Total
1472 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-45770 | 1 Redhat | 5 Enterprise Linux, Rhel Aus, Rhel E4s and 2 more | 2025-11-20 | 4.4 Medium |
| A vulnerability was found in Performance Co-Pilot (PCP). This flaw can only be exploited if an attacker has access to a compromised PCP system account. The issue is related to the pmpost tool, which is used to log messages in the system. Under certain conditions, it runs with high-level privileges. | ||||
| CVE-2025-22247 | 2025-11-18 | 6.1 Medium | ||
| VMware Tools contains an insecure file handling vulnerability. A malicious actor with non-administrative privileges on a guest VM may tamper the local files to trigger insecure file operations within that VM. | ||||
| CVE-2025-34194 | 3 Microsoft, Printerlogic, Vasion | 5 Windows, Vasion Print, Virtual Appliance and 2 more | 2025-11-17 | 7.8 High |
| Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 25.1.102 and Application versions prior to 25.1.1413 (Windows client deployments) contain an insecure temporary-file handling vulnerability in the PrinterInstallerClient components. The software creates files as NT AUTHORITY\SYSTEM inside a directory under the control of the local user (C:\Users\%USER%\AppData\Local\Temp\). An attacker who can place symbolic links or otherwise influence filenames in that directory can cause the service to follow the link and write to arbitrary filesystem locations as SYSTEM. This allows a local, unprivileged user to overwrite or create files as SYSTEM, leading to local privilege escalation and the ability to modify configuration files, replace or inject binaries, or otherwise compromise confidentiality, integrity, and availability of the system. This vulnerability has been confirmed to be remediated, but it is unclear as to when the patch was introduced. | ||||
| CVE-2025-11190 | 1 Synchroweb | 1 Kiwire | 2025-11-17 | 5.4 Medium |
| The Kiwire Captive Portal contains an open redirection issue via the login-url parameter, allowing an attacker to redirect users to an attacker controlled website. | ||||
| CVE-2025-12418 | 1 Revenera | 1 Installshield | 2025-11-13 | N/A |
| Potential Denial of Service issue in all supported versions of Revenera InstallShield version 2025 R1, 2024 R2, 2023 R2, and prior. When e.g., a local administrator performs an uninstall, a symlink may get followed on removal of a user writeable configuration directory and induce a Denial of Service as a result. The issue is resolved through the hotfixes InstallShield2025R1-CVE-2025-12418-SecurityPatch, InstallShield2024R2-CVE-2025-12418-SecurityPatch, and InstallShield2023R2-CVE-2025-12418-SecurityPatch. | ||||
| CVE-2025-24918 | 1 Intel | 2 Server Configuration Utility, Server Firmware Update Utility | 2025-11-12 | 6.7 Medium |
| Improper link resolution before file access ('link following') for some Intel(R) Server Configuration Utility software and Intel(R) Server Firmware Update Utility software before version 16.0.12. within Ring 3: User Applications may allow an escalation of privilege. System software adversary with an authenticated user combined with a high complexity attack may enable escalation of privilege. This result may potentially occur via local access when attack requirements are present without special internal knowledge and requires active user interaction. The potential vulnerability may impact the confidentiality (high), integrity (high) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts. | ||||
| CVE-2020-36193 | 5 Debian, Drupal, Fedoraproject and 2 more | 6 Debian Linux, Drupal, Fedora and 3 more | 2025-11-07 | 7.5 High |
| Tar.php in Archive_Tar through 1.4.11 allows write operations with Directory Traversal due to inadequate checking of symbolic links, a related issue to CVE-2020-28948. | ||||
| CVE-2025-9871 | 1 Razer | 2 Synapse, Synapse 3 | 2025-11-06 | N/A |
| Razer Synapse 3 Chroma Connect Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Razer Synapse 3. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Razer Chroma SDK installer. By creating a symbolic link, an attacker can abuse the installer to delete arbitrary files. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-26373. | ||||
| CVE-2025-55188 | 1 7-zip | 1 7-zip | 2025-11-04 | 3.6 Low |
