Search Results (1808 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2008-4965 1 Savonet 1 Liguidsoap 2026-04-23 N/A
liguidsoap.py in liguidsoap 0.3.8.1+2 allows local users to overwrite arbitrary files via a symlink attack on (1) /tmp/liguidsoap.liq, (2) /tmp/lig.#####.log, and (3) /tmp/emission.ogg temporary files.
CVE-2008-0665 1 Website Meta Language 1 Website Meta Language 2026-04-23 N/A
wml_backend/p1_ipp/ipp.src in Website META Language (WML) 2.0.11 allows local users to overwrite arbitrary files via a symlink attack on the ipp.$$.tmp temporary file.
CVE-2008-4964 1 Krzysztof Kozlowski 1 Konwert 2026-04-23 N/A
filters/any-UTF8 in konwert 1.8 allows local users to delete arbitrary files via a symlink attack on a /tmp/any-##### temporary file.
CVE-2008-4960 1 Dov Grobgeld 1 Impose\+ 2026-04-23 N/A
impose in impose+ 0.2 allows local users to overwrite arbitrary files via a symlink attack on (1) /tmp/*-tmp.ps and (2) /tmp/bboxx-* temporary files.
CVE-2008-4959 1 Gpsdrive 1 Gpsdrive-scripts 2026-04-23 N/A
geo-code in gpsdrive-scripts 2.10~pre4 allows local users to overwrite arbitrary files via a symlink attack on (1) /tmp/geo.google, (2) /tmp/geo.yahoo, (3) /tmp/geo.coords, and (4) /tmp/geo#####.coords temporary files.
CVE-2008-0930 2 Debian, Freshmeat 2 Debian Linux, Xwine 2026-04-23 N/A
w_editeur.c in XWine 1.0.1 for Debian GNU/Linux allows local users to overwrite or print arbitrary files via a symlink attack on the temporaire temporary file. NOTE: some of these details are obtained from third party information.
CVE-2008-4958 1 Alejandro Garrido Mota 1 Gdrae 2026-04-23 N/A
gdrae in gdrae 0.1 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/gdrae/palabra temporary file.
CVE-2008-4957 1 Gccxml 1 Gccxml 2026-04-23 N/A
find_flags in Kitware GCC-XML (gccxml) 0.9.0 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/*.cxx temporary file.
CVE-2008-4956 1 Firewallbuilder 1 Fwbuilder 2026-04-23 N/A
fwb_install in fwbuilder 2.1.19 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/ssh-agent.##### temporary file.
CVE-2025-43448 1 Apple 9 Ios, Ipados, Iphone Os and 6 more 2026-04-22 6.3 Medium
This issue was addressed with improved validation of symlinks. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, watchOS 26.1. An app may be able to break out of its sandbox.
CVE-2025-43395 1 Apple 3 Macos, Macos Sequoia, Macos Sonoma 2026-04-22 3.3 Low
This issue was addressed with improved handling of symlinks. This issue is fixed in macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, macOS Tahoe 26.1. An app may be able to access protected user data.
CVE-2025-43446 1 Apple 3 Macos, Macos Sequoia, Macos Sonoma 2026-04-22 5.5 Medium
This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, macOS Tahoe 26.1. An app may be able to modify protected parts of the file system.
CVE-2025-43461 1 Apple 2 Macos, Macos Tahoe 2026-04-22 5.5 Medium
This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Tahoe 26.1. An app may be able to access protected user data.
CVE-2026-34969 1 Nhost 2 Nhost, Nhost\/auth 2026-04-22 7.5 High
Nhost is an open source Firebase alternative with GraphQL. Prior to 0.48.0, the auth service's OAuth provider callback flow places the refresh token directly into the redirect URL as a query parameter. Refresh tokens in URLs are logged in browser history, server access logs, HTTP Referer headers, and proxy/CDN logs. Note that the refresh token is one-time use and all of these leak vectors are on owned infrastructure or services integrated by the application developer. This vulnerability is fixed in 0.48.0.
CVE-2026-27456 2 Kernel, Linux 2 Util-linux, Util-linux 2026-04-22 4.7 Medium
util-linux is a random collection of Linux utilities. Prior to version 2.41.4, a TOCTOU (Time-of-Check-Time-of-Use) vulnerability has been identified in the SUID binary /usr/bin/mount from util-linux. The mount binary, when setting up loop devices, validates the source file path with user privileges via fork() + setuid() + realpath(), but subsequently re-canonicalizes and opens it with root privileges (euid=0) without verifying that the path has not been replaced between both operations. Neither O_NOFOLLOW, nor inode comparison, nor post-open fstat() are employed. This allows a local unprivileged user to replace the source file with a symlink pointing to any root-owned file or device during the race window, causing the SUID binary to open and mount it as root. Exploitation requires an /etc/fstab entry with user,loop options whose path points to a directory where the attacker has write permission, and that /usr/bin/mount has the SUID bit set (the default configuration on virtually all Linux distributions). The impact is unauthorized read access to root-protected files and block devices, including backup images, disk volumes, and any file containing a valid filesystem. This issue has been patched in version 2.41.4.
CVE-2025-60710 1 Microsoft 7 Windows, Windows 11, Windows 11 24h2 and 4 more 2026-04-22 7.8 High
Improper link resolution before file access ('link following') in Host Process for Windows Tasks allows an authorized attacker to elevate privileges locally.
CVE-2026-35400 2 Aces, Mcgill 2 Loris, Loris 2026-04-21 3.5 Low
LORIS (Longitudinal Online Research and Imaging System) is a self-hosted web application that provides data- and project-management for neuroimaging research. From 20.0.0 to before 27.0.3 and 28.0.1, an endpoint in the publication module was incorrectly trusting the baseURL submitted by a user's POST request rather than the internal LORIS value. This could result in a theoretical attacker with publication module access forging an email to an external domain under the attacker's control which appeared to come from LORIS. This vulnerability is fixed in 27.0.3 and 28.0.1.
CVE-2015-1130 1 Apple 1 Mac Os X 2026-04-21 7.8 High
The XPC implementation in Admin Framework in Apple OS X before 10.10.3 allows local users to bypass authentication and obtain admin privileges via unspecified vectors.
CVE-2026-34242 1 Weblate 1 Weblate 2026-04-21 7.7 High
Weblate is a web based localization tool. In versions prior to 5.17, the ZIP download feature didn't verify downloaded files, potentially following symlinks outside the repository. This issue has been fixed in version 5.17.
CVE-2025-11711 1 Mozilla 3 Firefox, Firefox Esr, Thunderbird 2026-04-20 6.5 Medium
There was a way to change the value of JavaScript Object properties that were supposed to be non-writeable. This vulnerability was fixed in Firefox 144, Firefox ESR 115.29, Firefox ESR 140.4, Thunderbird 144, and Thunderbird 140.4.