CWE-59: CWE-59 Vulnerabilities

A Improper Link Resolution vulnerability (CWE-59) in the SonicWall Connect Tunnel Windows (32 and 64 bit) client, this results in unauthorized file overwrite, potentially leading to denial of service

A Improper Link Resolution vulnerability (CWE-59) in the SonicWall Connect Tunnel Windows (32 and 64 bit) client, this results in unauthorized file overwrite, potentially leading to denial of service ...

4/16/2025CWE-59

CVE-2024-30104

7.8HIGH

Microsoft Office Remote Code Execution Vulnerability

6/11/2024CWE-59, CWE-59

CVE-2022-38482

4.3MEDIUM

A link-manipulation issue was discovered in Mega HOPEX 15.2.0.6110 before V5CP4.

1/10/2023CWE-59, CWE-59

CVE-2023-6069

9.9CRITICAL

Improper Link Resolution Before File Access in GitHub repository froxlor/froxlor prior to 2.1.0.

11/10/2023CWE-59, CWE-59

CVE-2025-5296

7.3HIGH

CWE-59: Improper Link Resolution Before File Access ('Link Following') vulnerability exists that could cause arbitrary data to be written to protected locations, potentially leading to escalation of

CWE-59: Improper Link Resolution Before File Access ('Link Following') vulnerability exists that could cause arbitrary data to be written to protected locations, potentially leading to escalation of ...

8/18/2025CWE-59

CVE-2023-40028

4.9MEDIUM

Ghost is an open source content management system. Versions prior to 5.59.1 are subject to a vulnerability which allows authenticated users to upload files that are symlinks. This can be exploited to

Ghost is an open source content management system. Versions prior to 5.59.1 are subject to a vulnerability which allows authenticated users to upload files that are symlinks. This can be exploited to ...

8/15/2023CWE-22, CWE-59

CVE-2022-38604

7.3HIGH

Wacom Driver 6.3.46-1 for Windows and lower was discovered to contain an arbitrary file deletion vulnerability.

4/11/2023CWE-59, CWE-59

CVE-2023-33865

7.8HIGH

RenderDoc before 1.27 allows local privilege escalation via a symlink attack. It relies on the /tmp/RenderDoc directory regardless of ownership.

6/7/2023CWE-59, CWE-59

CVE-2022-4122

5.3MEDIUM

A vulnerability was found in buildah. Incorrect following of symlinks while reading .containerignore and .dockerignore results in information disclosure.

12/8/2022CWE-59, CWE-59

CVE-2021-32557

5.2MEDIUM

It was discovered that the process_report() function in data/whoopsie-upload-all allowed arbitrary file writes via symlinks.

6/12/2021CWE-59, CWE-61 +1

CVE-2022-43293

5.9MEDIUM

Wacom Driver 6.3.46-1 for Windows was discovered to contain an arbitrary file write vulnerability via the component \Wacom\Wacom_Tablet.exe.

4/11/2023CWE-59, CWE-59

CVE-2004-1901

5.5MEDIUM

Portage before 2.0.50-r3 allows local users to overwrite arbitrary files via a hard link attack on the lockfiles.

12/31/2004CWE-59, CWE-59

CVE-2023-43590

7.8HIGH

Link following in Zoom Rooms for macOS before version 5.16.0 may allow an authenticated user to conduct an escalation of privilege via local access.

11/15/2023CWE-59, CWE-59

CVE-2013-4392

5.0MEDIUM

systemd, when updating file permissions, allows local users to change the permissions and SELinux security contexts for arbitrary files via a symlink attack on unspecified files.

10/28/2013CWE-59, CWE-59

CVE-2024-0068

5.5MEDIUM

Improper Link Resolution Before File Access ('Link Following') vulnerability in HYPR Workforce Access on MacOS allows File Manipulation.This issue affects Workforce Access: before 8.7.1.

2/29/2024CWE-59, CWE-59

CVE-2023-6336

7.2HIGH

Improper Link Resolution Before File Access ('Link Following') vulnerability in HYPR Workforce Access on MacOS allows User-Controlled Filename.This issue affects Workforce Access: before 8.7.

1/16/2024CWE-59, CWE-59

CVE-2023-6335

6.4MEDIUM

Improper Link Resolution Before File Access ('Link Following') vulnerability in HYPR Workforce Access on Windows allows User-Controlled Filename.This issue affects Workforce Access: before 8.7.

1/16/2024CWE-59, CWE-59

CVE-2015-1130

7.8HIGH

The XPC implementation in Admin Framework in Apple OS X before 10.10.3 allows local users to bypass authentication and obtain admin privileges via unspecified vectors.

4/10/2015CWE-59, CWE-59

CWE-59

CVE-2024-35254

Azure Monitor Agent Elevation of Privilege Vulnerability

CVE-2024-35253

Microsoft Azure File Sync Elevation of Privilege Vulnerability

CVE-2025-32817

A Improper Link Resolution vulnerability (CWE-59) in the SonicWall Connect Tunnel Windows (32 and 64 bit) client, this results in unauthorized file overwrite, potentially leading to denial of service

CVE-2024-30104

Microsoft Office Remote Code Execution Vulnerability

CVE-2022-38482

A link-manipulation issue was discovered in Mega HOPEX 15.2.0.6110 before V5CP4.

CVE-2023-6069

Improper Link Resolution Before File Access in GitHub repository froxlor/froxlor prior to 2.1.0.

CVE-2025-5296

CWE-59: Improper Link Resolution Before File Access ('Link Following') vulnerability exists that could cause arbitrary data to be written to protected locations, potentially leading to escalation of

CVE-2023-40028

Ghost is an open source content management system. Versions prior to 5.59.1 are subject to a vulnerability which allows authenticated users to upload files that are symlinks. This can be exploited to

CVE-2022-38604

Wacom Driver 6.3.46-1 for Windows and lower was discovered to contain an arbitrary file deletion vulnerability.

CVE-2023-33865

RenderDoc before 1.27 allows local privilege escalation via a symlink attack. It relies on the /tmp/RenderDoc directory regardless of ownership.

CVE-2022-4122

A vulnerability was found in buildah. Incorrect following of symlinks while reading .containerignore and .dockerignore results in information disclosure.

CVE-2021-32557

It was discovered that the process_report() function in data/whoopsie-upload-all allowed arbitrary file writes via symlinks.

CVE-2022-43293

Wacom Driver 6.3.46-1 for Windows was discovered to contain an arbitrary file write vulnerability via the component \Wacom\Wacom_Tablet.exe.

CVE-2004-1901

Portage before 2.0.50-r3 allows local users to overwrite arbitrary files via a hard link attack on the lockfiles.

CVE-2023-43590

Link following in Zoom Rooms for macOS before version 5.16.0 may allow an authenticated user to conduct an escalation of privilege via local access.

CVE-2013-4392

systemd, when updating file permissions, allows local users to change the permissions and SELinux security contexts for arbitrary files via a symlink attack on unspecified files.

CVE-2024-0068

Improper Link Resolution Before File Access ('Link Following') vulnerability in HYPR Workforce Access on MacOS allows File Manipulation.This issue affects Workforce Access: before 8.7.1.

CVE-2023-6336

Improper Link Resolution Before File Access ('Link Following') vulnerability in HYPR Workforce Access on MacOS allows User-Controlled Filename.This issue affects Workforce Access: before 8.7.

CVE-2023-6335

Improper Link Resolution Before File Access ('Link Following') vulnerability in HYPR Workforce Access on Windows allows User-Controlled Filename.This issue affects Workforce Access: before 8.7.

CVE-2015-1130

The XPC implementation in Admin Framework in Apple OS X before 10.10.3 allows local users to bypass authentication and obtain admin privileges via unspecified vectors.