Lucene search
K

734 matches found

NVD
NVD
added 6 days ago10 views

CVE-2026-54557

mise manages dev tools like node, python, cmake, and terraform. Prior to 2026.6.1, the mise HTTP backend builds its install symlink destination from the raw resolved version string for non-latest versions. Normal tool install paths use the sanitized version pathname, but the HTTP backend's symlin...

5.5CVSS0.00175EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 6 days ago8 views

RHEL 8 : postgresql:12 (RHSA-2026:29815)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:29815 advisory. PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: postgresql: PostgreSQL: Operating system accou...

8.8CVSS5.9AI score0.00668EPSS
Exploits0References10
RedhatCVE
RedhatCVE
added last week7 views

CVE-2026-13218

A flaw was found in KubeVirt's virt-handler network cache handling. The WriteToCachedFile function writes data to a launcher-rooted path using os.WriteFile and os.Chown without symlink protection. A user with access to the virt-launcher container can plant a symlink at the cache file path, causin...

4.2CVSS5.9AI score0.00105EPSS
Exploits0References3
CVE
CVE
added 2026/06/25 5:37 p.m.18 views

CVE-2026-54094

CVE-2026-54094 affects the File Browser project. Prior to version 2.63.14, HTTP handlers can follow symlinks inside a scoped user’s directory, allowing read, write, or public-share actions to target files outside the user’s intended scope via two patterns: (1) a final-path symlink escaping the sc...

7.5CVSS5.7AI score0.0046EPSS
Exploits0References1
Debian
Debian
added 2026/06/24 6:24 p.m.4 views

[SECURITY] [DLA 4646-1] postgresql-13 security update

Debian LTS Advisory DLA-4646-1 [email protected] https://www.debian.org/lts/security/ Emmanuel Arias June 24, 2026 https://wiki.debian.org/LTS Package : postgresql-13 Version : 13.23-0+deb11u4 CVE ID : CVE-2026-6473 CVE-2026-6474 CVE-2026-6475 CVE-2026-6477 CVE-2026-6478 CVE-2026-6479...

8.8CVSS6.6AI score0.00668EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2026/06/23 5:9 p.m.9 views

Gogs: UploadRepoFiles writes outside repo working tree via committed parent sym

Summary Repository.UploadRepoFiles checks for symlinks only on the leaf of the upload target osx.IsSymlinktargetPath. The siblings UpdateRepoFile, DeleteRepoFile, and GetDiffPreview use hasSymlinkInPath, which lstats every component — UploadRepoFiles is the lone outlier. An attacker with repo-wri...

9CVSS6.2AI score0.00474EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2026/06/23 3:16 p.m.9 views

CVE-2026-56815

pwnlift before d7a9544, in a privileged deployment, contains a symlink following vulnerability in the upload handler in Components/Pages/Home.razor...

7.4CVSS0.00131EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/23 1:57 p.m.42 views

CVE-2026-56815

pwnlift before d7a9544, in a privileged deployment, contains a symlink following vulnerability in the upload handler in Components/Pages/Home.razor...

7.4CVSS0.00131EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/23 1:57 p.m.7 views

EUVD-2026-38454

pwnlift before d7a9544, in a privileged deployment, contains a symlink following vulnerability in the upload handler in Components/Pages/Home.razor...

7.4CVSS5.9AI score0.00131EPSS
Exploits0References2
CVE
CVE
added 2026/06/23 1:57 p.m.12 views

CVE-2026-56815

The CVE-2026-56815 entry concerns the pwnlift project, specifically a symlink following vulnerability in the upload handler located at Components/Pages/Home.razor, exploitable in a privileged deployment. Root cause is described as a symlink following issue within the upload handler. The CVSS 3.1 ...

7.4CVSS5.9AI score0.00131EPSS
Exploits0References2
OSV
OSV
added 2026/06/22 12:0 a.m.4 views

ALSA-2026:27738 Important: libpq security update

The libpq package provides the PostgreSQL client library, which allows client programs to connect to PostgreSQL servers. Security Fixes: postgresql: PostgreSQL: Operating system account hijack via symlink following in pgbasebackup and pgrewind CVE-2026-6475 postgresql: PostgreSQL libpq: Buffer...

