Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-59

CWE-59

Medium likelihood

Improper Link Resolution Before File Access ('Link Following')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

1,518 vulnerabilities with CWE-59

CVE-2025-15314 MEDIUM

Tanium end-user-cx 1.4-1.4.1175 - Arbitrary File Deletion via Improper Link Resolution

CVE-2025-15313 MEDIUM

Tanium EUSS 1.17.0-1.17.41 - Arbitrary File Deletion via Improper Link Resolution

CVE-2025-15310 HIGH

Tanium Patch Endpoint Tools - Privilege Escalation

CVE-2025-15319 HIGH

Tanium Patch Endpoint Tools - Privilege Escalation

CVE-2025-15318 MEDIUM

Tanium End-User Notifications 1.18-1.18.10079 - Arbitrary File Deletion via Endpoint Tools

CVE-2025-15328 MEDIUM

Tanium Enforce 2.7.0-2.7.313 - Improper Link Resolution Before File Access

CVE-2025-15324 MEDIUM

Tanium Engage 1.3.0-1.3.36 - Improper Link Resolution Before File Access

CVE-2025-69431 MEDIUM

ZSPACE Q2C Firmware < 1.1.0210050 - Unauthenticated Arbitrary File Access via Symbolic Link Following

CVE-2025-69430 MEDIUM

Yottamaster DM2, DM3, and DM200 Firmware - Unauthenticated Arbitrary File Read and Write via Symlink Following

CVE-2025-69429 MEDIUM

ORICO CD3510 Firmware < 1.9.12 - Unauthenticated Arbitrary File Read and Write via Symlink Following

CVE-2025-15543 MEDIUM

TP-Link VX800v Firmware < 800.0.11 - Improper Link Resolution in USB HTTP Access Path

CVE-2025-15541 MEDIUM

TP-Link VX800v Firmware < 800.0.11 - Authenticated Symbolic Link Resolution

CVE-2025-67124 MEDIUM

miniserve < 0.32.0 - Arbitrary File Overwrite via Symlink Race in Upload Finalization

CVE-2025-13154 MEDIUM

Lenovo Vantage - Privilege Escalation

CVE-2025-53594 MEDIUM

Qfinder Pro Mac <7.13.0 - Path Traversal

CVE-2025-12838 HIGH

MSP360 Free Backup - Privilege Escalation

CVE-2025-68279 HIGH

Weblate < 5.15.1 - Path Traversal via Crafted Symbolic Links

CVE-2025-68146 MEDIUM

filelock < 3.20.1 - Time-of-Check-Time-of-Use Race Condition via Symlink Attack

CVE-2025-14693 MEDIUM

Ugreen DH2100+ <5.3.0 - Symlink Following

CVE-2025-43461 MEDIUM

macOS Tahoe <26.1 - Info Disclosure

CVE-2025-43381 MEDIUM

macOS Tahoe <26.1 - Info Disclosure

CVE-2025-7073 HIGH

Bitdefender Antivirus - Local Privilege Escalation via Symbolic Link Attack in bdservicehost.exe

CVE-2025-66626 HIGH

Argo Workflows <3.7.4 - Code Injection

CVE-2025-46637 HIGH

Dell Encryption <11.12.1 - Privilege Escalation

CVE-2025-46636 MEDIUM

Dell Encryption <11.12.1 - Info Disclosure

Previous Page 6 of 61 Next

Details

Vulnerabilities 1,518

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy