Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-59

CWE-59

Medium likelihood

Improper Link Resolution Before File Access ('Link Following')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

1,520 vulnerabilities with CWE-59

CVE-2023-39107 CRITICAL

NoMachine Free Edition/Enterprise Client <v8.8.1 - File Overwrite

CVE-2023-4053 MEDIUM

Firefox <116, Firefox ESR <115.2, Thunderbird <115.2 - SSRF

CVE-2023-4052 MEDIUM

Firefox <116 - Privilege Escalation

CVE-2023-36874 HIGH KEV

Windows Error Reporting Service - Privilege Escalation

CVE-2023-35353 HIGH

Windows 10 1607-22H2, Windows 11 21H2-22H2, Windows Server 2016-2022 - Elevation of Privilege via Telemetry

CVE-2023-35347 HIGH

Windows 10/11 & Server 2022 Elevation of Privilege via Improper Link Resolution

CVE-2023-35342 HIGH

Windows Image Acquisition - Elevation of Privilege via Improper Link Resolution

CVE-2023-35320 HIGH

Windows 10/11 & Server 2016/2019/2022 Elevation of Privilege via Connected User Experiences and Telemetry

CVE-2023-33148 HIGH

Microsoft Office - Privilege Escalation

CVE-2023-32056 HIGH

Windows Server Update Service - Elevation of Privilege via Improper Link Resolution

CVE-2023-32053 HIGH

Windows Installer - Elevation of Privilege via Improper Link Resolution

CVE-2023-32050 HIGH

Windows Server 2008 - Elevation of Privilege via Improper Link Resolution

CVE-2023-37206 MEDIUM

Firefox < 115.0 - Symlink Following via File Upload

CVE-2023-27469 HIGH

Malwarebytes Anti-Exploit < 4.4.0.220 - Arbitrary File Deletion and Denial of Service via ALPC Message

CVE-2023-32556 MEDIUM

Trend Micro Apex One < 14.0.12105 - Sensitive Information Disclosure via Link Following

CVE-2023-28065 MEDIUM

Dell Alienware Update < 4.9.0 - Privilege Escalation via Insecure Windows Junction Handling

CVE-2023-28071 MEDIUM

Dell Command Update, Dell Update, Alienware Update < 4.9.0 - DoS via Windows Junction Manipulation

CVE-2023-32012 HIGH

Windows Container Manager Service - Privilege Escalation

CVE-2023-29351 HIGH

Windows Group Policy < - Privilege Escalation

CVE-2023-33865 HIGH

RenderDoc <1.27 - Privilege Escalation

CVE-2023-2939 HIGH

Google Chrome < 114.0.5735.90 - Privilege Escalation via Symbolic Link

CVE-2023-33245 HIGH

Minecraft <1.19-1.20 - Code Injection

CVE-2023-34204 MEDIUM

imapsync <2.229 - Privilege Escalation

CVE-2023-27529 HIGH

Wacom Tablet Driver Installer < 6.4.2-1 - Improper Link Resolution Before File Access

CVE-2023-29343 HIGH

SysInternals Sysmon - Privilege Escalation

Previous Page 20 of 61 Next

Details

Vulnerabilities 1,520

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy