Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-61 — Vulnerability Class 94

94 vulnerabilities classified as CWE-61. AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2026-41326 Kata Containers: CopyFile Policy Subversion via Symlinks — kata-containers 8.4AIHighAI2026-04-24
CVE-2026-35372 uutils coreutils ln Security Bypass via Improper Handling of the --no-dereference Flag — coreutils 5.0 Medium2026-04-22
CVE-2026-40354 XDG Desktop Portal 安全漏洞 — xdg-desktop-portal 2.9 Low2026-04-11
CVE-2026-21916 Junos OS: A low privileged user can escalate their privileges so that they can login as root — Junos OS 7.3 High2026-04-09
CVE-2026-35632 OpenClaw < 2026.2.22 - Symlink Traversal via IDENTITY.md appendFile in agents.create/update — OpenClaw 7.1 High2026-04-09
CVE-2026-39860 Nix sandbox escape: file write via symlink at FOD `.tmp` copy destination — nix 9.0 Critical2026-04-08
CVE-2026-35525 LiquidJS has a root restriction bypass for partial and layout loading through symlinked templates — liquidjs 7.5AIHighAI2026-04-08
CVE-2026-34078 Flatpak has a complete sandbox escape leading to host file access and code execution in the host context — flatpak 7.8AIHighAI2026-04-07
CVE-2026-34447 ONNX: External Data Symlink Traversal — onnx 5.5 Medium2026-04-01
CVE-2026-22767 Dell AppSync 安全漏洞 — AppSync 7.3 High2026-04-01
CVE-2026-33711 Incus vulnerable to local privilege escalation through VM screenshot path — incus--2026-03-26
CVE-2026-33056 tar-rs: unpack_in can chmod arbitrary directories by following symlinks — tar-rs 8.1 -2026-03-20
CVE-2026-24018 Fortinet FortiClientLinux 安全漏洞 — FortiClientLinux 7.4 High2026-03-10
CVE-2026-27976 Zed Extension Sandbox Escape via Tar Symlink Following — zed 8.8 High2026-02-25
CVE-2026-27485 OpenClaw affected by Stored XSS in Control UI via unsanitized assistant name/avatar in inline script injection — openclaw 5.5 -2026-02-21
CVE-2026-25724 Claude Code Has Permission Deny Bypass Through Symbolic Links — claude-code 6.5AIMediumAI2026-02-06
CVE-2026-1386 Arbitrary Host File Overwrite via Symlink in Firecracker Jailer — Firecracker 6.0 Medium2026-01-23
CVE-2026-23986 Copier safe template has arbitrary filesystem write access via directory symlinks when _preserve_symlinks: true — copier 7.5AIHighAI2026-01-21
CVE-2026-23968 Copier safe template has arbitrary filesystem read access via symlinks when _preserve_symlinks: false — copier 8.2AIHighAI2026-01-21
CVE-2025-68937 Forgejo 安全漏洞 — Forgejo 8.4AIHighAI2025-12-25
CVE-2025-33225 NVIDIA Resiliency Extension 安全漏洞 — Resiliency Extension 8.4 High2025-12-16
CVE-2025-14693 Ugreen DH2100+ USB symlink — DH2100+ 6.2 Medium2025-12-15
CVE-2025-67487 Static Web Server is vulnerable to symbolic link Path Traversal — static-web-server 8.6AIHighAI2025-12-09
CVE-2025-66431 WebPros Plesk 安全漏洞 — Plesk 7.8 High2025-12-03
CVE-2025-65105 Apptainer ineffective application of selinux and apparmor --security options — apptainer 4.5 Medium2025-12-02
CVE-2025-64750 Singluarity ineffectively applies of selinux / apparmor LSM process labels — singularity 4.5 Medium2025-12-02
CVE-2025-62724 Open OnDemand allowlist bypass using symlinks in directory downloads (TOCTOU) — ondemand 4.3 Medium2025-11-20
CVE-2025-52881 runc: LSM labels can be bypassed with malicious config using dummy procfs files — runc 7.1 -2025-11-06
CVE-2025-52565 container escape due to /dev/console mount and related races — runc 7.3 -2025-11-06
CVE-2025-31133 runc container escape via "masked path" abuse due to mount race conditions — runc 5.5 -2025-11-06

Vulnerabilities classified as CWE-61 represent 94 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.