Search Results (1807 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-7006 1 Gen Digital 5 Avast Antivirus, Avast Business Antivirus, Avast One and 2 more 2026-06-15 5.5 Medium
Use of stack memory after free vulnerability in Avast Antivirus when scanning a malformed Windows PE file may allow Denial-of-Service of the antivirus process. This issue affects Avast Antivirus, AVG Antivirus, Norton Antivirus, Avast One, and Avast Business Antivirus on Windows, macOS, and Linux for virus definition builds before VPS 25022500. The affected scanning logic is delivered through a shared Gen Digital virus definition update stream. The same stream feeds the consumer antivirus products listed in this advisory and other Gen Digital products that embed the same engine. Mitigation flows through this update channel; installations at or above the listed build are not vulnerable regardless of which product consumes the stream.
CVE-2025-46293 1 Apple 1 Macos 2026-06-12 5.5 Medium
This issue was addressed with improved handling of symlinks. This issue is fixed in macOS Sequoia 15.4. An app may be able to access protected user data.
CVE-2026-49219 1 Imagemagick 1 Imagemagick 2026-06-11 5.5 Medium
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-24, an incorrect parsing of the filename can result in a policy bypass and read files disallowed by a security policy using a symlink. This issue has been patched in versions 6.9.13-48 and 7.1.2-24.
CVE-2026-42989 1 Microsoft 26 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 23 more 2026-06-11 7.8 High
Improper link resolution before file access ('link following') in Winlogon allows an authorized attacker to elevate privileges locally.
CVE-2026-45586 1 Microsoft 26 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 23 more 2026-06-11 7.8 High
Improper link resolution before file access ('link following') in Windows Collaborative Translation Framework allows an authorized attacker to elevate privileges locally.
CVE-2026-45384 1 Rikyoz 1 Bit7z 2026-06-11 6.1 Medium
bit7z is a cross-platform C++ static library that allows the compression/extraction of archive files. Prior to version 4.0.12, there is an arbitrary file overwrite vulnerability via symlink attack on predictable temp files during archive update. This issue has been patched in version 4.0.12.
CVE-2026-11853 1 Debian 1 Debusine 2026-06-11 6.5 Medium
Debusine is an integrated solution to build, distribute and maintain a Debian-based distribution. Debian source packages (.dsc) and upload artifacts (.changes) are manifest files that name the files that make up the artifact. The parser used to read these files in Debusine accepted arbitrary fully user-controlled paths. The mergeuploads task could be abused to create arbitrary symbolic links on a worker, overwriting any file that the worker user has access to.
CVE-2026-7774 1 Python 1 Cpython 2026-06-10 6.5 Medium
tarfile.data_filter could be bypassed using crafted link entries, including symlinks with empty or directory-like names, to redirect later archive members outside the intended extraction directory. This allowed a malicious tar archive to cause tarfile.extractall() to write files outside the destination directory, subject to the permissions of the extracting process.
CVE-2026-45491 2 Microsoft, Redhat 3 .net, Enterprise Linux, Hummingbird 2026-06-10 6.2 Medium
Improper link resolution before file access ('link following') in .NET allows an unauthorized attacker to perform tampering locally.
CVE-2026-50511 1 Microsoft 1 Pc Manager 2026-06-10 7.8 High
Improper link resolution before file access ('link following') in Microsoft PC Manager allows an authorized attacker to elevate privileges locally.
CVE-2026-11837 1 Redhat 3 Enterprise Linux, Openstack, Openstack Platform 2026-06-10 7.3 High
A local privilege escalation vulnerability was found in the ansible.posix authorized_key module. The module's keyfile() function uses os.chown() instead of os.lchown() and opens files without O_NOFOLLOW when managing SSH authorized keys. An unprivileged local user can pre-stage symbolic links in their ~/.ssh directory to redirect file ownership changes to arbitrary system paths when an operator runs the authorized_key task as root, leading to local privilege escalation.
CVE-2026-44275 1 Dell 1 Dell\/alienware Purchased Apps 2026-06-10 6.3 Medium
Dell/Alienware Purchased Apps, versions prior to 1.1.32.0, contain an Improper Link Resolution Before File Access ('Link Following') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Arbitrary File Write
CVE-2024-49132 1 Microsoft 17 Windows 10 1809, Windows 10 21h2, Windows 10 21h2 and 14 more 2026-06-09 8.1 High
Windows Remote Desktop Services Remote Code Execution Vulnerability
CVE-2024-49123 1 Microsoft 17 Windows 10 1809, Windows 10 21h2, Windows 10 21h2 and 14 more 2026-06-09 8.1 High
Windows Remote Desktop Services Remote Code Execution Vulnerability
CVE-2024-49128 1 Microsoft 8 Windows Server 2012, Windows Server 2012 R2, Windows Server 2016 and 5 more 2026-06-09 8.1 High
Sensitive data storage in improperly locked memory in Windows Remote Desktop Services allows an unauthorized attacker to execute code over a network.
CVE-2024-49095 1 Microsoft 16 Windows 10 1809, Windows 10 21h2, Windows 10 21h2 and 13 more 2026-06-09 7 High
Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability
CVE-2024-49126 1 Microsoft 24 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 21 more 2026-06-09 8.1 High
Windows Local Security Authority Subsystem Service (LSASS) Remote Code Execution Vulnerability
CVE-2024-49115 1 Microsoft 6 Windows Server 2016, Windows Server 2019, Windows Server 2022 and 3 more 2026-06-09 8.1 High
Windows Remote Desktop Services Remote Code Execution Vulnerability
CVE-2024-49108 1 Microsoft 6 Windows Server 2016, Windows Server 2019, Windows Server 2022 and 3 more 2026-06-09 8.1 High
Windows Remote Desktop Services Remote Code Execution Vulnerability
CVE-2024-49107 1 Microsoft 19 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 16 more 2026-06-09 7.3 High
WmsRepair Service Elevation of Privilege Vulnerability