570 matches found
CVE-2025-27727
CVE-2025-27727 affects Windows Installer through an improper link resolution before file access ("link following"), enabling local privilege elevation on an authorized attacker. The issue is evidenced by the CVE record and associated assessments (high impact, local access, user interaction none)....
CVE-2025-21204
CVE-2025-21204 affects Windows Update Stack with improper link resolution before file access, enabling local privilege elevation for an authenticated user. Public documentation confirms the vulnerability and that Microsoft released fixes as part of April 2025 updates; patches include OS updates t...
Windows Installer Elevation of Privilege Vulnerability
Improper link resolution before file access 'link following' in Windows Installer allows an authorized attacker to elevate privileges locally...
CVE-2024-12905
An Improper Link Resolution Before File Access "Link Following" and Improper Limitation of a Pathname to a Restricted Directory "Path Traversal". This vulnerability occurs when extracting a maliciously crafted tar file, which can result in unauthorized file writes or overwrites outside the intend...
CVE-2024-12905
An Improper Link Resolution Before File Access "Link Following" and Improper Limitation of a Pathname to a Restricted Directory "Path Traversal". This vulnerability occurs when extracting a maliciously crafted tar file, which can result in unauthorized file writes or overwrites outside the intend...
CVE-2024-12905
An Improper Link Resolution Before File Access "Link Following" and Improper Limitation of a Pathname to a Restricted Directory "Path Traversal". This vulnerability occurs when extracting a maliciously crafted tar file, which can result in unauthorized file writes or overwrites outside the intend...
CVE-2024-12905
An Improper Link Resolution Before File Access "Link Following" and Improper Limitation of a Pathname to a Restricted Directory "Path Traversal". This vulnerability occurs when extracting a maliciously crafted tar file, which can result in unauthorized file writes or overwrites outside the intend...
CVE-2024-12905
CVE-2024-12905 affects the tar-fs package (index.js) and enables path traversal and related file writes/overwrites during extraction of crafted tar archives. Affected ranges: tar-fs < 1.16.4, < 2.1.2, and
CVE-2024-12905
An Improper Link Resolution Before File Access "Link Following" and Improper Limitation of a Pathname to a Restricted Directory "Path Traversal". This vulnerability occurs when extracting a maliciously crafted tar file, which can result in unauthorized file writes or overwrites outside the intend...
Microsoft Edge (Chromium-based) Update elevation of privilege vulnerability (CNVD-2025-23062)
Microsoft Edge is a web browser from the American company Microsoft that comes with systems after Windows 10. An elevation of privilege vulnerability exists in Microsoft Edge Chromium-based Update, which is caused by improper link resolution before file access. An attacker could exploit the...
CVE-2025-29795
Improper link resolution before file access 'link following' in Microsoft Edge Chromium-based allows an authorized attacker to elevate privileges locally...
Microsoft Edge (Chromium-based) Update Elevation of Privilege Vulnerability
Improper link resolution before file access 'link following' in Microsoft Edge Chromium-based allows an authorized attacker to elevate privileges locally...
Microsoft Edge 后置链接漏洞
Microsoft Edge is a web browser from the American company Microsoft that comes with systems after Windows 10. An elevation of privilege vulnerability exists in Microsoft Edge Chromium-based Update, which is caused by improper link resolution before file access. An attacker could exploit the...
CVE-2025-1683
Improper link resolution before file access in the Nomad module of the 1E Client, in versions prior to 25.3, enables an attacker with local unprivileged access on a Windows system to delete arbitrary files on the device by exploiting symbolic links...
CVE-2025-25008
Improper link resolution before file access 'link following' in Microsoft Windows allows an authorized attacker to elevate privileges locally...
CVE-2025-1683
Improper link resolution before file access in the Nomad module of the 1E Client, in versions prior to 25.3, enables an attacker with local unprivileged access on a Windows system to delete arbitrary files on the device by exploiting symbolic links...
CVE-2025-1683 Symbolic Link Exploit in 1E Client's - Nomad module allows Arbitrary File Deletion
Improper link resolution before file access in the Nomad module of the 1E Client, in versions prior to 25.3, enables an attacker with local unprivileged access on a Windows system to delete arbitrary files on the device by exploiting symbolic links...
CVE-2025-1683
CVE-2025-1683 affects the Nomad module of the 1E Client. The vulnerability arises from improper link resolution before file access, allowing a local unprivileged attacker on Windows to delete arbitrary files via symbolic links. Affected scope: 1E Client versions prior to 25.3. Impact is described...
CVE-2025-25008
Improper link resolution before file access 'link following' in Microsoft Windows allows an authorized attacker to elevate privileges locally...
CVE-2025-25008
Improper link resolution before file access 'link following' in Microsoft Windows allows an authorized attacker to elevate privileges locally...