Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-59

CWE-59

Medium likelihood

Improper Link Resolution Before File Access ('Link Following')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

1,520 vulnerabilities with CWE-59

CVE-2023-24904 HIGH

Windows Installer < - Privilege Escalation

CVE-2023-28141 MEDIUM

Qualys Cloud Agent < 4.8.0.31 - Arbitrary File Write via NTFS Junction

CVE-2023-28972 MEDIUM

Juniper Networks Junos OS - Info Disclosure

CVE-2023-28222 HIGH

Windows Kernel - Elevation of Privilege via Improper Link Resolution

CVE-2023-0652 HIGH

Cloudflare WARP < 2023.3.381.0 - Privilege Escalation via Hardlink Attack

CVE-2023-1412 HIGH

Cloudflare WARP Client <=2022.12.582.0 - Privilege Escalation

CVE-2023-25940 MEDIUM

Dell PowerScale OneFS 9.5.0.0 - Improper Link Resolution Before File Access in isi_gather_info

CVE-2023-28642 MEDIUM

runc < 1.1.5 - AppArmor Bypass via Symlinked /proc

CVE-2023-28892 HIGH

Malwarebytes AdwCleaner 8.4.0 - Privilege Escalation

CVE-2023-26088 HIGH

Malwarebytes <4.5.23 - Privilege Escalation

CVE-2023-1314 HIGH

cloudflared <= 2023.3.0 - Privilege Escalation via MSI Installer Symbolic Link Attack

CVE-2023-24930 HIGH

Microsoft OneDrive for MacOS - Privilege Escalation

CVE-2023-24577 MEDIUM

McAfee Total Protection <16.0.50 - Privilege Escalation

CVE-2023-25148 HIGH

Trend Micro Apex One < 14.0.11960 - Privilege Escalation via Symlink Attack

CVE-2023-25146 HIGH

Trend Micro Apex One < 14.0.11960 - Arbitrary File Write via Junction Link Following

CVE-2023-25145 HIGH

Trend Micro Apex One < 14.0.11960 - Privilege Escalation via Link Following

CVE-2023-27850 MEDIUM

NETGEAR Nighthawk WiFi6 Router < 1.0.10.94 - Arbitrary File Access via File Sharing Mechanism

CVE-2023-23558 MEDIUM

Eternal Terminal 6.2.1 - Sensitive Information Exposure via Fixed /tmp Path

CVE-2023-21567 MEDIUM

Visual Studio 2017 15.0-15.9.51, 2019 16.0-16.11.23, 2022 < 17.0.19 - Denial of Service via Improper Link Resolution

CVE-2023-22490 MEDIUM

Git < 2.30.8 - Arbitrary File Read via Symbolic Link in Local Clone Optimization

CVE-2023-21722 MEDIUM

.NET Framework - Denial of Service via Improper Link Resolution

CVE-2023-24572 MEDIUM

Dell Command | Integration Suite for System Center <6.4.0 - Privile...

CVE-2023-23697 MEDIUM

Dell Command | Intel vPro Out of Band < 4.4.0 - Authenticated Arbitrary Folder Deletion during Uninstallation

CVE-2023-25168 CRITICAL

Pterodactyl Wings 1.7.0-1.7.3 and 1.11.0-1.11.3 - Authenticated Arbitrary File Deletion via Symbolic Link

CVE-2023-25152 HIGH

Pterodactyl Wings < 1.7.3 and 1.11.x < 1.11.3 - Unauthenticated Arbitrary File Write via Symbolic Link

Previous Page 21 of 61 Next

Details

Vulnerabilities 1,520

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy