Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-59

CWE-59

Medium likelihood

Improper Link Resolution Before File Access ('Link Following')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

1,518 vulnerabilities with CWE-59

CVE-2024-13759 HIGH

Avira Prime <1.1.96.2 - Privilege Escalation

CVE-2024-12905 HIGH

tar-fs < 1.16.4, 2.0.0-2.1.2, 3.0.0-3.0.8 - Path Traversal and Arbitrary File Write via Malicious Tar Extraction

CVE-2024-12390 HIGH

binary-husky gpt_academic - Remote Code Execution via RAR File Symlink Extraction

CVE-2024-12216 HIGH

gluoncv 0.10.0 - Arbitrary File Write via TarSlip in ImageClassificationDataset.from_csv()

CVE-2024-10986 HIGH

GPT Academic 3.83 - Local File Read via HotReload Symlink Handling

CVE-2024-45418 MEDIUM

Zoom Meeting SDK < 6.1.5 - Authenticated Privilege Escalation via Symlink Following

CVE-2024-57728 HIGH KEV

SimpleHelp < 5.5.8 - Authenticated Path Traversal and Arbitrary File Write via Zip Slip

CVE-2024-52050 HIGH

Trend Micro Apex One - Privilege Escalation

CVE-2024-13043 HIGH

Panda Security Dome - Privilege Escalation

CVE-2024-12753 HIGH

Foxit PDF Editor 11.0.0-11.2.11.54113 & Reader <2024.3.0.26795 - LPE via Installer Junction Abuse

CVE-2024-12754 MEDIUM

AnyDesk - Information Disclosure via Junction Link Following in Background Image Handling

CVE-2024-52535 HIGH

Dell SupportAssist for Home PCs < 4.6.2 and Business PCs < 4.5.1 - Authenticated Privilege Escalation via Symlink Attack

CVE-2024-44211 MEDIUM

macOS < 15.1 - Unprotected User Data Exposure via Symlink Validation

CVE-2024-47480 HIGH

Dell Inventory Collector Client <12.7.0 - Privilege Escalation

CVE-2024-52542 MEDIUM

Dell AppSync 4.6.0.0-4.6.0.2 - Symbolic Link Following

CVE-2024-56074 MEDIUM

gitingest <9996a06 - Path Traversal

CVE-2024-12552 HIGH

Wacom Center - Local Privilege Escalation via Symbolic Link in WTabletServicePro

CVE-2024-49107 HIGH

Windows 10 1507-22H2, Windows 11 22H2-24H2, Windows Server 2016-2019 - Elevation of Privilege via WmsRepair Service

CVE-2024-49059 HIGH

Microsoft 365 Apps and Office - Elevation of Privilege via Race Condition

CVE-2024-52537 MEDIUM

Dell Dock HD22Q, WD19, and WD22TB4 Firmware Update Utility - Privilege Escalation via Symlink Following

CVE-2024-37143 CRITICAL

Dell PowerFlex and InsightIQ - Unauthenticated Arbitrary Code Execution via Improper Link Resolution

CVE-2024-53691 HIGH

QNAP QTS and QuTS hero - Link Following via File System Traversal

CVE-2024-50404 HIGH

Qsync Central 4.4.0-4.4.0.15 - Authenticated Path Traversal via Symbolic Link

CVE-2024-22038 HIGH

obs-scm-bridge - Info Disclosure/DoS

CVE-2024-7243 HIGH

Panda Security Dome - Local Privilege Escalation via Junction Link Following

Previous Page 12 of 61 Next

Details

Vulnerabilities 1,518

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy