Improper Link Resolution Before File Access ('Link Following')

The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

CVEs (1,502)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2019-13689 1Google 1Chrome May 2, 2025 Aug 25, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 Inappropriate implementation in OS in Google Chrome on ChromeOS prior to 75.0.3770.80 allowed a remote attacker to perform arbitrary read/write via a malicious file. (Chromium security severity: Critical)
CVE-2023-40028 1Ghost 1Ghost Nov 21, 2024 Aug 15, 2023 N/A· v4 6.5 MEDIUM· v3 N/A· v2 Ghost is an open source content management system. Versions prior to 5.59.1 are subject to a vulnerability which allows authenticated users to upload files that are symlinks. This can be exploited to perform an arbitrary...Show more Ghost is an open source content management system. Versions prior to 5.59.1 are subject to a vulnerability which allows authenticated users to upload files that are symlinks. This can be exploited to perform an arbitrary file read of any file on the host operating system. Site administrators can check for exploitation of this issue by looking for unknown symlinks within Ghost's `content/` folder. Version 5.59.1 contains a fix for this issue. All users are advised to upgrade. There are no known workarounds for this vulnerability.Show less
CVE-2023-38175 1Microsoft 1Windows Defender Nov 21, 2024 Aug 8, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 Microsoft Windows Defender Elevation of Privilege Vulnerability
CVE-2023-36903 1Microsoft 12Windows 10 Windows 10 1607Windows 10 1809+9 more Nov 21, 2024 Aug 8, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Windows System Assessment Tool Elevation of Privilege Vulnerability
CVE-2023-36876 1Microsoft 1Windows Server 2008 Nov 21, 2024 Aug 8, 2023 N/A· v4 7.1 HIGH· v3 N/A· v2 Reliability Analysis Metrics Calculation (RacTask) Elevation of Privilege Vulnerability
CVE-2023-35379 1Microsoft 1Windows Server 2008 Nov 21, 2024 Aug 8, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 Reliability Analysis Metrics Calculation Engine (RACEng) Elevation of Privilege Vulnerability
CVE-2022-48579 1Rarlab 1Unrar Nov 21, 2024 Aug 7, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 UnRAR before 6.2.3 allows extraction of files outside of the destination folder via symlink chains.
CVE-2023-39107 1Nomachine 1Nomachine Nov 21, 2024 Aug 4, 2023 N/A· v4 9.1 CRITICAL· v3 N/A· v2 An arbitrary file overwrite vulnerability in NoMachine Free Edition and Enterprise Client for macOS before v8.8.1 allows attackers to overwrite root-owned files by using hardlinks.
CVE-2023-4053 1Mozilla 1Firefox Nov 21, 2024 Aug 1, 2023 N/A· v4 6.5 MEDIUM· v3 N/A· v2 A website could have obscured the full screen notification by using a URL with a scheme handled by an external program, such as a mailto URL. This could have led to user confusion and possible spoofing attacks. This vuln...Show more A website could have obscured the full screen notification by using a URL with a scheme handled by an external program, such as a mailto URL. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 116, Firefox ESR < 115.2, and Thunderbird < 115.2.Show less
CVE-2023-4052 1Mozilla 2Firefox Firefox Esr Nov 21, 2024 Aug 1, 2023 N/A· v4 6.5 MEDIUM· v3 N/A· v2 The Firefox updater created a directory writable by non-privileged users. When uninstalling Firefox, any files in that directory would be recursively deleted with the permissions of the uninstalling user account. This co...Show more The Firefox updater created a directory writable by non-privileged users. When uninstalling Firefox, any files in that directory would be recursively deleted with the permissions of the uninstalling user account. This could be combined with creation of a junction (a form of symbolic link) to allow arbitrary file deletion controlled by the non-privileged user. This bug only affects Firefox on Windows. Other operating systems are unaffected. This vulnerability affects Firefox < 116, Firefox ESR < 115.1, and Thunderbird < 115.1.Show less
CVE-2023-36874 1Microsoft 12Windows 10 1507 Windows 10 1607Windows 10 1809+9 more Oct 28, 2025 Jul 11, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 Windows Error Reporting Service Elevation of Privilege Vulnerability
CVE-2023-35353 1Microsoft 9Windows 10 1607 Windows 10 1809Windows 10 21h2+6 more Nov 21, 2024 Jul 11, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 Connected User Experiences and Telemetry Elevation of Privilege Vulnerability
CVE-2023-35347 1Microsoft 5Windows 10 21h2 Windows 10 22h2Windows 11 21h2+2 more Nov 21, 2024 Jul 11, 2023 N/A· v4 7.1 HIGH· v3 N/A· v2 Microsoft Install Service Elevation of Privilege Vulnerability
CVE-2023-35342 1Microsoft 12Windows 10 1507 Windows 10 1607Windows 10 1809+9 more Nov 21, 2024 Jul 11, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 Windows Image Acquisition Elevation of Privilege Vulnerability
CVE-2023-35320 1Microsoft 9Windows 10 1607 Windows 10 1809Windows 10 21h2+6 more Nov 21, 2024 Jul 11, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 Connected User Experiences and Telemetry Elevation of Privilege Vulnerability
CVE-2023-33148 1Microsoft 3365 Apps OfficeOffice Long Term Servicing Channel May 19, 2026 Jul 11, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 Microsoft Office Elevation of Privilege Vulnerability
CVE-2023-32056 1Microsoft 7Windows 10 1809 Windows 10 21h2Windows 10 22h2+4 more Nov 21, 2024 Jul 11, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Windows Server Update Service (WSUS) Elevation of Privilege Vulnerability
CVE-2023-32053 1Microsoft 12Windows 10 1507 Windows 10 1607Windows 10 1809+9 more Nov 21, 2024 Jul 11, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 Windows Installer Elevation of Privilege Vulnerability
CVE-2023-32050 1Microsoft 1Windows Server 2008 Nov 21, 2024 Jul 11, 2023 N/A· v4 7.0 HIGH· v3 N/A· v2 Windows Installer Elevation of Privilege Vulnerability
CVE-2023-37206 1Mozilla 1Firefox Nov 21, 2024 Jul 5, 2023 N/A· v4 6.5 MEDIUM· v3 N/A· v2 Uploading files which contain symlinks may have allowed an attacker to trick a user into submitting sensitive data to a malicious website. This vulnerability affects Firefox < 115.

Previous 1...232425...76 Next