PULSE
EN VIVO18señales / 24h
FEED
ransomincransom reclama a v-silicon.com · TW · Technologyransomincransom reclama a FAST.COM.PH · PH · Technologyransomincransom reclama a D.MAG New Material Technology Co., Ltd. Taiwan Giant · TW · Manufacturingransomincransom reclama a vedan corp · VN · Agriculture and Food Productionransomincransom reclama a reatile.co.za · ZA · Not Foundransomincransom reclama a V&P Nurseries · US · Agriculture and Food Productionransomqilin reclama a Powder River Heating & Air Conditioning · US · Consumer Servicesransomqilin reclama a Droguería Martorani · AR · Consumer Servicesransomthegentlemen reclama a Military Sealift Command · US · Transportation/Logisticsransomthegentlemen reclama a Advantage Home Health Care · US · Healthcareransomthegentlemen reclama a Sunway Scientific · TW · Manufacturingransomqilin reclama a Cafar · AR · Agriculture and Food Productionransominterlock reclama a Centre for Newcomers · CA · Public Sectorransominterlock reclama a Paragon Store Fixtures · US · Manufacturingransomincransom reclama a v-silicon.com · TW · Technologyransomincransom reclama a FAST.COM.PH · PH · Technologyransomincransom reclama a D.MAG New Material Technology Co., Ltd. Taiwan Giant · TW · Manufacturingransomincransom reclama a vedan corp · VN · Agriculture and Food Productionransomincransom reclama a reatile.co.za · ZA · Not Foundransomincransom reclama a V&P Nurseries · US · Agriculture and Food Productionransomqilin reclama a Powder River Heating & Air Conditioning · US · Consumer Servicesransomqilin reclama a Droguería Martorani · AR · Consumer Servicesransomthegentlemen reclama a Military Sealift Command · US · Transportation/Logisticsransomthegentlemen reclama a Advantage Home Health Care · US · Healthcareransomthegentlemen reclama a Sunway Scientific · TW · Manufacturingransomqilin reclama a Cafar · AR · Agriculture and Food Productionransominterlock reclama a Centre for Newcomers · CA · Public Sectorransominterlock reclama a Paragon Store Fixtures · US · Manufacturing
← Todos los CVEs
CVE Watch9 jul 2026

CVE-2022-32450

AnyDesk 7.0.9 allows a local user to gain SYSTEM privileges via a symbolic link because the user can write to their own %APPDATA% folder (us

CVSS

7.1

Alto

EPSS

0.5%

p41

KEV

Exploit Today

12

0-100

Publicado: 18 jul 2022 · Última mod.: 9 jul 2026 · CWE-59

EPSS · 30d
0.5%EPSS · 30 días0.5%
2026-06-302026-07-17
Descripción técnica

AnyDesk 7.0.9 allows a local user to gain SYSTEM privileges via a symbolic link because the user can write to their own %APPDATA% folder (used for ad.trace and chat) but the product runs as SYSTEM when writing chat-room data there.

Referencias oficiales
CVEs relacionados
CVECVSSEPSSKEVRExplotTítuloVis.
CVE-2026-506567.8 ALT
87.5%
26Microsoft is aware of an elevation of privilege in the Microsoft Malware Protection Engine in Microsoft Defender publicly referred to as "RoguePlanet ".9d
CVE-2026-3407810.0 CRÍ
74.3%
22Flatpak is a Linux application sandboxing and distribution framework. Prior to 1.16.4, the Flatpak portal accepts paths in the sandbox-expose options which can be app-controlled symlinks pointing at arbitrary paths. Flatpak run mounts the resolved host path in the sandbox. This gives apps access to all host files and can be used as a primitive to gain code execution in the host context. This vulnerability is fixed in 1.16.4.3d
CVE-2026-330018.8 ALT
63.6%
19Jenkins 2.554 and earlier, LTS 2.541.2 and earlier does not safely handle symbolic links during the extraction of .tar and .tar.gz archives, allowing crafted archives to write files to arbitrary locations on the filesystem, restricted only by file system access permissions of the user running Jenkins. This can be exploited to deploy malicious scripts or plugins on the controller by attackers with Item/Configure permission, or able to control agent processes.3d
CVE-2020-239687.8 ALT
55.3%
17Ilex International Sign&go Workstation Security Suite 7.1 allows elevation of privileges via a symlink attack on ProgramData\Ilex\S&G\Logs\000-sngWSService1.log.9d
CVE-2026-556078.8 ALT
51.3%
15Claude Code is an agentic coding tool. From 2.1.38 until 2.1.163, Claude Code's worktree handling allowed creation of worktrees named ".git" and navigation to worktrees outside the sandbox context, enabling git directory confusion attacks. By exploiting symlink manipulation and git fsmonitor execution during worktree operations, an attacker could overwrite files in the user's home directory (such as .zshenv), leading to code execution outside of seatbelt sandbox restrictions. Reliably exploiting this required the user to clone a malicious repository containing prompt injection content and run Claude Code against it. This vulnerability is fixed in 2.1.163.18d
CVE-2026-579917.4 ALT
50.7%
15Improper link resolution before file access ('link following') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to disclose information over a network.11d