Total
1445 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2026-41231 | 1 Froxlor | 1 Froxlor | 2026-04-27 | N/A | 7.5 HIGH |
| Froxlor is open source server administration software. Prior to version 2.3.6, `DataDump.add()` constructs the export destination path from user-supplied input without passing the `$fixed_homedir` parameter to `FileDir::makeCorrectDir()`, bypassing the symlink validation that was added to all other customer-facing path operations (likely as the fix for CVE-2023-6069). When the ExportCron runs as root, it executes `chown -R` on the resolved symlink target, allowing a customer to take ownership of arbitrary directories on the system. Version 2.3.6 contains an updated fix. | |||||
| CVE-2026-6941 | 1 Radare | 1 Radare2 | 2026-04-27 | N/A | 6.6 MEDIUM |
| radare2 prior to 6.1.4 contains a path traversal vulnerability in its project notes handling that allows attackers to read or write files outside the configured project directory by importing a malicious .zrp archive containing a symlinked notes.txt file. Attackers can craft a .zrp archive with a symlinked notes.txt that bypasses directory confinement checks, allowing note operations to follow the symlink and access arbitrary files outside the dir.projects root directory. | |||||
| CVE-2026-28684 | 1 Saurabh-kumar | 1 Python-dotenv | 2026-04-27 | N/A | 6.6 MEDIUM |
| python-dotenv reads key-value pairs from a .env file and can set them as environment variables. Prior to version 1.2.2, `set_key()` and `unset_key()` in python-dotenv follow symbolic links when rewriting `.env` files, allowing a local attacker to overwrite arbitrary files via a crafted symlink when a cross-device rename fallback is triggered. Users should upgrade to v.1.2.2 or, as a workaround, apply the patch manually. | |||||
| CVE-2026-35349 | 1 Uutils | 1 Coreutils | 2026-04-27 | N/A | 6.7 MEDIUM |
| A vulnerability in the rm utility of uutils coreutils allows a bypass of the --preserve-root protection. The implementation uses a path-string check rather than comparing device and inode numbers to identify the root directory. An attacker or accidental user can bypass this safeguard by using a symbolic link that resolves to the root directory (e.g., /tmp/rootlink -> /), potentially leading to the unintended recursive deletion of the entire root filesystem. | |||||
| CVE-2024-57728 | 1 Simple-help | 1 Simplehelp | 2026-04-24 | N/A | 7.2 HIGH |
| SimpleHelp remote support software v5.5.7 and before allows admin users to upload arbitrary files anywhere on the file system by uploading a crafted zip file (i.e. zip slip). This can be exploited to execute arbitrary code on the host in the context of the SimpleHelp server user. | |||||
| CVE-2026-35359 | 1 Uutils | 1 Coreutils | 2026-04-24 | N/A | 4.7 MEDIUM |
| A Time-of-Check to Time-of-Use (TOCTOU) vulnerability in the cp utility of uutils coreutils allows an attacker to bypass no-dereference intent. The utility checks if a source path is a symbolic link using path-based metadata but subsequently opens it without the O_NOFOLLOW flag. An attacker with concurrent write access can swap a regular file for a symbolic link during this window, causing a privileged cp process to copy the contents of arbitrary sensitive files into a destination controlled by the attacker. | |||||
| CVE-2026-33694 | 2026-04-24 | N/A | N/A | ||
| This vulnerability allows an attacker to create a junction, enabling the deletion of arbitrary files with SYSTEM privileges. As a result, this condition potentially facilitates arbitrary code execution, whereby an attacker may exploit the vulnerability to execute malicious code with elevated SYSTEM privileges. | |||||
| CVE-2026-40931 | 1 Node-modules | 1 Compressing | 2026-04-23 | N/A | 8.4 HIGH |
| Compressing is a compressing and uncompressing lib for node. Prior to 2.1.1 and 1.10.5, the patch for CVE-2026-24884 relies on a purely logical string validation within the isPathWithinParent utility. This check verifies if a resolved path string starts with the destination directory string but fails to account for the actual filesystem state. By exploiting this "Logical vs. Physical" divergence, an attacker can bypass the security check using a Directory Poisoning technique (pre-existing symbolic links). This vulnerability is fixed in 2.1.1 and 1.10.5. | |||||
| CVE-2008-7247 | 2 Mysql, Oracle | 2 Mysql, Mysql | 2026-04-23 | 6.0 MEDIUM | N/A |
| sql/sql_table.cc in MySQL 5.0.x through 5.0.88, 5.1.x through 5.1.41, and 6.0 before 6.0.9-alpha, when the data home directory contains a symlink to a different filesystem, allows remote authenticated users to bypass intended access restrictions by calling CREATE TABLE with a (1) DATA DIRECTORY or (2) INDEX DIRECTORY argument referring to a subdirectory that requires following this symlink. | |||||
| CVE-2008-3524 | 1 Redhat | 2 Fedora, Initscripts | 2026-04-23 | 4.7 MEDIUM | N/A |
| rc.sysinit in initscripts before 8.76.3-1 on Fedora 9 and other Linux platforms allows local users to delete arbitrary files via a symlink attack on a file or directory under (1) /var/lock or (2) /var/run. | |||||
| CVE-2008-4940 | 1 Aptoncd | 1 Aptoncd | 2026-04-23 | 6.9 MEDIUM | N/A |
| xmlfile.py in aptoncd 0.1 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/aptoncd temporary file. | |||||
| CVE-2008-5299 | 1 Karakas-online | 1 Chm2pdf | 2026-04-23 | 6.9 MEDIUM | N/A |
| chm2pdf 0.9 allows user-assisted local users to delete arbitrary files via a symlink attack on .chm files in the (1) /tmp/chm2pdf/work or (2) /tmp/chm2pdf/orig temporary directories. | |||||
| CVE-2008-1417 | 1 Axyl | 1 Axyl | 2026-04-23 | 6.9 MEDIUM | N/A |
| The prerm script in axyl 2.1.7 allows local users to overwrite arbitrary files via a symlink attack on the axyl.conf temporary file. | |||||
| CVE-2008-6760 | 1 Viart | 1 Viart Shop | 2026-04-23 | 4.3 MEDIUM | N/A |
| ViArt Shop (aka Shopping Cart) 3.5 allows remote attackers to obtain sensitive information via an unauthenticated add and save action for a shopping cart in cart_save.php, which reveals the SQL table names in an error message, related to code that mishandles the lack of a user_id parameter. | |||||
| CVE-2008-4406 | 1 Debian | 1 Xsabre | 2026-04-23 | 7.2 HIGH | N/A |
| A certain Debian patch to the run scripts for sabre (aka xsabre) 0.2.4b allows local users to delete or overwrite arbitrary files via a symlink attack on unspecified .tmp files. | |||||
| CVE-2008-4474 | 1 Freeradius | 1 Freeradius | 2026-04-23 | 7.2 HIGH | N/A |
| freeradius-dialupadmin in freeradius 2.0.4 allows local users to overwrite arbitrary files via a symlink attack on temporary files in (1) backup_radacct, (2) clean_radacct, (3) monthly_tot_stats, (4) tot_stats, and (5) truncate_radacct. | |||||
| CVE-2009-4193 | 1 Merkaartor | 1 Merkaartor | 2026-04-23 | 3.3 LOW | N/A |
| Merkaartor 0.14 allows local users to append data to arbitrary files via a symlink attack on the /tmp/merkaartor.log temporary file. | |||||
| CVE-2007-5207 | 1 Debian | 1 Guilt | 2026-04-23 | 3.3 LOW | N/A |
| guilt 0.27 allows local users to overwrite arbitrary files via a symlink attack on a guilt.log.[PID] temporary file. | |||||
| CVE-2009-0347 | 1 Autonomy | 1 Ultraseek | 2026-04-23 | 5.8 MEDIUM | N/A |
| Open redirect vulnerability in cs.html in the Autonomy (formerly Verity) Ultraseek search engine allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the url parameter. | |||||
| CVE-2007-6595 | 1 Clam Anti-virus | 1 Clamav | 2026-04-23 | 2.1 LOW | N/A |
| ClamAV 0.92 allows local users to overwrite arbitrary files via a symlink attack on (1) temporary files used by the cli_gentempfd function in libclamav/others.c or on (2) .ascii files used by sigtool, when utf16-decode is enabled. | |||||