Total
1318 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-42137 | 1 Paxtechnology | 9 A50, A6650, A77 and 6 more | 2025-06-17 | 7.8 High |
| PAX Android based POS devices with PayDroid_8.1.0_Sagittarius_V11.1.50_20230614 or earlier can allow for command execution with high privileges by using malicious symlinks. The attacker must have shell access to the device in order to exploit this vulnerability. | ||||
| CVE-2023-31003 | 1 Ibm | 2 Security Verify Access, Security Verify Access Docker | 2025-06-17 | 8.4 High |
| IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.6.1) could allow a local user to obtain root access due to improper access controls. IBM X-Force ID: 254658. | ||||
| CVE-2025-29837 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-06-17 | 5.5 Medium |
| Improper link resolution before file access ('link following') in Windows Installer allows an authorized attacker to disclose information locally. | ||||
| CVE-2025-29975 | 1 Microsoft | 1 Pc Manager | 2025-06-17 | 7.8 High |
| Improper link resolution before file access ('link following') in Microsoft PC Manager allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-47181 | 2025-06-17 | 8.8 High | ||
| Improper link resolution before file access ('link following') in Microsoft Edge (Chromium-based) allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2023-47192 | 1 Trendmicro | 1 Apex One | 2025-06-17 | 7.8 High |
| An agent link vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | ||||
| CVE-2023-52138 | 1 Mate-desktop | 1 Engrampa | 2025-06-17 | 8.2 High |
| Engrampa is an archive manager for the MATE environment. Engrampa is found to be vulnerable to a Path Traversal vulnerability that can be leveraged to achieve full Remote Command Execution (RCE) on the target. While handling CPIO archives, the Engrampa Archive manager follows symlink, cpio by default will follow stored symlinks while extracting and the Archiver will not check the symlink location, which leads to arbitrary file writes to unintended locations. When the victim extracts the archive, the attacker can craft a malicious cpio or ISO archive to achieve RCE on the target system. This vulnerability was fixed in commit 63d5dfa. | ||||
| CVE-2024-43603 | 1 Microsoft | 4 Visual Studio, Visual Studio 2017, Visual Studio 2019 and 1 more | 2025-06-16 | 5.5 Medium |
| Visual Studio Collector Service Denial of Service Vulnerability | ||||
| CVE-2024-43551 | 1 Microsoft | 12 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 9 more | 2025-06-16 | 7.8 High |
| Windows Storage Elevation of Privilege Vulnerability | ||||
| CVE-2024-49051 | 1 Microsoft | 1 Pc Manager | 2025-06-16 | 7.8 High |
| Microsoft PC Manager Elevation of Privilege Vulnerability | ||||
| CVE-2024-43501 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-06-16 | 7.8 High |
| Windows Common Log File System Driver Elevation of Privilege Vulnerability | ||||
| CVE-2024-38097 | 1 Microsoft | 1 Azure Monitor Agent | 2025-06-16 | 7.1 High |
| Azure Monitor Agent Elevation of Privilege Vulnerability | ||||
| CVE-2025-3908 | 2 Linux, Openvpn | 2 Linux Kernel, Openvpn3linux | 2025-06-12 | 6.2 Medium |
| The configuration initialization tool in OpenVPN 3 Linux v20 through v24 on Linux allows a local attacker to use symlinks pointing at an arbitrary directory which will change the ownership and permissions of that destination directory. | ||||
| CVE-2025-5474 | 2025-06-09 | N/A | ||
| 2BrightSparks SyncBackFree Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of 2BrightSparks SyncBackFree. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. User interaction on the part of an administrator is also required. The specific flaw exists within the Mirror functionality. By creating a junction, an attacker can abuse the service to delete arbitrary files. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-26962. | ||||
| CVE-2018-6954 | 3 Canonical, Opensuse, Systemd Project | 3 Ubuntu Linux, Leap, Systemd | 2025-06-09 | 7.8 High |
| systemd-tmpfiles in systemd through 237 mishandles symlinks present in non-terminal path components, which allows local users to obtain ownership of arbitrary files via vectors involving creation of a directory and a file under that directory, and later replacing that directory with a symlink. This occurs even if the fs.protected_symlinks sysctl is turned on. | ||||
| CVE-2018-15687 | 2 Canonical, Systemd Project | 2 Ubuntu Linux, Systemd | 2025-06-09 | 7.0 High |
| A race condition in chown_one() of systemd allows an attacker to cause systemd to set arbitrary permissions on arbitrary files. Affected releases are systemd versions up to and including 239. | ||||
| CVE-2013-4392 | 1 Systemd Project | 1 Systemd | 2025-06-09 | 5 Medium |
| systemd, when updating file permissions, allows local users to change the permissions and SELinux security contexts for arbitrary files via a symlink attack on unspecified files. | ||||
| CVE-2010-4226 | 2 Gnu, Opensuse | 2 Cpio, Opensuse | 2025-06-09 | 7.2 High |
| cpio, as used in build 2007.05.10, 2010.07.28, and possibly other versions, allows remote attackers to overwrite arbitrary files via a symlink within an RPM package archive. | ||||
| CVE-2024-35254 | 1 Microsoft | 1 Azure Monitor Agent | 2025-06-05 | 7.1 High |
| Azure Monitor Agent Elevation of Privilege Vulnerability | ||||
| CVE-2024-35253 | 1 Microsoft | 1 Azure File Sync | 2025-06-05 | 4.4 Medium |
| Microsoft Azure File Sync Elevation of Privilege Vulnerability | ||||