| 7-Zip before 25.01 does not always properly handle symbolic links during extraction. | ||||
| CVE-2025-23267 | 1 Nvidia | 1 Container Toolkit | 2025-11-04 | 8.5 High |
| NVIDIA Container Toolkit for all platforms contains a vulnerability in the update-ldcache hook, where an attacker could cause a link following by using a specially crafted container image. A successful exploit of this vulnerability might lead to data tampering and denial of service. | ||||
| CVE-2023-42942 | 1 Apple | 6 Ipad Os, Ipados, Iphone Os and 3 more | 2025-11-04 | 7.8 High |
| This issue was addressed with improved handling of symlinks. This issue is fixed in watchOS 10.1, macOS Sonoma 14.1, tvOS 17.1, iOS 16.7.2 and iPadOS 16.7.2, iOS 17.1 and iPadOS 17.1, macOS Ventura 13.6.1. A malicious app may be able to gain root privileges. | ||||
| CVE-2023-41968 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2025-11-04 | 5.5 Medium |
| This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Ventura 13.6, tvOS 17, macOS Monterey 12.7, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to read arbitrary files. | ||||
| CVE-2024-32002 | 2 Git, Redhat | 6 Git, Enterprise Linux, Rhel Aus and 3 more | 2025-11-04 | 9.1 Critical |
| Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, repositories with submodules can be crafted in a way that exploits a bug in Git whereby it can be fooled into writing files not into the submodule's worktree but into a `.git/` directory. This allows writing a hook that will be executed while the clone operation is still running, giving the user no opportunity to inspect the code that is being executed. The problem has been patched in versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4. If symbolic link support is disabled in Git (e.g. via `git config --global core.symlinks false`), the described attack won't work. As always, it is best to avoid cloning repositories from untrusted sources. | ||||
| CVE-2023-33865 | 1 Renderdoc | 1 Renderdoc | 2025-11-03 | 7.8 High |
| RenderDoc before 1.27 allows local privilege escalation via a symlink attack. It relies on the /tmp/RenderDoc directory regardless of ownership. | ||||
| CVE-2023-31003 | 1 Ibm | 2 Security Verify Access, Security Verify Access Docker | 2025-11-03 | 8.4 High |
| IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.6.1) could allow a local user to obtain root access due to improper access controls. IBM X-Force ID: 254658. | ||||
| CVE-2022-22995 | 3 Fedoraproject, Netatalk, Westerndigital | 24 Fedora, Netatalk, My Cloud and 21 more | 2025-11-03 | 10 Critical |
| The combination of primitives offered by SMB and AFP in their default configuration allows the arbitrary writing of files. By exploiting these combination of primitives, an attacker can execute arbitrary code. | ||||
| CVE-2025-54798 | 1 Raszi | 2 Node-tmp, Tmp | 2025-11-03 | 2.5 Low |
| tmp is a temporary file and directory creator for node.js. In versions 0.2.3 and below, tmp is vulnerable to an arbitrary temporary file / directory write via symbolic link dir parameter. This is fixed in version 0.2.4. | ||||
| CVE-2025-52936 | 2025-11-03 | N/A | ||
| Improper Link Resolution Before File Access ('Link Following') vulnerability in yrutschle sslh.This issue affects sslh: before 2.2.2. | ||||
| CVE-2024-12905 | 1 Redhat | 2 Openshift Devspaces, Rhdh | 2025-11-03 | 7.5 High |
| An Improper Link Resolution Before File Access ("Link Following") and Improper Limitation of a Pathname to a Restricted Directory ("Path Traversal"). This vulnerability occurs when extracting a maliciously crafted tar file, which can result in unauthorized file writes or overwrites outside the intended extraction directory. The issue is associated with index.js in the tar-fs package. This issue affects tar-fs: from 0.0.0 before 1.16.4, from 2.0.0 before 2.1.2, from 3.0.0 before 3.0.8. | ||||
| CVE-2022-30333 | 4 Debian, Linux, Opengroup and 1 more | 4 Debian Linux, Linux Kernel, Unix and 1 more | 2025-11-03 | 7.5 High |
| RARLAB UnRAR before 6.12 on Linux and UNIX allows directory traversal to write to files during an extract (aka unpack) operation, as demonstrated by creating a ~/.ssh/authorized_keys file. NOTE: WinRAR and Android RAR are unaffected. | ||||