Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-59

CWE-59

Medium likelihood

Improper Link Resolution Before File Access ('Link Following')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

1,520 vulnerabilities with CWE-59

CVE-2023-20008 MEDIUM

Cisco TelePresence CE - Local Privilege Escalation

CVE-2023-21760 HIGH

Windows Print Spooler - Privilege Escalation

CVE-2023-21725 MEDIUM

Windows Malicious Software Removal Tool - Privilege Escalation

CVE-2023-21678 HIGH

Windows Print Spooler - Privilege Escalation

CVE-2023-21542 HIGH

Windows Installer - Privilege Escalation

CVE-2022-46869 HIGH

Acronis Cyber Protect Home Office <build 40278 - Privilege Escalation

CVE-2022-48579 HIGH

UnRAR < 6.2.3 - Directory Traversal via Symlink Chains

CVE-2022-38730 MEDIUM

Docker Desktop for Windows <4.6 - Code Injection

CVE-2022-34292 HIGH

Docker Desktop < 4.6.0 - Arbitrary File Write via Symlink Attack on hyperv/create API

CVE-2022-31647 HIGH

Docker Desktop < 4.6.0 - Arbitrary File Deletion via hyperv/destroy API DataFolder Symlink

CVE-2022-43293 MEDIUM

Wacom Driver <6.3.46-1 - Arbitrary File Write

CVE-2022-38604 HIGH

Wacom Driver <6.3.46-1 - Privilege Escalation

CVE-2022-47188 HIGH

Generex UPS CS141 <2.06 - Info Disclosure

CVE-2022-22582 MEDIUM

macOS < 11.6.5 - Arbitrary File Write via Symlink Validation Issue

CVE-2022-45697 HIGH

Razer Central < 7.8.0.381 - Arbitrary File Deletion via Accounts Directory Handling

CVE-2022-42292 MEDIUM

NVIDIA GeForce Experience < 3.27.0.112 - Privilege Escalation via Symbolic Link Attack in NVContainer

CVE-2022-42291 HIGH

NVIDIA GeForce Experience < 3.27.0.112 - Data Tampering via Installer Windows Junction Handling

CVE-2022-45440 MEDIUM

Zyxel AX7501-B0 Firmware < 5.17(ABPC.3)C0 - Authenticated Directory Traversal via FTP Symbolic Link Processing

CVE-2022-3592 MEDIUM

Samba 4.17.0-4.17.1 - Symbolic Link Following via SMB1 Unix Extensions or NFS

CVE-2022-38482 MEDIUM

Mega HOPEX 15.2.0.6110 - Improper Link Resolution Before File Access

CVE-2022-36943 HIGH

SSZipArchive < 2.5.3 - Arbitrary File Write via Symlink Path Traversal

CVE-2022-45798 HIGH

Trend Micro Apex One - Privilege Escalation via Damage Cleanup Engine Symbolic Link Abuse

CVE-2022-45412 HIGH

Firefox < 107.0 and Firefox ESR < 102.5 - Information Disclosure via Symlink Resolution

CVE-2022-4563 HIGH

Freedom of the Press SecureDrop - Symlink Following

CVE-2022-4122 MEDIUM

Podman < 4.5.0 - Information Disclosure via Symlink Following in .containerignore and .dockerignore

Previous Page 22 of 61 Next

Details

Vulnerabilities 1,520

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy