Search Results (1854 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-28684 2 Saurabh-kumar, Theskumar 2 Python-dotenv, Python-dotenv 2026-04-27 6.6 Medium
python-dotenv reads key-value pairs from a .env file and can set them as environment variables. Prior to version 1.2.2, `set_key()` and `unset_key()` in python-dotenv follow symbolic links when rewriting `.env` files, allowing a local attacker to overwrite arbitrary files via a crafted symlink when a cross-device rename fallback is triggered. Users should upgrade to v.1.2.2 or, as a workaround, apply the patch manually.
CVE-2026-35349 1 Uutils 1 Coreutils 2026-04-27 6.7 Medium
A vulnerability in the rm utility of uutils coreutils allows a bypass of the --preserve-root protection. The implementation uses a path-string check rather than comparing device and inode numbers to identify the root directory. An attacker or accidental user can bypass this safeguard by using a symbolic link that resolves to the root directory (e.g., /tmp/rootlink -> /), potentially leading to the unintended recursive deletion of the entire root filesystem.
CVE-2024-57728 1 Simple-help 1 Simplehelp 2026-04-25 7.2 High
SimpleHelp remote support software v5.5.7 and before allows admin users to upload arbitrary files anywhere on the file system by uploading a crafted zip file (i.e. zip slip). This can be exploited to execute arbitrary code on the host in the context of the SimpleHelp server user.
CVE-2026-35359 1 Uutils 1 Coreutils 2026-04-24 4.7 Medium
A Time-of-Check to Time-of-Use (TOCTOU) vulnerability in the cp utility of uutils coreutils allows an attacker to bypass no-dereference intent. The utility checks if a source path is a symbolic link using path-based metadata but subsequently opens it without the O_NOFOLLOW flag. An attacker with concurrent write access can swap a regular file for a symbolic link during this window, causing a privileged cp process to copy the contents of arbitrary sensitive files into a destination controlled by the attacker.
CVE-2026-34078 1 Flatpak 1 Flatpak 2026-04-24 10.0 Critical
Flatpak is a Linux application sandboxing and distribution framework. Prior to 1.16.4, the Flatpak portal accepts paths in the sandbox-expose options which can be app-controlled symlinks pointing at arbitrary paths. Flatpak run mounts the resolved host path in the sandbox. This gives apps access to all host files and can be used as a primitive to gain code execution in the host context. This vulnerability is fixed in 1.16.4.
CVE-2026-32212 1 Microsoft 30 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 27 more 2026-04-24 5.5 Medium
Improper link resolution before file access ('link following') in Universal Plug and Play (upnp.dll) allows an authorized attacker to disclose information locally.
CVE-2026-40931 1 Node-modules 1 Compressing 2026-04-23 8.4 High
Compressing is a compressing and uncompressing lib for node. Prior to 2.1.1 and 1.10.5, the patch for CVE-2026-24884 relies on a purely logical string validation within the isPathWithinParent utility. This check verifies if a resolved path string starts with the destination directory string but fails to account for the actual filesystem state. By exploiting this "Logical vs. Physical" divergence, an attacker can bypass the security check using a Directory Poisoning technique (pre-existing symbolic links). This vulnerability is fixed in 2.1.1 and 1.10.5.
CVE-2008-4960 1 Dov Grobgeld 1 Impose\+ 2026-04-23 N/A
impose in impose+ 0.2 allows local users to overwrite arbitrary files via a symlink attack on (1) /tmp/*-tmp.ps and (2) /tmp/bboxx-* temporary files.
CVE-2008-4959 1 Gpsdrive 1 Gpsdrive-scripts 2026-04-23 N/A
geo-code in gpsdrive-scripts 2.10~pre4 allows local users to overwrite arbitrary files via a symlink attack on (1) /tmp/geo.google, (2) /tmp/geo.yahoo, (3) /tmp/geo.coords, and (4) /tmp/geo#####.coords temporary files.
CVE-2008-4964 1 Krzysztof Kozlowski 1 Konwert 2026-04-23 N/A
filters/any-UTF8 in konwert 1.8 allows local users to delete arbitrary files via a symlink attack on a /tmp/any-##### temporary file.
CVE-2008-4957 1 Gccxml 1 Gccxml 2026-04-23 N/A
find_flags in Kitware GCC-XML (gccxml) 0.9.0 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/*.cxx temporary file.
CVE-2007-5495 2 Redhat, Selinux 3 Enterprise Linux, Enterprise Linux Desktop, Setroubleshoot 2026-04-23 N/A
sealert in setroubleshoot 2.0.5 allows local users to overwrite arbitrary files via a symlink attack on the sealert.log temporary file.
CVE-2008-4958 1 Alejandro Garrido Mota 1 Gdrae 2026-04-23 N/A
gdrae in gdrae 0.1 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/gdrae/palabra temporary file.
CVE-2008-4965 1 Savonet 1 Liguidsoap 2026-04-23 N/A
liguidsoap.py in liguidsoap 0.3.8.1+2 allows local users to overwrite arbitrary files via a symlink attack on (1) /tmp/liguidsoap.liq, (2) /tmp/lig.#####.log, and (3) /tmp/emission.ogg temporary files.
CVE-2007-3916 1 Skk Openlab 1 Skk Tools 2026-04-23 N/A
The main function in skkdic-expr.c in SKK Tools 1.2 allows local users to overwrite or delete arbitrary files via a symlink attack on a skkdic$PID temporary file.
CVE-2007-5207 1 Debian 1 Guilt 2026-04-23 N/A
guilt 0.27 allows local users to overwrite arbitrary files via a symlink attack on a guilt.log.[PID] temporary file.
CVE-2008-1417 1 Axyl 1 Axyl 2026-04-23 N/A
The prerm script in axyl 2.1.7 allows local users to overwrite arbitrary files via a symlink attack on the axyl.conf temporary file.
CVE-2008-0732 2 Apache, Suse 2 Geronimo, Suse Linux 2026-04-23 N/A
The init script for Apache Geronimo on SUSE Linux follows symlinks when performing a chown operation, which might allow local users to obtain access to unspecified files or directories.
CVE-2008-4580 1 Gentoo 2 Cman, Fence 2026-04-23 N/A
fence_manual, as used in fence 2.02.00-r1 and possibly cman, allows local users to modify arbitrary files via a symlink attack on the fence_manual.fifo temporary file.
CVE-2008-4639 1 Sentex 1 Jhead 2026-04-23 N/A
jhead.c in Matthias Wandel jhead 2.84 and earlier allows local users to overwrite arbitrary files via a symlink attack on a temporary file.