Lucene search
K

82 matches found

Vulnrichment
Vulnrichment
added 2026/06/10 10:0 p.m.9 views

CVE-2026-49219 ImageMagick: Policy Bypass can read disallowed files

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-24, an incorrect parsing of the filename can result in a policy bypass and read files disallowed by a security policy using a symlink. This issue has been patched i...

5.5CVSS5.4AI score0.00128EPSS
Exploits0References1
OSV
OSV
added 2026/05/26 2:16 a.m.8 views

DEBIAN-CVE-2026-42496

Archive::Tar versions before 3.08 for Perl extract symlinks with attacker controlled targets outside the extraction directory. makespecialfile passes the tar header's linkname to symlink without validating it against absolute paths or .. segments. The secure-extract mode check that guards regular...

9.1CVSS5.8AI score0.0043EPSS
Exploits0References1
OSV
OSV
added 2026/05/20 1:16 p.m.8 views

ALPINE-CVE-2026-29518

Rsync versions before 3.4.3 contain a time-of-check to time-of-use TOCTOU race condition in daemon file handling that allows attackers to redirect file writes outside intended directories by replacing parent directory components with symbolic links. Attackers with write access to a module path ca...

7CVSS5.9AI score0.00152EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/28 6:9 p.m.5 views

EUVD-2026-26105

OpenClaw before 2026.3.31 contains a sandbox escape vulnerability allowing attackers to traverse directory boundaries through symlink exploitation during file synchronization operations. Remote attackers can bypass sandbox restrictions by crafting malicious symlinks in mirror sync operations to...

7.6CVSS5.5AI score0.0047EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/04/28 12:0 a.m.6 views

PT-2026-35781

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.3.31 Description A sandbox escape allows attackers to traverse directory boundaries through symlink exploitation during file synchronization operations. Remote attackers can bypass sandbox restrictions by crafti...

9.6CVSS5.9AI score0.0047EPSS
Exploits0References8
Snyk
Snyk
added 2026/04/01 11:40 p.m.4 views

Time-of-check Time-of-use (TOCTOU) Race Condition

Overview onnx is an Open Neural Network Exchange Affected versions of this package are vulnerable to Time-of-check Time-of-use TOCTOU Race Condition through the saveexternaldata function. An attacker can overwrite arbitrary files or inject data into sensitive locations by exploiting a race...

7.1CVSS6.1AI score
Exploits0References4
CVE
CVE
added 2026/02/25 10:59 a.m.19 views

CVE-2026-25701

CVE-2026-25701 affects sdbootutil and is described as an Insecure Temporary File vulnerability allowing a local user to pre-create directories to access data in /var/lib/pcrlock.d, influence backups under /tmp/pcrlock.d.bak, and potentially overwrite protected files by placing symlinks in the /tm...

7CVSS5.4AI score0.00108EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:37 a.m.8 views

CVE-2017-12938

UnRAR before 5.5.7 allows remote attackers to bypass a directory-traversal protection mechanism via vectors involving a symlink to the . directory, a symlink to the .. directory, and a regular file...

7.5CVSS6.9AI score0.0357EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:24 a.m.12 views

CVE-2023-40028

Ghost is an open source content management system. Versions prior to 5.59.1 are subject to a vulnerability which allows authenticated users to upload files that are symlinks. This can be exploited to perform an arbitrary file read of any file on the host operating system. Site administrators can...

6.5CVSS6.6AI score0.57565EPSS
Exploits12References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:48 a.m.7 views

CVE-2022-27883

A link following vulnerability in Trend Micro Antivirus for Mac 11.5 could allow an attacker to create a specially-crafted file as a symlink that can lead to privilege escalation. Please note that an attacker must at least have low-level privileges on the system to attempt to exploit this...

8.5CVSS6.9AI score0.01187EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2018-2792

Malware in sbrugna...

7.8CVSS7.7AI score0.0055EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2000-1121

Malware in sbrugna...

4.6CVSS6.4AI score0.0038EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2015-1932

Malware in sbrugna...

3.5CVSS9.2AI score0.01812EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2017-4462

Malware in sbrugna...

7.5CVSS8.5AI score0.0357EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2019-8823

Malware in sbrugna...

7.8CVSS7.6AI score0.0048EPSS
Exploits1References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-1999-0325

Malware in sbrugna...

7.2CVSS6.4AI score0.00529EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2000-0408

Malware in sbrugna...

3.7CVSS6.4AI score0.00308EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2020-6171

Malware in sbrugna...

7.8CVSS6.8AI score0.00739EPSS
Exploits1References8
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-1999-1313

Malware in sbrugna...

2.1CVSS6.1AI score0.00402EPSS
Exploits0References8
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2016-8469

Malware in sbrugna...

5.5CVSS7.3AI score0.00354EPSS
Exploits0References6
Rows per page
Query Builder