Total
1270 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-25148 | 2 Microsoft, Trendmicro | 2 Windows, Apex One | 2025-03-05 | N/A | 7.8 HIGH |
| A security agent link following vulnerability in Trend Micro Apex One could allow a local attacker to exploit the vulnerability by changing a specific file into a pseudo-symlink, allowing privilege escalation on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | |||||
| CVE-2023-25146 | 2 Microsoft, Trendmicro | 2 Windows, Apex One | 2025-03-05 | N/A | 7.8 HIGH |
| A security agent link following vulnerability in the Trend Micro Apex One agent could allow a local attacker to quarantine a file, delete the original folder and replace with a junction to an arbitrary location, ultimately leading to an arbitrary file dropped to an arbitrary location. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | |||||
| CVE-2023-25145 | 2 Microsoft, Trendmicro | 2 Windows, Apex One | 2025-03-05 | N/A | 7.8 HIGH |
| A link following vulnerability in the scanning function of Trend Micro Apex One agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | |||||
| CVE-2024-45418 | 1 Zoom | 4 Meeting Software Development Kit, Rooms, Video Software Development Kit and 1 more | 2025-03-04 | N/A | 5.4 MEDIUM |
| Symlink following in the installer for some Zoom apps for macOS before version 6.1.5 may allow an authenticated user to conduct an escalation of privilege via network access. | |||||
| CVE-2023-24577 | 1 Mcafee | 1 Total Protection | 2025-03-03 | N/A | 5.5 MEDIUM |
| McAfee Total Protection prior to 16.0.50 allows attackers to elevate user privileges due to Improper Link Resolution via registry keys. This could enable a user with lower privileges to execute unauthorized tasks. | |||||
| CVE-2025-25185 | 2025-03-03 | N/A | 7.5 HIGH | ||
| GPT Academic provides interactive interfaces for large language models. In 3.91 and earlier, GPT Academic does not properly account for soft links. An attacker can create a malicious file as a soft link pointing to a target file, then package this soft link file into a tar.gz file and upload it. Subsequently, when accessing the decompressed file from the server, the soft link will point to the target file on the victim server. The vulnerability allows attackers to read all files on the server. | |||||
| CVE-2023-33148 | 1 Microsoft | 2 365 Apps, Office | 2025-02-28 | N/A | 7.8 HIGH |
| Microsoft Office Elevation of Privilege Vulnerability | |||||
| CVE-2023-27850 | 1 Netgear | 2 Rax30, Rax30 Firmware | 2025-02-28 | N/A | 6.8 MEDIUM |
| NETGEAR Nighthawk WiFi6 Router prior to V1.0.10.94 contains a file sharing mechanism that allows users with access to this feature to access arbitrary files on the device. | |||||
| CVE-2025-21322 | 1 Microsoft | 1 Pc Manager | 2025-02-28 | N/A | 7.8 HIGH |
| Microsoft PC Manager Elevation of Privilege Vulnerability | |||||
| CVE-2025-21347 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2025-02-28 | N/A | 6.0 MEDIUM |
| Windows Deployment Services Denial of Service Vulnerability | |||||
| CVE-2025-21373 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-02-26 | N/A | 7.8 HIGH |
| Windows Installer Elevation of Privilege Vulnerability | |||||
| CVE-2022-21999 | 1 Microsoft | 17 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 14 more | 2025-02-24 | 4.6 MEDIUM | 7.8 HIGH |
| Windows Print Spooler Elevation of Privilege Vulnerability | |||||
| CVE-2021-41379 | 1 Microsoft | 18 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 15 more | 2025-02-24 | 4.6 MEDIUM | 5.5 MEDIUM |
| Windows Installer Elevation of Privilege Vulnerability | |||||
| CVE-2022-21919 | 1 Microsoft | 17 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 14 more | 2025-02-24 | 6.9 MEDIUM | 7.0 HIGH |
| Windows User Profile Service Elevation of Privilege Vulnerability | |||||
| CVE-2025-22480 | 1 Dell | 1 Supportassist | 2025-02-18 | N/A | 7.0 HIGH |
| Dell SupportAssist OS Recovery versions prior to 5.5.13.1 contain a symbolic link attack vulnerability. A low-privileged attacker with local access could potentially exploit this vulnerability, leading to arbitrary file deletion and Elevation of Privileges. | |||||
| CVE-2025-21420 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2025-02-14 | N/A | 7.8 HIGH |
| Windows Disk Cleanup Tool Elevation of Privilege Vulnerability | |||||
| CVE-2025-21419 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-02-14 | N/A | 7.1 HIGH |
| Windows Setup Files Cleanup Elevation of Privilege Vulnerability | |||||
| CVE-2024-35235 | 2025-02-13 | N/A | 4.4 MEDIUM | ||
| OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.8 and earlier, when starting the cupsd server with a Listen configuration item pointing to a symbolic link, the cupsd process can be caused to perform an arbitrary chmod of the provided argument, providing world-writable access to the target. Given that cupsd is often running as root, this can result in the change of permission of any user or system files to be world writable. Given the aforementioned Ubuntu AppArmor context, on such systems this vulnerability is limited to those files modifiable by the cupsd process. In that specific case it was found to be possible to turn the configuration of the Listen argument into full control over the cupsd.conf and cups-files.conf configuration files. By later setting the User and Group arguments in cups-files.conf, and printing with a printer configured by PPD with a `FoomaticRIPCommandLine` argument, arbitrary user and group (not root) command execution could be achieved, which can further be used on Ubuntu systems to achieve full root command execution. Commit ff1f8a623e090dee8a8aadf12a6a4b25efac143d contains a patch for the issue. | |||||
| CVE-2023-52138 | 1 Mate-desktop | 1 Engrampa | 2025-02-13 | N/A | 8.2 HIGH |
| Engrampa is an archive manager for the MATE environment. Engrampa is found to be vulnerable to a Path Traversal vulnerability that can be leveraged to achieve full Remote Command Execution (RCE) on the target. While handling CPIO archives, the Engrampa Archive manager follows symlink, cpio by default will follow stored symlinks while extracting and the Archiver will not check the symlink location, which leads to arbitrary file writes to unintended locations. When the victim extracts the archive, the attacker can craft a malicious cpio or ISO archive to achieve RCE on the target system. This vulnerability was fixed in commit 63d5dfa. | |||||
| CVE-2025-21391 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2025-02-12 | N/A | 7.1 HIGH |
| Windows Storage Elevation of Privilege Vulnerability | |||||