Total
1288 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-21188 | 2025-03-12 | 6 Medium | ||
| Azure Network Watcher VM Extension Elevation of Privilege Vulnerability | ||||
| CVE-2022-22582 | 1 Apple | 2 Mac Os X, Macos | 2025-03-11 | 5.5 Medium |
| A validation issue existed in the handling of symlinks. This issue was addressed with improved validation of symlinks. This issue is fixed in Security Update 2022-003 Catalina, macOS Big Sur 11.6.5, macOS Monterey 12.3. A local user may be able to write arbitrary files. | ||||
| CVE-2024-49107 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2025-03-11 | 7.3 High |
| WmsRepair Service Elevation of Privilege Vulnerability | ||||
| CVE-2024-49059 | 1 Microsoft | 3 365 Apps, Office, Office Long Term Servicing Channel | 2025-03-11 | 7 High |
| Microsoft Office Elevation of Privilege Vulnerability | ||||
| CVE-2024-38081 | 1 Microsoft | 16 .net, .net Framework, Visual Studio 2022 and 13 more | 2025-03-11 | 7.3 High |
| .NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability | ||||
| CVE-2024-35261 | 1 Microsoft | 1 Azure Network Watcher Agent | 2025-03-11 | 7.8 High |
| Azure Network Watcher VM Extension Elevation of Privilege Vulnerability | ||||
| CVE-2024-38022 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2025-03-11 | 7 High |
| Windows Image Acquisition Elevation of Privilege Vulnerability | ||||
| CVE-2024-38013 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2025-03-11 | 6.7 Medium |
| Microsoft Windows Server Backup Elevation of Privilege Vulnerability | ||||
| CVE-2022-45697 | 1 Razer | 1 Razer Central | 2025-03-11 | 7.8 High |
| Arbitrary File Delete vulnerability in Razer Central before v7.8.0.381 when handling files in the Accounts directory. | ||||
| CVE-2023-25152 | 1 Pterodactyl | 1 Wings | 2025-03-10 | 8.4 High |
| Wings is Pterodactyl's server control plane. Affected versions are subject to a vulnerability which can be used to create new files and directory structures on the host system that previously did not exist, potentially allowing attackers to change their resource allocations, promote their containers to privileged mode, or potentially add ssh authorized keys to allow the attacker access to a remote shell on the target machine. In order to use this exploit, an attacker must have an existing "server" allocated and controlled by the Wings Daemon. This vulnerability has been resolved in version `v1.11.3` of the Wings Daemon, and has been back-ported to the 1.7 release series in `v1.7.3`. Anyone running `v1.11.x` should upgrade to `v1.11.3` and anyone running `v1.7.x` should upgrade to `v1.7.3`. There are no known workarounds for this vulnerability. ### Workarounds None at this time. | ||||
| CVE-2023-25168 | 1 Pterodactyl | 1 Wings | 2025-03-10 | 9.6 Critical |
| Wings is Pterodactyl's server control plane. This vulnerability can be used to delete files and directories recursively on the host system. This vulnerability can be combined with `GHSA-p8r3-83r8-jwj5` to overwrite files on the host system. In order to use this exploit, an attacker must have an existing "server" allocated and controlled by Wings. This vulnerability has been resolved in version `v1.11.4` of Wings, and has been back-ported to the 1.7 release series in `v1.7.4`. Anyone running `v1.11.x` should upgrade to `v1.11.4` and anyone running `v1.7.x` should upgrade to `v1.7.4`. There are no known workarounds for this issue. | ||||
| CVE-2023-25148 | 2 Microsoft, Trendmicro | 2 Windows, Apex One | 2025-03-05 | 7.8 High |
| A security agent link following vulnerability in Trend Micro Apex One could allow a local attacker to exploit the vulnerability by changing a specific file into a pseudo-symlink, allowing privilege escalation on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | ||||
| CVE-2023-25146 | 2 Microsoft, Trendmicro | 2 Windows, Apex One | 2025-03-05 | 7.8 High |
| A security agent link following vulnerability in the Trend Micro Apex One agent could allow a local attacker to quarantine a file, delete the original folder and replace with a junction to an arbitrary location, ultimately leading to an arbitrary file dropped to an arbitrary location. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | ||||
| CVE-2023-25145 | 2 Microsoft, Trendmicro | 2 Windows, Apex One | 2025-03-05 | 7.8 High |
| A link following vulnerability in the scanning function of Trend Micro Apex One agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | ||||
| CVE-2024-45418 | 1 Zoom | 4 Meeting Software Development Kit, Rooms, Video Software Development Kit and 1 more | 2025-03-04 | 5.4 Medium |
| Symlink following in the installer for some Zoom apps for macOS before version 6.1.5 may allow an authenticated user to conduct an escalation of privilege via network access. | ||||
| CVE-2024-0068 | 2 Apple, Hypr | 2 Macos, Workforce Access | 2025-03-04 | 5.5 Medium |
| Improper Link Resolution Before File Access ('Link Following') vulnerability in HYPR Workforce Access on MacOS allows File Manipulation.This issue affects Workforce Access: before 8.7.1. | ||||
| CVE-2023-24577 | 1 Mcafee | 1 Total Protection | 2025-03-03 | 5.5 Medium |
| McAfee Total Protection prior to 16.0.50 allows attackers to elevate user privileges due to Improper Link Resolution via registry keys. This could enable a user with lower privileges to execute unauthorized tasks. | ||||
| CVE-2023-28141 | 1 Qualys | 1 Cloud Agent | 2025-03-03 | 6.7 Medium |
| An NTFS Junction condition exists in the Qualys Cloud Agent for Windows platform in versions before 4.8.0.31. Attackers may write files to arbitrary locations via a local attack vector. This allows attackers to assume the privileges of the process, and they may delete or otherwise on unauthorized files, allowing for the potential modification or deletion of sensitive files limited only to that specific directory/file object. This vulnerability is bounded to the time of installation/uninstallation and can only be exploited locally. At the time of this disclosure, versions before 4.0 are classified as End of Life. | ||||
| CVE-2025-25185 | 2025-03-03 | 7.5 High | ||
| GPT Academic provides interactive interfaces for large language models. In 3.91 and earlier, GPT Academic does not properly account for soft links. An attacker can create a malicious file as a soft link pointing to a target file, then package this soft link file into a tar.gz file and upload it. Subsequently, when accessing the decompressed file from the server, the soft link will point to the target file on the victim server. The vulnerability allows attackers to read all files on the server. | ||||
| CVE-2023-33148 | 1 Microsoft | 2 365 Apps, Office | 2025-02-28 | 7.8 High |
| Microsoft Office Elevation of Privilege Vulnerability | ||||