Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-59

CWE-59

Medium likelihood

Improper Link Resolution Before File Access ('Link Following')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

1,518 vulnerabilities with CWE-59

CVE-2024-49051 HIGH

Microsoft PC Manager < 3.14.10.0 - Elevation of Privilege via Improper Link Resolution

CVE-2024-10007 CRITICAL

GitHub Enterprise Server < 3.11.17 - Authenticated Path Collision and Remote Code Execution via ghe-firejail Path

CVE-2024-6868 CRITICAL

mudler/LocalAI <2.17.1 - Code Injection

CVE-2024-44273 MEDIUM

iPadOS < 18.1 - Improper Link Resolution Before File Access

CVE-2024-44264 MEDIUM

macOS < 13.7.1, < 14.7.1, < 15.1 - Symlink Validation Bypass

CVE-2024-44258 HIGH

iPadOS < 17.7.1 - Arbitrary File Write via Symlink Handling

CVE-2024-44175 MEDIUM

macOS < 14.7.1 and < 15 - Unprotected User Data Exposure via Symlink Validation Issue

CVE-2024-45316 HIGH

SonicWall Connect Tunnel <12.4.3.271 - Privilege Escalation

CVE-2024-45315 MEDIUM

SonicWall Connect Tunnel <12.4.3.271 - Privilege Escalation

CVE-2024-43603 MEDIUM

Visual Studio 2017 < 15.9.67, 2019 < 16.11.41, 2022 17.6.0-17.6.20 - Denial of Service via Collector Service

CVE-2024-43551 HIGH

Windows 10/11, Server 2016-2022 Elevation of Privilege via Improper Link Resolution

CVE-2024-43501 HIGH

Windows Common Log File System Driver - Elevation of Privilege via Improper Link Resolution

CVE-2024-38097 HIGH

Azure Monitor Agent - Privilege Escalation

CVE-2024-27458 HIGH

HP Hotkey Support - Privilege Escalation

CVE-2024-9341 MEDIUM

containers/common < 0.60.4 - Symbolic Link Following via FIPS Mode File Path Handling

CVE-2024-8404 HIGH

PaperCut NG/MF - Windows - File Deletion

CVE-2024-45770 MEDIUM

Performance Co-Pilot - Privilege Escalation

CVE-2024-46744 HIGH

Linux Kernel < 4.19.322, 4.20.0-6.10.10 DoS via Corrupted Squashfs Symbolic Link

CVE-2024-44178 MEDIUM

macOS < 13.7, < 14.7, < 15 - Unprotected User Data Exposure via Symlink Validation Bypass

CVE-2024-44132 HIGH

macOS < 15.0 - Sandbox Escape via Symlink Handling

CVE-2024-44131 MEDIUM

iPadOS < 18.0 - Unprotected User Data Exposure via Symlink Validation Bypass

CVE-2024-43470 HIGH

Azure Network Watcher Agent 1.4.3320.1-1.4.3422.1 - Elevation of Privilege via Improper Link Resolution

CVE-2024-38188 HIGH

Azure Network Watcher VM Agent - Privilege Escalation

CVE-2024-39578 MEDIUM

Dell PowerScale OneFS 8.2.2.x-9.8.0.1 - Denial of Service and Information Tampering via Symlink Following

CVE-2024-5928 HIGH

VIPRE Advanced Security - Local Privilege Escalation via Symbolic Link in Patch Management Agent

Previous Page 14 of 61 Next

Details

Vulnerabilities 1,518

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy