CVEs classified under CWE-61, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (50)
CVE-2026-34078 — CVSS 10.0 (critical): Flatpak is a Linux application sandboxing and distribution framework. Prior to 1.16.4, the Flatpak portal accepts paths in the…
CVE-2025-62596 — CVSS 10.0 (critical): Youki is a container runtime written in Rust. In versions 0.5.6 and below, youki’s apparmor handling performs insufficiently strict…
CVE-2025-62161 — CVSS 10.0 (critical): Youki is a container runtime written in Rust. In versions 0.5.6 and below, the initial validation of the source /dev/null is insufficient…
CVE-2025-23394 — CVSS 9.8 (critical): A UNIX Symbolic Link (Symlink) Following vulnerability in openSUSE Tumbleweed cyrus-imapd allows escalation from cyrus to root.This issue…
CVE-2026-55447 — CVSS 9.6 (critical): Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.9.2, by controlling a files that are digested…
CVE-2025-68937: Forgejo before 13.0.2 allows attackers to write to unintended files, and possibly obtain server shell access, because of mishandling of…
CVE-2026-39860 — CVSS 9.0 (critical): Nix is a package manager for Linux and other Unix systems. A bug in the fix for CVE-2024-27297 allowed for arbitrary overwrites of files…
CVE-2026-6475 — CVSS 8.8 (high): Symlink following in PostgreSQL pg_basebackup plain format and in pg_rewind allows an origin superuser to overwrite local files, e.g…
CVE-2026-29203 — CVSS 8.8 (high): A chmod call in the cPanel Nova plugin's Cpanel::Nova::Connector follows symlinks, allowing setting root permissions on arbitrary system…
CVE-2026-27976 — CVSS 8.8 (high): Zed, a code editor, has an extension installer allows tar/gzip downloads. Prior to version 0.224.4, the tar extractor…
CVE-2025-55345 — CVSS 8.8 (high): Using Codex CLI in workspace-write mode inside a malicious context (repo, directory, etc) could lead to arbitrary file overwrite and…
CVE-2024-22014 — CVSS 8.8 (high): An issue discovered in 360 Total Security Antivirus through 11.0.0.1061 for Windows allows attackers to gain escalated privileges via…
CVE-2025-57802: Airlink's Daemon interfaces with Docker and the Panel to provide secure access for controlling instances via the Panel. In version 1.0.0…
CVE-2025-46810: A UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of openSUSE Tumbleweed traefik2 allows the traefik user to escalate…
CVE-2025-33225 — CVSS 8.4 (high): NVIDIA Resiliency Extension for Linux contains a vulnerability in log aggregation, where an attacker could cause predictable log-file…
CVE-2026-49248: OneDev is a Git server with CI/CD, kanban, and packages. In versions 15.0.6 and below, TarUtils.untar() creates symbolic links verbatim…
CVE-2026-41326 — CVSS 8.2 (high): Kata Containers is an open source project focusing on a standard implementation of lightweight Virtual Machines (VMs) that perform like…
CVE-2026-7819 — CVSS 8.1 (high): Symbolic-link path traversal (CWE-61, CWE-22) in pgAdmin 4 File Manager. check_access_permission used os.path.abspath, which resolves '..'…
CVE-2025-10854 — CVSS 8.1 (high): The txtai framework allows the loading of compressed tar files as embedding indices. While the validate function is intended to prevent…
CVE-2024-47515 — CVSS 8.1 (high): A vulnerability was found in Pagure. Support of symbolic links during repository archiving of repositories allows the disclosure of local…
CVE-2026-12958 — CVSS 7.8 (high): Missing symlink validation in Language Servers for AWS may allow an arbitrary file write outside of the workspace trust boundary. This may…
CVE-2026-33711 — CVSS 7.8 (high): Incus is a system container and virtual machine manager. Incus provides an API to retrieve VM screenshots. That API relies on the use of a…
CVE-2026-24018 — CVSS 7.8 (high): A UNIX symbolic link (Symlink) following vulnerability in Fortinet FortiClientLinux 7.4.0 through 7.4.4, FortiClientLinux 7.2.2 through…
CVE-2025-66431 — CVSS 7.8 (high): WebPros Plesk before 18.0.73.5 and 18.0.74 before 18.0.74.2 on Linux allows remote authenticated users to execute arbitrary code as root…
CVE-2025-31133 — CVSS 7.8 (high): runc is a CLI tool for spawning and running containers according to the OCI specification. In versions 1.2.7 and below, 1.3.0-rc.1 through…
CVE-2021-25321 — CVSS 7.8 (high): A UNIX Symbolic Link (Symlink) Following vulnerability in arpwatch of SUSE Linux Enterprise Server 11-SP4-LTSS, SUSE Manager Server 4.0…
CVE-2025-24886 — CVSS 7.7 (high): pwn.college is an education platform to learn about, and practice, core cybersecurity concepts in a hands-on fashion. Incorrect symlink…
CVE-2020-8019 — CVSS 7.7 (high): A UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of syslog-ng of SUSE Linux Enterprise Debuginfo 11-SP3, SUSE Linux…
CVE-2020-8014 — CVSS 7.7 (high): A UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of kopano-spamd of openSUSE Leap 15.1, openSUSE Tumbleweed allowed…
CVE-2026-35525 — CVSS 7.5 (high): LiquidJS is a Shopify / GitHub Pages compatible template engine in pure JavaScript. Prior to 10.25.3, for {% include %}, {% render %}, and…
CVE-2026-25724 — CVSS 7.5 (high): Claude Code is an agentic coding tool. Prior to version 2.1.7, Claude Code failed to strictly enforce deny rules configured in…
CVE-2025-52881 — CVSS 7.5 (high): runc is a CLI tool for spawning and running containers according to the OCI specification. In versions 1.2.7, 1.3.2 and 1.4.0-rc.2, an…
CVE-2025-52565 — CVSS 7.5 (high): runc is a CLI tool for spawning and running containers according to the OCI specification. Versions 1.0.0-rc3 through 1.2.7, 1.3.0-rc.1…
CVE-2026-56815 — CVSS 7.4 (high): pwnlift before d7a9544, in a privileged deployment, contains a symlink following vulnerability in the upload handler in…
CVE-2026-13201 — CVSS 7.3 (high): A flaw was found in KubeVirt's safepath package used by virt-handler. The OpenAtNoFollow function uses O_PATH|O_NOFOLLOW to obtain a file…
CVE-2026-21916 — CVSS 7.3 (high): A UNIX Symbolic Link (Symlink) Following vulnerability in the CLI of Juniper Networks Junos OS allows a local, authenticated attacker with…
CVE-2026-22767 — CVSS 7.3 (high): Dell AppSync, version(s) 4.6.0, contain(s) an UNIX Symbolic Link (Symlink) Following vulnerability. A low privileged attacker with local…
CVE-2023-41969 — CVSS 7.3 (high): An arbitrary file deletion in ZSATrayManager where it protects the temporary encrypted ZApp issue reporting file from the unprivileged end…
CVE-2026-42306 — CVSS 7.2 (high): Moby is an open source container framework. In Docker Engine prior to version 29.5.1, Docker Daemon versions 28.5.2 and prior, and Moby…
CVE-2026-41937 — CVSS 7.2 (high): Vvveb before 1.0.8.3 contains an unrestricted file upload vulnerability in the plugin upload endpoint that allows super_admin users to…
CVE-2026-35632 — CVSS 7.1 (high): OpenClaw through 2026.2.22 contains a symlink traversal vulnerability in agents.create and agents.update handlers that use fs.appendFile on…
CVE-2026-23986 — CVSS 7.1 (high): Copier is a library and CLI app for rendering project templates. Prior to version 9.11.2, Copier suggests that it's safe to generate a…
CVE-2024-1933 — CVSS 7.1 (high): Insecure UNIX Symbolic Link (Symlink) Following in TeamViewer Remote Client prior Version 15.52 for macOS allows an attacker with…
CVE-2025-54867 — CVSS 7.0 (high): Youki is a container runtime written in Rust. Prior to version 0.5.5, if /proc and /sys in the rootfs are symbolic links, they can…
CVE-2025-53881: A UNIX Symbolic Link (Symlink) Following vulnerability in logrotate config in the exim package allowed privilege escalation from mail…
CVE-2021-25322 — CVSS 6.8 (medium): A UNIX Symbolic Link (Symlink) Following vulnerability in python-HyperKitty of openSUSE Leap 15.2, Factory allows local attackers to…
CVE-2026-53489 — CVSS 6.5 (medium): containerd is an open-source container runtime. Versions prior to 2.3.2, 2.2.5 and 2.1.9 contain a bug where the CRI plugin restores…
CVE-2026-43570 — CVSS 6.5 (medium): OpenClaw versions 2026.3.22 before 2026.4.5 contain a symlink traversal vulnerability in remote marketplace repository path handling that…