Total
1391 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-25148 | 2 Microsoft, Trendmicro | 2 Windows, Apex One | 2025-03-05 | N/A | 7.8 HIGH |
| A security agent link following vulnerability in Trend Micro Apex One could allow a local attacker to exploit the vulnerability by changing a specific file into a pseudo-symlink, allowing privilege escalation on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | |||||
| CVE-2023-25146 | 2 Microsoft, Trendmicro | 2 Windows, Apex One | 2025-03-05 | N/A | 7.8 HIGH |
| A security agent link following vulnerability in the Trend Micro Apex One agent could allow a local attacker to quarantine a file, delete the original folder and replace with a junction to an arbitrary location, ultimately leading to an arbitrary file dropped to an arbitrary location. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | |||||
| CVE-2023-25145 | 2 Microsoft, Trendmicro | 2 Windows, Apex One | 2025-03-05 | N/A | 7.8 HIGH |
| A link following vulnerability in the scanning function of Trend Micro Apex One agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | |||||
| CVE-2024-45418 | 1 Zoom | 4 Meeting Software Development Kit, Rooms, Video Software Development Kit and 1 more | 2025-03-04 | N/A | 5.4 MEDIUM |
| Symlink following in the installer for some Zoom apps for macOS before version 6.1.5 may allow an authenticated user to conduct an escalation of privilege via network access. | |||||
| CVE-2024-0068 | 2 Apple, Hypr | 2 Macos, Workforce Access | 2025-03-04 | N/A | 5.5 MEDIUM |
| Improper Link Resolution Before File Access ('Link Following') vulnerability in HYPR Workforce Access on MacOS allows File Manipulation.This issue affects Workforce Access: before 8.7.1. | |||||
| CVE-2023-24577 | 1 Mcafee | 1 Total Protection | 2025-03-03 | N/A | 5.5 MEDIUM |
| McAfee Total Protection prior to 16.0.50 allows attackers to elevate user privileges due to Improper Link Resolution via registry keys. This could enable a user with lower privileges to execute unauthorized tasks. | |||||
| CVE-2023-33148 | 1 Microsoft | 2 365 Apps, Office | 2025-02-28 | N/A | 7.8 HIGH |
| Microsoft Office Elevation of Privilege Vulnerability | |||||
| CVE-2023-27850 | 1 Netgear | 2 Rax30, Rax30 Firmware | 2025-02-28 | N/A | 6.8 MEDIUM |
| NETGEAR Nighthawk WiFi6 Router prior to V1.0.10.94 contains a file sharing mechanism that allows users with access to this feature to access arbitrary files on the device. | |||||
| CVE-2025-21347 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2025-02-28 | N/A | 6.0 MEDIUM |
| Windows Deployment Services Denial of Service Vulnerability | |||||
| CVE-2025-21322 | 1 Microsoft | 1 Pc Manager | 2025-02-28 | N/A | 7.8 HIGH |
| Microsoft PC Manager Elevation of Privilege Vulnerability | |||||
| CVE-2025-21373 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-02-26 | N/A | 7.8 HIGH |
| Windows Installer Elevation of Privilege Vulnerability | |||||
| CVE-2025-21420 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2025-02-14 | N/A | 7.8 HIGH |
| Windows Disk Cleanup Tool Elevation of Privilege Vulnerability | |||||
| CVE-2025-21419 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-02-14 | N/A | 7.1 HIGH |
| Windows Setup Files Cleanup Elevation of Privilege Vulnerability | |||||
| CVE-2023-52138 | 1 Mate-desktop | 1 Engrampa | 2025-02-13 | N/A | 8.2 HIGH |
| Engrampa is an archive manager for the MATE environment. Engrampa is found to be vulnerable to a Path Traversal vulnerability that can be leveraged to achieve full Remote Command Execution (RCE) on the target. While handling CPIO archives, the Engrampa Archive manager follows symlink, cpio by default will follow stored symlinks while extracting and the Archiver will not check the symlink location, which leads to arbitrary file writes to unintended locations. When the victim extracts the archive, the attacker can craft a malicious cpio or ISO archive to achieve RCE on the target system. This vulnerability was fixed in commit 63d5dfa. | |||||
| CVE-2022-43293 | 1 Wacom | 1 Driver | 2025-02-11 | N/A | 5.9 MEDIUM |
| Wacom Driver 6.3.46-1 for Windows was discovered to contain an arbitrary file write vulnerability via the component \Wacom\Wacom_Tablet.exe. | |||||
| CVE-2022-38604 | 2 Microsoft, Wacom | 2 Windows, Driver | 2025-02-11 | N/A | 7.3 HIGH |
| Wacom Driver 6.3.46-1 for Windows and lower was discovered to contain an arbitrary file deletion vulnerability. | |||||
| CVE-2024-52537 | 3 Dell, Linux, Microsoft | 5 Dock Hd22q Firmware Update Utility, Dock Wd19 Firmware Update Utility, Dock Wd22tb4 Firmware Update Utility and 2 more | 2025-02-04 | N/A | 6.3 MEDIUM |
| Dell Client Platform Firmware Update Utility contains an Improper Link Resolution vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of Privileges. | |||||
| CVE-2024-47480 | 1 Dell | 1 Inventory Collector | 2025-02-04 | N/A | 7.8 HIGH |
| Dell Inventory Collector Client, versions prior to 12.7.0, contains an Improper Link Resolution Before File Access vulnerability. A low-privilege attacker with local access may exploit this vulnerability, potentially resulting in Elevation of Privileges and unauthorized file system access. | |||||
| CVE-2024-52542 | 1 Dell | 1 Appsync | 2025-02-04 | N/A | 4.4 MEDIUM |
| Dell AppSync, version 4.6.0.x, contain a Symbolic Link (Symlink) Following vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to information tampering. | |||||
| CVE-2024-57728 | 1 Simple-help | 1 Simplehelp | 2025-01-31 | N/A | 7.2 HIGH |
| SimpleHelp remote support software v5.5.7 and before allows admin users to upload arbitrary files anywhere on the file system by uploading a crafted zip file (i.e. zip slip). This can be exploited to execute arbitrary code on the host in the context of the SimpleHelp server user. | |||||