

Huawei EulerOS: Security Advisory for python-virtualenv (EulerOS-SA-2026-1260)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS Virtualization 2.10.0 : pam (EulerOS-SA-2026-1188)

According to the versions of the pam package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A flaw was found in linux-pam. The module pamnamespace may use access user-controlled paths without proper protection, allowing local...

EulerOS Virtualization 2.10.1 : pam (EulerOS-SA-2026-1137)

According to the versions of the pam package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A flaw was found in linux-pam. The module pamnamespace may use access user-controlled paths without proper protection, allowing local...

EUVD-2026-4203

openCryptoki is a PKCS11 library and provides tooling for Linux and AIX. Versions 2.3.2 and above are vulnerable to symlink-following when running in privileged contexts. A token-group user can redirect file operations to arbitrary filesystem targets by planting symlinks in group-writable token...

MiracleLinux 7 : pam-1.1.8-23.0.1.0.2.el7.AXS7 (AXSA:2025-10893:07)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-10893:07 advisory. CVE-2025-6020: fix potential privilege escalation in pamnamspace CVEs: CVE-2025-6020 A flaw was found in linux-pam. The module pamnamespace may use access...

MiracleLinux 4 : hplip-3.12.4-4.AXS4 (AXSA:2013-130:01)

The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2013-130:01 advisory. The Hewlett-Packard Linux Imaging and Printing Project provides drivers for HP printers and multi-function peripherals. Security issues fixed with th...

MiracleLinux 3 : ruby-1.8.5-19.1.0.1.AXS3 (AXSA:2011-226:01)

The remote MiracleLinux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2011-226:01 advisory. Ruby is the interpreted scripting language for quick and easy object-oriented programming. It has many features to process text files and to do syste...

virtualenv -- CWE-59: Improper Link Resolution Before File Access ('Link Following')

https://github.com/pypa/virtualenv/security/advisories/GHSA-597g-3phw-6986 reports: virtualenv is a tool for creating isolated virtual python environments. Prior to version 20.36.1, TOCTOU Time-of-Check-Time-of-Use vulnerabilities in virtualenv allow local attackers to perform symlink-based attac...

CVE-2021-27116

An issue was discovered in file profile.go in function MemProf in beego through 2.0.2, allows attackers to launch symlink attacks locally...

CLSA-2025-1767001153 pam: Fix of CVE-2025-8941

CVE-2025-8941: fix additiinally potential privilege escalationvia multiple symlink attacks and race conditions...