82 matches found
CVE-2026-49219 ImageMagick: Policy Bypass can read disallowed files
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-24, an incorrect parsing of the filename can result in a policy bypass and read files disallowed by a security policy using a symlink. This issue has been patched i...
DEBIAN-CVE-2026-42496
Archive::Tar versions before 3.08 for Perl extract symlinks with attacker controlled targets outside the extraction directory. makespecialfile passes the tar header's linkname to symlink without validating it against absolute paths or .. segments. The secure-extract mode check that guards regular...
ALPINE-CVE-2026-29518
Rsync versions before 3.4.3 contain a time-of-check to time-of-use TOCTOU race condition in daemon file handling that allows attackers to redirect file writes outside intended directories by replacing parent directory components with symbolic links. Attackers with write access to a module path ca...
EUVD-2026-26105
OpenClaw before 2026.3.31 contains a sandbox escape vulnerability allowing attackers to traverse directory boundaries through symlink exploitation during file synchronization operations. Remote attackers can bypass sandbox restrictions by crafting malicious symlinks in mirror sync operations to...
PT-2026-35781
Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.3.31 Description A sandbox escape allows attackers to traverse directory boundaries through symlink exploitation during file synchronization operations. Remote attackers can bypass sandbox restrictions by crafti...
Time-of-check Time-of-use (TOCTOU) Race Condition
Overview onnx is an Open Neural Network Exchange Affected versions of this package are vulnerable to Time-of-check Time-of-use TOCTOU Race Condition through the saveexternaldata function. An attacker can overwrite arbitrary files or inject data into sensitive locations by exploiting a race...
CVE-2026-25701
CVE-2026-25701 affects sdbootutil and is described as an Insecure Temporary File vulnerability allowing a local user to pre-create directories to access data in /var/lib/pcrlock.d, influence backups under /tmp/pcrlock.d.bak, and potentially overwrite protected files by placing symlinks in the /tm...
CVE-2017-12938
UnRAR before 5.5.7 allows remote attackers to bypass a directory-traversal protection mechanism via vectors involving a symlink to the . directory, a symlink to the .. directory, and a regular file...
CVE-2023-40028
Ghost is an open source content management system. Versions prior to 5.59.1 are subject to a vulnerability which allows authenticated users to upload files that are symlinks. This can be exploited to perform an arbitrary file read of any file on the host operating system. Site administrators can...
CVE-2022-27883
A link following vulnerability in Trend Micro Antivirus for Mac 11.5 could allow an attacker to create a specially-crafted file as a symlink that can lead to privilege escalation. Please note that an attacker must at least have low-level privileges on the system to attempt to exploit this...
EUVD-2018-2792
Malware in sbrugna...
EUVD-2000-1121
Malware in sbrugna...
EUVD-2015-1932
Malware in sbrugna...
EUVD-2017-4462
Malware in sbrugna...
EUVD-2019-8823
Malware in sbrugna...
EUVD-1999-0325
Malware in sbrugna...
EUVD-2000-0408
Malware in sbrugna...
EUVD-2020-6171
Malware in sbrugna...
EUVD-1999-1313
Malware in sbrugna...
EUVD-2016-8469
Malware in sbrugna...