Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-59

CWE-59

Medium likelihood

Improper Link Resolution Before File Access ('Link Following')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

1,518 vulnerabilities with CWE-59

CVE-2025-21419 HIGH

Windows 10 1507-24H2 and Windows Server 2008-2012 - Elevation of Privilege via Setup Files Cleanup

CVE-2025-21391 HIGH KEV

Windows 10/11, Server 2016-2019 Elevation of Privilege via Improper Link Resolution

CVE-2025-21373 HIGH

Windows 10/11, Server 2008 Elevation of Privilege via Windows Installer

CVE-2025-21347 MEDIUM

Windows Deployment Services - Denial of Service via Improper Link Resolution

CVE-2025-21322 HIGH

Microsoft PC Manager < 3.15.4.0 - Elevation of Privilege via Improper Link Resolution

CVE-2025-21188 MEDIUM

Azure Network Watcher < 1.4.3563.1 - Elevation of Privilege via Improper Link Resolution

CVE-2025-0413 HIGH

Parallels Desktop - Privilege Escalation

CVE-2025-0146 LOW

Zoom Workplace App for macOS <6.2.10 - DoS

CVE-2025-24136 MEDIUM

macOS < 13.7.3, < 14.7.3, < 15.3 - Unauthorized Symlink Creation to Protected Disk Regions

CVE-2025-24104 MEDIUM

iPadOS < 17.7.4 and < 18.3 - Arbitrary File Write via Malicious Backup Restore

CVE-2025-24103 MEDIUM

macOS < 13.7.3, < 14.7.3, < 15.3 - Unprotected User Data Exposure via Symlink Validation Bypass

CVE-2025-0377 HIGH

HashiCorp's go-slug - Path Traversal

CVE-2025-21331 HIGH

Windows 10 1507-22H2 and Windows 11 22H2-23H2 - Elevation of Privilege via Windows Installer

CVE-2025-21274 MEDIUM

Windows 10 1507-24H2 and Windows Server 2012-2016 - Denial of Service via Event Tracing

CVE-2024-54554 MEDIUM

macOS < 15.1 - Unprotected User Data Exposure via Symlink Handling

CVE-2024-54189 HIGH

Parallels Desktop for Mac <20.1.1 - Privilege Escalation

CVE-2024-52561 HIGH

Parallels Desktop for Mac 20.1.1 - Privilege Escalation via Snapshot Symlink Ownership Manipulation

CVE-2024-36486 HIGH

Parallels Desktop for Mac <20.1.1 - Privilege Escalation

CVE-2024-11857 HIGH

Realtek Bluetooth HCI Adaptor - Privilege Escalation

CVE-2024-9524 HIGH

Avira Prime <1.1.96.2 - Local Privilege Escalation

CVE-2024-13962 HIGH

Avast Cleanup Premium <24.2.16593.17810 - Privilege Escalation

CVE-2024-13961 HIGH

Avast Cleanup Premium <24.2.16593.17810 - Privilege Escalation

CVE-2024-13960 HIGH

AVG TuneUp <23.4-15592 - Privilege Escalation

CVE-2024-13959 HIGH

AVG TuneUp <24.2.16593.9844 - Local Privilege Escalation

CVE-2024-13944 HIGH

Norton Utilities Ultimate <24.2.16862.6344 - Privilege Escalation

Previous Page 11 of 61 Next

Details

Vulnerabilities 1,518

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy