Total
1448 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-21420 | 1 Microsoft | 21 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 18 more | 2026-02-13 | 7.8 High |
| Windows Disk Cleanup Tool Elevation of Privilege Vulnerability | ||||
| CVE-2025-25008 | 1 Microsoft | 6 Windows Server 2016, Windows Server 2019, Windows Server 2022 and 3 more | 2026-02-13 | 7.1 High |
| Improper link resolution before file access ('link following') in Microsoft Windows allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-27727 | 1 Microsoft | 24 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 21 more | 2026-02-13 | 7.8 High |
| Improper link resolution before file access ('link following') in Windows Installer allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-21204 | 1 Microsoft | 24 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 21 more | 2026-02-13 | 7.8 High |
| Improper link resolution before file access ('link following') in Windows Update Stack allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-29837 | 1 Microsoft | 24 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 21 more | 2026-02-13 | 5.5 Medium |
| Improper link resolution before file access ('link following') in Windows Installer allows an authorized attacker to disclose information locally. | ||||
| CVE-2025-29975 | 1 Microsoft | 1 Pc Manager | 2026-02-13 | 7.8 High |
| Improper link resolution before file access ('link following') in Microsoft PC Manager allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-47181 | 1 Microsoft | 2 Edge Chromium Updater, Edge Update | 2026-02-13 | 8.8 High |
| Improper link resolution before file access ('link following') in Microsoft Edge (Chromium-based) allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-49680 | 1 Microsoft | 19 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 16 more | 2026-02-13 | 7.3 High |
| Improper link resolution before file access ('link following') in Windows Performance Recorder allows an authorized attacker to deny service locally. | ||||
| CVE-2025-48820 | 1 Microsoft | 19 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 16 more | 2026-02-13 | 7.8 High |
| Improper link resolution before file access ('link following') in Windows AppX Deployment Service allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-48799 | 1 Microsoft | 13 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 10 more | 2026-02-13 | 7.8 High |
| Improper link resolution before file access ('link following') in Windows Update Service allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-21195 | 2 Azure, Microsoft | 3 Service Fabric, Azure Service Fabric, Service Fabric | 2026-02-13 | 6 Medium |
| Improper link resolution before file access ('link following') in Service Fabric allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-3771 | 1 Trellix | 1 System Information Reporter | 2026-02-11 | 7.1 High |
| A path or symbolic link manipulation vulnerability in SIR 1.0.3 and prior versions allows an authenticated non-admin local user to overwrite system files with SIR backup files, which can potentially cause a system crash. This was achieved by adding a malicious entry to the registry under the Trellix SIR registry folder or via policy or with a junction symbolic link to files that the user would not normally have permission to acces | ||||
| CVE-2025-67124 | 1 Svenstaro | 1 Miniserve | 2026-02-11 | 6.8 Medium |
| A TOCTOU and symlink race in svenstaro/miniserve 0.32.0 upload finalization (when uploads are enabled) can allow an attacker to overwrite arbitrary files outside the intended upload/document root in deployments where the attacker can create/replace filesystem entries in the upload destination directory (e.g., shared writable directory/volume). | ||||
| CVE-2026-23563 | 2 Microsoft, Teamviewer | 3 Windows, Dex, Digital Employee Experience | 2026-02-11 | 5.7 Medium |
| Improper Link Resolution Before File Access (invoked by 1E‑Explorer‑TachyonCore‑DeleteFileByPath instruction) in TeamViewer DEX - 1E Client before version 26.1 on Windows allows a low‑privileged local attacker to delete protected system files via a crafted RPC control junction or symlink that is followed when the delete instruction executes. | ||||
| CVE-2025-69429 | 1 Orico | 2 Cd3510, Cd3510 Firmware | 2026-02-11 | 6.1 Medium |
| The ORICO NAS CD3510 (version V1.9.12 and below) contains an Incorrect Symlink Follow vulnerability that could be exploited by attackers to leak or tamper with the internal file system. Attackers can format a USB drive to ext4, create a symbolic link to its root directory, insert the drive into the NAS device's slot, then access the USB drive's symlink directory mounted on the NAS to obtain all files within the NAS system and tamper with those files. | ||||
| CVE-2025-69430 | 1 Yottamaster | 6 Dm2, Dm200, Dm200 Firmware and 3 more | 2026-02-11 | 6.1 Medium |
| An Incorrect Symlink Follow vulnerability exists in multiple Yottamaster NAS devices, including DM2 (version equal to or prior to V1.9.12), DM3 (version equal to or prior to V1.9.12), and DM200 (version equal to or prior to V1.2.23) that could be exploited by attackers to leak or tamper with the internal file system. Attackers can format a USB drive to ext4, create a symbolic link to its root directory, insert the drive into the NAS device's slot, then access the USB drive's symlink directory mounted on the NAS to obtain all files within the NAS system and tamper with those files. | ||||
| CVE-2025-69431 | 1 Zspace | 3 Q2c, Q2c Firmware, Q2c Nas | 2026-02-11 | 6.1 Medium |
| The ZSPACE Q2C NAS contains a vulnerability related to incorrect symbolic link following. Attackers can format a USB drive to ext4, create a symbolic link to its root directory, insert the drive into the NAS device's slot, and then access the USB drive's directory mounted on the NAS using the Samba protocol. This allows them to obtain all files within the NAS system and tamper with those files. | ||||
| CVE-2024-38022 | 1 Microsoft | 20 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 17 more | 2026-02-10 | 7 High |
| Windows Image Acquisition Elevation of Privilege Vulnerability | ||||
| CVE-2024-38013 | 1 Microsoft | 20 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 17 more | 2026-02-10 | 6.7 Medium |
| Microsoft Windows Server Backup Elevation of Privilege Vulnerability | ||||
| CVE-2025-15328 | 2 Enforce, Tanium | 2 Enforce, Service Enforce | 2026-02-10 | 5 Medium |
| Tanium addressed an improper link resolution before file access vulnerability in Enforce. | ||||