Total
1405 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-30076 | 1 Microsoft | 17 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 14 more | 2025-12-17 | 6.8 Medium |
| Windows Container Manager Service Elevation of Privilege Vulnerability | ||||
| CVE-2025-21373 | 1 Microsoft | 24 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 21 more | 2025-12-17 | 7.8 High |
| Windows Installer Elevation of Privilege Vulnerability | ||||
| CVE-2025-21322 | 1 Microsoft | 1 Pc Manager | 2025-12-17 | 7.8 High |
| Microsoft PC Manager Elevation of Privilege Vulnerability | ||||
| CVE-2025-21347 | 1 Microsoft | 21 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 18 more | 2025-12-17 | 6 Medium |
| Windows Deployment Services Denial of Service Vulnerability | ||||
| CVE-2025-21420 | 1 Microsoft | 21 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 18 more | 2025-12-17 | 7.8 High |
| Windows Disk Cleanup Tool Elevation of Privilege Vulnerability | ||||
| CVE-2025-21419 | 1 Microsoft | 23 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 20 more | 2025-12-17 | 7.1 High |
| Windows Setup Files Cleanup Elevation of Privilege Vulnerability | ||||
| CVE-2025-21391 | 1 Microsoft | 19 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 16 more | 2025-12-17 | 7.1 High |
| Windows Storage Elevation of Privilege Vulnerability | ||||
| CVE-2025-21188 | 1 Microsoft | 2 Azure Network Watcher, Azure Network Watcher Agent | 2025-12-17 | 6 Medium |
| Azure Network Watcher VM Extension Elevation of Privilege Vulnerability | ||||
| CVE-2025-29795 | 1 Microsoft | 2 Edge Update, Edge Update Setup | 2025-12-17 | 7.8 High |
| Improper link resolution before file access ('link following') in Microsoft Edge (Chromium-based) allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-25008 | 1 Microsoft | 6 Windows Server 2016, Windows Server 2019, Windows Server 2022 and 3 more | 2025-12-17 | 7.1 High |
| Improper link resolution before file access ('link following') in Microsoft Windows allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-43448 | 1 Apple | 9 Ios, Ipados, Iphone Os and 6 more | 2025-12-17 | 6.3 Medium |
| This issue was addressed with improved validation of symlinks. This issue is fixed in tvOS 26.1, watchOS 26.1, macOS Tahoe 26.1, iOS 26.1 and iPadOS 26.1, iOS 18.7.2 and iPadOS 18.7.2, macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, visionOS 26.1. An app may be able to break out of its sandbox. | ||||
| CVE-2025-43446 | 1 Apple | 3 Macos, Macos Sequoia, Macos Sonoma | 2025-12-17 | 5.5 Medium |
| This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Sequoia 15.7.2, macOS Tahoe 26.1, macOS Sonoma 14.8.2. An app may be able to modify protected parts of the file system. | ||||
| CVE-2025-43395 | 1 Apple | 3 Macos, Macos Sequoia, Macos Sonoma | 2025-12-17 | 3.3 Low |
| This issue was addressed with improved handling of symlinks. This issue is fixed in macOS Sequoia 15.7.2, macOS Tahoe 26.1, macOS Sonoma 14.8.2. An app may be able to access protected user data. | ||||
| CVE-2025-43394 | 1 Apple | 3 Macos, Macos Sequoia, Macos Sonoma | 2025-12-17 | 5.5 Medium |
| This issue was addressed with improved handling of symlinks. This issue is fixed in macOS Sequoia 15.7.2, macOS Tahoe 26.1, macOS Sonoma 14.8.2. An app may be able to access protected user data. | ||||
| CVE-2025-43379 | 1 Apple | 9 Ios, Ipados, Iphone Os and 6 more | 2025-12-17 | 5.5 Medium |
| This issue was addressed with improved validation of symlinks. This issue is fixed in tvOS 26.1, watchOS 26.1, macOS Tahoe 26.1, iOS 26.1 and iPadOS 26.1, macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, visionOS 26.1. An app may be able to access protected user data. | ||||
| CVE-2022-45440 | 1 Zyxel | 2 Ax7501-b0, Ax7501-b0 Firmware | 2025-12-17 | 4.4 Medium |
| A vulnerability exists in the FTP server of the Zyxel AX7501-B0 firmware prior to V5.17(ABPC.3)C0, which processes symbolic links on external storage media. A local authenticated attacker with administrator privileges could abuse this vulnerability to access the root file system by creating a symbolic link on external storage media, such as a USB flash drive, and then logging into the FTP server on a vulnerable device. | ||||
| CVE-2009-1526 | 1 Directadmin | 1 Directadmin | 2025-12-16 | N/A |
| JBMC Software DirectAdmin before 1.334 allows local users to create or overwrite any file via a symlink attack on an arbitrary file in a certain temporary directory, related to a request for this temporary file in the PATH_INFO to the CMD_DB script during a backup action. | ||||
| CVE-2025-43461 | 1 Apple | 2 Macos, Macos Tahoe | 2025-12-15 | 5.5 Medium |
| This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Tahoe 26.1. An app may be able to access protected user data. | ||||
| CVE-2025-43381 | 1 Apple | 2 Macos, Macos Tahoe | 2025-12-15 | 5.5 Medium |
| This issue was addressed with improved handling of symlinks. This issue is fixed in macOS Tahoe 26.1. A malicious app may be able to delete protected user data. | ||||
| CVE-2025-0377 | 1 Hashicorp | 1 Go-slug | 2025-12-15 | 7.5 High |
| HashiCorp’s go-slug library is vulnerable to a zip-slip style attack when a non-existing user-provided path is extracted from the tar entry. | ||||