Summary
Hugo: Symlink confinement bypass in resources.Get
References
Related vulnerabilities
All Supply chain →- MEDIUMGHSA-3PVJ-JV98-QHJQ
Chrome DevTools for agents: daemon.pid write follows symlinks in /tmp fallback runtime directory
- HIGHGHSA-7CX2-G3H9-382P
Crawl4AI: Arbitrary file write (symlink/TOCTOU) plus log and webhook-header injection in Docker server
- MEDIUMGHSA-GR75-JV2W-4656
LangChain: Path traversal and sandbox escape in LangChain file-search middleware and loaders
- MEDIUMGHSA-7Q4V-2MR6-5GPX
Microsoft Security Advisory CVE-2026-45491 – .NET Tampering Vulnerability
- MEDIUMGHSA-239W-M3H6-CH8V
File Browser: Symlink following lets scoped users read, overwrite, and share files outside their filebrowser scope
- MEDIUMGHSA-HHPQ-7WG4-36JM
CakePHP Authentication: Open redirect weakness via backslash bypass