CWE-59: CWE-59

CVE-2023-36399 is an elevation of privilege vulnerability in Windows Storage that allows authenticated attackers to gain SYSTEM-level privileges on af...

This vulnerability allows an authenticated attacker to elevate privileges on affected Windows systems by exploiting a flaw in the Reliability Analysis...

This vulnerability allows attackers to elevate privileges on Windows systems by exploiting a flaw in the Microsoft Install Service. Attackers with loc...

This vulnerability in Malwarebytes Anti-Exploit allows attackers to delete arbitrary files or cause denial of service by sending specially crafted ALP...

This vulnerability in Docker Desktop for Windows allows attackers to overwrite arbitrary files through a symlink attack on the hyperv/create dockerBac...

This Windows kernel vulnerability allows attackers to elevate privileges from user mode to kernel mode, potentially gaining SYSTEM-level access. It af...

This vulnerability in AnyDesk 7.0.9 allows a local user to escalate privileges to SYSTEM via a symbolic link attack. The software writes chat-room dat...

This vulnerability allows attackers to overwrite administrator-writable files on Windows systems by exploiting a symlink vulnerability in Docker Deskt...

This vulnerability allows attackers to elevate privileges on Windows systems by exploiting the Print Spooler service. Attackers could gain SYSTEM-leve...

This vulnerability in WIBU CodeMeter Runtime allows local attackers to overwrite arbitrary files via a crafted symbolic link attack. It affects system...

This vulnerability in NVIDIA GPU Display drivers for Windows allows unprivileged users to create hard links that trick the driver into overwriting pro...

This vulnerability allows an authenticated attacker to execute arbitrary code with SYSTEM privileges by exploiting a flaw in the Windows Update Servic...

This CVE describes a local privilege escalation vulnerability in OneDrive for Windows Desktop where improper symbolic link handling allows an attacker...

This CVE describes a privilege escalation vulnerability in OneDrive for Windows Desktop where improper handling of symbolic links allows an attacker t...

This vulnerability in Windows Search Service allows an authenticated attacker to execute arbitrary code with SYSTEM privileges, leading to local privi...

This vulnerability allows local attackers to escalate privileges by exploiting hardlink creation during the Cloudflare WARP client repair process. Att...

CVE-2022-21919 is an elevation of privilege vulnerability in the Windows User Profile Service that allows an authenticated attacker to gain SYSTEM-lev...

CVE-2021-26426 is an elevation of privilege vulnerability in Windows User Account Profile Picture handling that allows authenticated attackers to exec...

CVE-2021-26862 is a Windows Installer elevation of privilege vulnerability that allows authenticated attackers to execute arbitrary code with SYSTEM p...

This vulnerability in miniserve allows attackers to overwrite arbitrary files outside the intended upload directory through a TOCTOU (Time-of-Check Ti...

openCryptoki versions 2.3.2+ are vulnerable to symlink attacks when running with elevated privileges. Token-group users can plant symbolic links in gr...

This CVE describes a privilege escalation vulnerability in the ACAP Application framework through symlink attacks. It affects Axis devices configured ...

This vulnerability allows an authenticated attacker to escalate privileges within Windows Container Manager Service. Attackers could gain SYSTEM-level...

This CVE describes a link following vulnerability in Intel Server Configuration Utility and Server Firmware Update Utility that allows authenticated l...

Dell Alienware Command Center versions before 5.10.2.0 contain a link following vulnerability that allows local attackers with low privileges to eleva...

Dell Trusted Device versions before 7.0.3.0 contain a link following vulnerability that allows local attackers with low privileges to elevate their pr...

This vulnerability in GNU Nano allows local privilege escalation through insecure temporary file handling. When Nano is killed during editing, it crea...

Dell Display and Peripheral Manager versions before 2.2 contain a symbolic link vulnerability that allows local attackers to escalate privileges. Atta...

CVE-2025-15324 is a documentation issue in Tanium Engage that could lead to improper link resolution. This vulnerability affects organizations using T...

Dell Encryption versions before 11.12.1 contain a link following vulnerability that allows local low-privileged attackers to manipulate symbolic links...

A symlink traversal vulnerability in n8n's Read/Write File node allows attackers to bypass directory restrictions. By creating symbolic links, attacke...

This macOS vulnerability allows malicious websites to access sensitive user data by exploiting symlink resolution. It affects macOS users who visit co...

This vulnerability in Backstage's @backstage/backend-plugin-api allows attackers to bypass path traversal protections via symlink chains and dangling ...

A Time-of-Check-Time-of-Use (TOCTOU) race condition in filelock versions before 3.20.1 allows local attackers to corrupt or truncate arbitrary user fi...

This vulnerability in Ugreen DH2100+ network-attached storage devices allows attackers with physical access to exploit symlink following in the USB Ha...

This Local File Inclusion vulnerability in text-generation-webui allows unauthenticated attackers to read arbitrary files on the server by uploading s...

This vulnerability allows a local attacker on Linux systems to create symbolic links that trick OpenVPN's configuration initialization tool into chang...

The ORICO NAS CD3510 (version V1.9.12 and below) contains an Incorrect Symlink Follow vulnerability that allows attackers with physical access to a US...

An incorrect symlink follow vulnerability in Yottamaster NAS devices allows attackers with physical USB drive access to read and modify the NAS intern...

This vulnerability in ZSPACE Q2C NAS devices allows attackers to bypass security controls by creating a malicious symbolic link on a USB drive. When t...

CVE-2025-22247 is an insecure file handling vulnerability in VMware Tools that allows non-administrative users on a guest VM to manipulate local files...

This vulnerability in SonicWall Connect Tunnel Windows client allows attackers to overwrite arbitrary files through improper link resolution. This cou...

A link following vulnerability in Trend Micro Apex One and Apex One as a Service Damage Cleanup Engine allows a local attacker with low-privileged cod...

This vulnerability in Windows Deployment Services allows attackers to cause a denial of service by sending specially crafted packets to vulnerable ser...

This vulnerability in Azure Network Watcher VM Extension allows authenticated users with VM-level access to elevate privileges to root/system level on...

This vulnerability allows a low-privileged local attacker on Windows systems to delete protected system files by exploiting improper link resolution i...

This vulnerability in Cisco AnyConnect Secure Mobility Client for Mac OS allows authenticated local attackers to corrupt files via symlink attacks. At...

This vulnerability in RustDesk Client for Windows allows local attackers with low-privileged code execution to read arbitrary files on the system by e...

CVE-2025-15313 is an arbitrary file deletion vulnerability in Tanium EUSS that allows authenticated attackers to delete files on the server. This affe...

CVE-2025-15314 is an arbitrary file deletion vulnerability in Tanium's end-user-cx component that allows authenticated attackers to delete files on af...