8.8CVSS5.9AI score0.00668EPSS
Exploits0References10
Tenable Nessus
Tenable Nessus
added 2026/06/22 12:0 a.m.4 views

RHEL 10 : postgresql18 (RHSA-2026:27742)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:27742 advisory. PostgreSQL is an advanced Object-Relational database management system DBMS. The base postgresql package contains the client programs that...

8.8CVSS6AI score0.00668EPSS
Exploits0References10
EUVD
EUVD
added 2026/06/21 1:26 p.m.7 views

EUVD-2026-38165

Capgo CLI before 12.128.2 contains arbitrary file overwrite vulnerabilities in login and build credentials operations that follow symlinks without validation. Attackers can create malicious symlinks in repositories to overwrite arbitrary files or expose credentials with world-readable permissions...

6.8CVSS6AI score0.00134EPSS
Exploits0References2
OSV
OSV
added 2026/06/19 7:35 p.m.6 views

GHSA-RGH6-RFWX-V388 Arbitrary host CRI log file read via symlink following in CRI checkpoint restore

Impact A bug was found in containerd where the CRI plugin restores container.log from a checkpoint image without validating a symlinked path. This could result in reading an arbitrary file on the host via kubectl logs. Patches This bug has been fixed in the following containerd versions: 2.3.2...

7.1CVSS6AI score
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.7 views

Astra Linux – Vulnerability in Python 3.11

It allows the extraction filter to be ignored, enabling symlink targets to point outside the destination directory, and modifying some file metadata. This vulnerability affects users who use the TarFile module to extract untrusted tar archives using TarFile.extractall or TarFile.extract, with the...

7.5CVSS6.4AI score0.01109EPSS
Exploits7References2
Vulnrichment
Vulnrichment
added 2026/06/18 8:18 p.m.11 views

CVE-2025-15661 libssh2 - Heap Buffer Over-read via sftp_symlink() in sftp.c

libssh2 through 1.11.1, fixed in commit 2dae302, contains an out-of-bounds heap read vulnerability in the sftpsymlink function in src/sftp.c that allows a malicious SSH server or man-in-the-middle attacker to disclose heap memory contents or cause a crash by sending a crafted SSHFXPNAME response...

8.3CVSS6AI score0.00267EPSS
Exploits0References4
CVE
CVE
added 2026/06/18 8:18 p.m.80 views

CVE-2025-15661

Summary (CVE-2025-15661): libssh2 up to 1.11.1 contains a heap over-read in the sftp_symlink() implementation (src/sftp.c). A crafted SSH_FXP_NAME response can cause a heap buffer over-read when a link_len value exceeds actual packet data during SFTP READLINK/REALPATH, due to missing validation o...

8.3CVSS5.4AI score0.00267EPSS
Exploits0References4Affected Software1
Patchstack
Patchstack
added 2026/06/17 2:1 p.m.4 views

NPM: Chrome DevTools for agents: daemon.pid write follows symlinks in /tmp fallback runtime directory

NPM: Chrome DevTools for agents: daemon.pid write follows symlinks in /tmp fallback runtime directory vulnerability discovered by ? in WordPress Npm chrome-devtools-mcp versions = 0.20.0, = 1.0.1...

6.1CVSS5.8AI score0.00077EPSS
Exploits1References2Affected Software1
RedHat Linux
RedHat Linux
added 2026/06/16 8:5 a.m.5 views

postgresql: PostgreSQL: Operating system account hijack via symlink following in pg_basebackup and pg_rewind

A flaw was found in PostgreSQL. This vulnerability, related to symlink following in pgbasebackup plain format and pgrewind, allows an origin superuser to overwrite local files. By exploiting this, an attacker could potentially hijack the operating system account. This attack has practical...

8.8CVSS5.6AI score0.00324EPSS
Exploits0References5
SUSE Linux
SUSE Linux
added 2026/06/15 3:34 p.m.5 views

Security update for kubevirt-1.6

This update for kubevirt-1.6 fixes the following issues Update to version 1.6.6, fixes various go embedded security issues: CVE-2025-47911: golang.org/x/net/html: various algorithms with quadratic complexity when parsing HTML documents bsc1251420. CVE-2025-47913: golang.org/x/crypto/ssh/agent:...

9.9CVSS6.4AI score0.01557EPSS
Exploits3References28
Rows per page
Query Builder