Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-59

CWE-59

Medium likelihood

Improper Link Resolution Before File Access ('Link Following')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

1,522 vulnerabilities with CWE-59

CVE-2022-27883 HIGH

Trend Micro Antivirus for Mac < 11.5 - Privilege Escalation via Symlink Attack

CVE-2022-26612 CRITICAL

Apache Hadoop < 3.2.3 - Arbitrary File Write via Symlink Bypass on Windows

CVE-2022-0799 HIGH

Google Chrome <99.0.4844.51 - Privilege Escalation

CVE-2022-27816 HIGH

swhkd < 1.2.0 - Denial of Service via Unsafe /tmp/swhks.pid Handling

CVE-2022-27815 HIGH

swhkd < 1.2.0 - Denial of Service via /tmp/swhkd.pid Symlink

CVE-2022-22995 CRITICAL

Western Digital My Cloud Firmware < 5.19.117 - Arbitrary File Write via SMB and AFP Primitives

CVE-2022-26659 HIGH

Docker Desktop <4.6.0 - Code Injection

CVE-2022-22585 HIGH

iPadOS < 15.3 - Improper Link Resolution Before File Access

CVE-2022-20050 MEDIUM

Connsyslogger - Privilege Escalation

CVE-2022-22262 HIGH

ROG Live Service < 1.3.3.0 - Unauthenticated Arbitrary File Deletion via Symbolic Link

CVE-2022-24680 HIGH

Trend Micro Apex One <10.0 SP1 - Privilege Escalation

CVE-2022-24679 HIGH

Trend Micro Apex One <10.0 SP1 - Privilege Escalation

CVE-2022-24671 HIGH

Trend Micro Antivirus for Max <11.0.2150 - Privilege Escalation

CVE-2022-25179 MEDIUM

Jenkins Pipeline Multibranch Plugin < 706.vd43c65dec013 - Arbitrary File Read via readTrusted Step

CVE-2022-25177 MEDIUM

Jenkins Pipeline < 552.vd9cc05b8a2e1 - Arbitrary File Read via libraryResource Step

CVE-2022-25176 MEDIUM

Jenkins Pipeline < 2648.va9433432b33c - Arbitrary File Read via Symbolic Link Following

CVE-2022-0017 HIGH

GlobalProtect 5.1-5.1.9 and 5.2-5.2.4 - Local Privilege Escalation via Improper Link Resolution

CVE-2022-21999 HIGH KEV

Windows Print Spooler - Privilege Escalation

CVE-2022-21997 HIGH

Windows Print Spooler - Privilege Escalation

CVE-2022-21944 HIGH

openSUSE watchman <4.9.0-9.1 - Privilege Escalation

CVE-2022-0012 MEDIUM

Cortex XDR Agent Arbitrary File Deletion and DoS via Improper Link Resolution

CVE-2022-21919 HIGH KEV

Windows User Profile Service - Privilege Escalation

CVE-2022-21895 HIGH

Windows User Profile Service - Elevation of Privilege via Improper Link Resolution

CVE-2022-21838 MEDIUM

Windows Cleanup Manager - Elevation of Privilege via Improper Link Resolution

CVE-2021-47949 HIGH

CyberPanel 2.1 Authenticated Remote Code Execution via Symlink Attack

Previous Page 25 of 61 Next

Details

Vulnerabilities 1,522

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy