Total
1446 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-31198 | 1 Apple | 1 Macos | 2026-04-02 | N/A | 5.5 MEDIUM |
| This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. A path handling issue was addressed with improved validation. | |||||
| CVE-2025-30457 | 1 Apple | 1 Macos | 2026-04-02 | N/A | 9.8 CRITICAL |
| This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. A malicious app may be able to create symlinks to protected regions of the disk. | |||||
| CVE-2025-24278 | 1 Apple | 1 Macos | 2026-04-02 | N/A | 5.5 MEDIUM |
| This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. An app may be able to access protected user data. | |||||
| CVE-2025-24136 | 1 Apple | 1 Macos | 2026-04-02 | N/A | 4.4 MEDIUM |
| This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Sequoia 15.3, macOS Sonoma 14.7.3, macOS Ventura 13.7.3. A malicious app may be able to create symlinks to protected regions of the disk. | |||||
| CVE-2025-24104 | 1 Apple | 2 Ipados, Iphone Os | 2026-04-02 | N/A | 5.5 MEDIUM |
| This issue was addressed with improved handling of symlinks. This issue is fixed in iOS 18.3 and iPadOS 18.3, iPadOS 17.7.4. Restoring a maliciously crafted backup file may lead to modification of protected system files. | |||||
| CVE-2025-24103 | 1 Apple | 1 Macos | 2026-04-02 | N/A | 5.5 MEDIUM |
| This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Sequoia 15.3, macOS Sonoma 14.7.3, macOS Ventura 13.7.3. An app may be able to access protected user data. | |||||
| CVE-2024-44273 | 1 Apple | 6 Ipados, Iphone Os, Macos and 3 more | 2026-04-02 | N/A | 5.5 MEDIUM |
| This issue was addressed with improved handling of symlinks. This issue is fixed in iOS 18.1 and iPadOS 18.1, macOS Sequoia 15.1, macOS Sonoma 14.7.1, tvOS 18.1, visionOS 2.1, watchOS 11.1. A malicious app may be able to access private information. | |||||
| CVE-2024-44264 | 1 Apple | 1 Macos | 2026-04-02 | N/A | 5.5 MEDIUM |
| This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Sequoia 15.1, macOS Sonoma 14.7.1, macOS Ventura 13.7.1. A malicious app may be able to create symlinks to protected regions of the disk. | |||||
| CVE-2024-44258 | 1 Apple | 4 Ipados, Iphone Os, Tvos and 1 more | 2026-04-02 | N/A | 7.1 HIGH |
| This issue was addressed with improved handling of symlinks. This issue is fixed in iOS 17.7.1 and iPadOS 17.7.1, iOS 18.1 and iPadOS 18.1, tvOS 18.1, visionOS 2.1. Restoring a maliciously crafted backup file may lead to modification of protected system files. | |||||
| CVE-2024-44178 | 1 Apple | 1 Macos | 2026-04-02 | N/A | 5.5 MEDIUM |
| This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Sequoia 15, macOS Sonoma 14.7, macOS Ventura 13.7. An app may be able to modify protected parts of the file system. | |||||
| CVE-2024-27885 | 1 Apple | 1 Macos | 2026-04-02 | N/A | 6.3 MEDIUM |
| This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Monterey 12.7.5, macOS Sonoma 14.5, macOS Ventura 13.6.7. An app may be able to modify protected parts of the file system. | |||||
| CVE-2024-23285 | 1 Apple | 1 Macos | 2026-04-02 | N/A | 5.5 MEDIUM |
| This issue was addressed with improved handling of symlinks. This issue is fixed in macOS Sonoma 14.4. An app may be able to create symlinks to protected regions of the disk. | |||||
| CVE-2026-27748 | 1 Avira | 1 Internet Security | 2026-04-01 | N/A | 7.8 HIGH |
| Avira Internet Security contains an improper link resolution vulnerability in the Software Updater component. During the update process, a privileged service running as SYSTEM deletes a file under C:\\ProgramData without validating whether the path resolves through a symbolic link or reparse point. A local attacker can create a malicious link to redirect the delete operation to an arbitrary file, resulting in deletion of attacker-chosen files with SYSTEM privileges. This may lead to local privilege escalation, denial of service, or system integrity compromise depending on the targeted file and operating system configuration. | |||||
| CVE-2025-7073 | 1 Bitdefender | 5 Antivirus, Antivirus Plus, Endpoint Security Tools and 2 more | 2026-03-31 | N/A | 7.8 HIGH |
| A local privilege escalation vulnerability in Bitdefender Total Security versions prior to 27.0.47.241 allows low-privileged attackers to elevate privileges. The issue arises from bdservicehost.exe deleting files from a user-writable directory (C:\ProgramData\Atc\Feedback) without proper symbolic link validation, enabling arbitrary file deletion. This issue is chained with a file copy operation during network events and a filter driver bypass via DLL injection to achieve arbitrary file copy and code execution as elevated user. | |||||
| CVE-2026-20694 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2026-03-26 | N/A | 5.5 MEDIUM |
| This issue was addressed with improved handling of symlinks. This issue is fixed in iOS 26.3 and iPadOS 26.3, macOS Sequoia 15.7.4, macOS Sequoia 15.7.5, macOS Sonoma 14.8.4, macOS Sonoma 14.8.5, macOS Tahoe 26.3, macOS Tahoe 26.4. An app may be able to access user-sensitive data. | |||||
| CVE-2026-28866 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2026-03-25 | N/A | 6.2 MEDIUM |
| This issue was addressed with improved validation of symlinks. This issue is fixed in iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4. An app may be able to access sensitive user data. | |||||
| CVE-2026-20633 | 1 Apple | 1 Macos | 2026-03-25 | N/A | 5.5 MEDIUM |
| This issue was addressed with improved handling of symlinks. This issue is fixed in macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4. An app may be able to access user-sensitive data. | |||||
| CVE-2026-32054 | 1 Openclaw | 1 Openclaw | 2026-03-24 | N/A | 6.5 MEDIUM |
| OpenClaw versions prior to 2026.2.25 contain a symlink traversal vulnerability in browser trace and download output path handling that allows local attackers to escape the managed temp root directory. An attacker with local access can create symlinks to route file writes outside the intended temp directory, enabling arbitrary file overwrite on the affected system. | |||||
| CVE-2026-32013 | 1 Openclaw | 1 Openclaw | 2026-03-23 | N/A | 8.8 HIGH |
| OpenClaw versions prior to 2026.2.25 contain a symlink traversal vulnerability in the agents.files.get and agents.files.set methods that allows reading and writing files outside the agent workspace. Attackers can exploit symlinked allowlisted files to access arbitrary host files within gateway process permissions, potentially enabling code execution through file overwrite attacks. | |||||
| CVE-2026-32020 | 1 Openclaw | 1 Openclaw | 2026-03-23 | N/A | 3.3 LOW |
| OpenClaw versions prior to 2026.2.22 contain a path traversal vulnerability in the static file handler that follows symbolic links, allowing out-of-root file reads. Attackers can place symlinks under the Control UI root directory to bypass directory confinement checks and read arbitrary files outside the intended root. | |||||