Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-59

CWE-59

Medium likelihood

Improper Link Resolution Before File Access ('Link Following')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

1,518 vulnerabilities with CWE-59

CVE-2026-2627 HIGH

Softland FBackup <9.9 - Path Traversal

CVE-2026-26225 HIGH

Intego Personal Backup - Privilege Escalation

CVE-2026-20610 HIGH

macOS Tahoe <26.3 - Privilege Escalation

CVE-2026-21517 MEDIUM

Windows App for Mac - Privilege Escalation

CVE-2026-21419 MEDIUM

Dell Display and Peripheral Manager <2.2 - Privilege Escalation

CVE-2026-24884 HIGH

compressing < 2.0.1 and < 1.10.4 - Arbitrary File Write via Symbolic Link Extraction

CVE-2026-23563 MEDIUM

TeamViewer DEX - 1E Client <26.1 - Privilege Escalation

CVE-2026-24842 HIGH

isaacs/tar < 7.5.7 - Path Traversal via Hardlink Entry Mismatch

CVE-2026-24056 MEDIUM

pnpm < 10.28.2 - Unauthenticated Arbitrary File Read via Symlink in Local/Git Dependencies

CVE-2026-23893 MEDIUM

openCryptoki >=2.3.2 - Privilege Escalation

CVE-2026-24047 MEDIUM

@backstage/cli-common < 0.1.17 - Path Traversal via Symlink Chain Bypass

CVE-2026-24046 HIGH

Backstage Scaffolder - Symlink-Based Path Traversal and Arbitrary File Read/Write via Template Actions

CVE-2026-20941 HIGH

Host Process for Windows Tasks - Privilege Escalation

CVE-2026-22702 MEDIUM

virtualenv < 20.36.1 - Symlink Race Condition via Directory Creation

CVE-2026-22701 MEDIUM

filelock < 3.20.3 - TOCTOU Race Condition in SoftFileLock _acquire Method

CVE-2025-46293 MEDIUM

Apple macOS < 15.4 - Improper Link Resolution Before File Access ('Link Following')

CVE-2025-71212 HIGH

Trend Micro, Inc. TrendAI Apex One - Improper Link Resolution Before File Access ('Link Following')

CVE-2025-27850 HIGH

Garmin WDU v1 1.4.6 & v2 5.0 - Path Traversal

CVE-2025-43257 HIGH

macOS < 15.6 - Sandbox Escape via Symlink Handling

CVE-2025-66680 HIGH

WiseCleaner Wise Force Deleter <=7.3.2 - Arbitrary File Deletion

CVE-2025-48582 HIGH

Android - Unauthenticated Media Deletion via Intent Redirect

CVE-2025-63946 HIGH

Tencent PC Manager <17.10.28554.205 - Privilege Escalation

CVE-2025-63945 HIGH

Tencent iOA thru 210.9.28693.621001 - Privilege Escalation

CVE-2025-66277 CRITICAL

QNAP QTS and QuTS hero - Unauthenticated Path Traversal via Symbolic Link Following

CVE-2025-62676 HIGH

FortiClientWindows 7.0-7.4.4 - Arbitrary File Write via Crafted Named Pipe Messages

Previous Page 5 of 61 Next

Details

Vulnerabilities 1,518

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy