CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-26088
https://notcve.org/view.php?id=CVE-2023-26088
23 Mar 2023 — In Malwarebytes before 4.5.23, a symbolic link may be used delete any arbitrary file on the system by exploiting the local quarantine system. It can also lead to privilege escalation in certain scenarios. • https://support.malwarebytes.com/hc/en-us/articles/14279575968659-Malwarebytes-for-Windows-4-5-23-Release-Notes • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2020-28641
https://notcve.org/view.php?id=CVE-2020-28641
22 Dec 2020 — In Malwarebytes Free 4.1.0.56, a symbolic link may be used delete an arbitrary file on the system by exploiting the local quarantine system. En Malwarebytes Free versión 4.1.0.56, se puede utilizar un enlace simbólico para eliminar un archivo arbitrario en el sistema explotando el sistema de cuarentena local • https://support.malwarebytes.com/hc/en-us/articles/1500000403501-Arbitrary-file-deletion-vulnerability-fixed-in-Malwarebytes-Endpoint-Protection • CWE-59: Improper Link Resolution Before File Access ('Link Following') •