ReportizFlow
Filtered by vendor
Subscriptions
Total
1343 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-52522 | 1 Rclone | 1 Rclone | 2025-07-13 | 6.8 Medium |
| Rclone is a command-line program to sync files and directories to and from different cloud storage providers. Insecure handling of symlinks with --links and --metadata in rclone while copying to local disk allows unprivileged users to indirectly modify ownership and permissions on symlink target files when a superuser or privileged process performs a copy. This vulnerability could enable privilege escalation and unauthorized access to critical system files, compromising system integrity, confidentiality, and availability. This vulnerability is fixed in 1.68.2. | ||||
| CVE-2025-32817 | 1 Sonicwall | 1 Connect Tunnel | 2025-07-12 | 6.1 Medium |
| A Improper Link Resolution vulnerability (CWE-59) in the SonicWall Connect Tunnel Windows (32 and 64 bit) client, this results in unauthorized file overwrite, potentially leading to denial of service or file corruption. | ||||
| CVE-2024-50404 | 1 Qnap | 1 Qsync Central | 2025-07-12 | N/A |
| A link following vulnerability has been reported to affect Qsync Central. If exploited, the vulnerability could allow remote attackers who have gained user access to traverse the file system to unintended locations. We have already fixed the vulnerability in the following versions: Qsync Central 4.4.0.16_20240819 ( 2024/08/19 ) and later | ||||
| CVE-2025-23010 | 1 Sonicwall | 1 Netextender | 2025-07-12 | 7.2 High |
| An Improper Link Resolution Before File Access ('Link Following') vulnerability in SonicWall NetExtender Windows (32 and 64 bit) client which allows an attacker to manipulate file paths. | ||||
| CVE-2025-25185 | 1 Binary-husky | 1 Gpt Academic | 2025-07-12 | 7.5 High |
| GPT Academic provides interactive interfaces for large language models. In 3.91 and earlier, GPT Academic does not properly account for soft links. An attacker can create a malicious file as a soft link pointing to a target file, then package this soft link file into a tar.gz file and upload it. Subsequently, when accessing the decompressed file from the server, the soft link will point to the target file on the victim server. The vulnerability allows attackers to read all files on the server. | ||||
| CVE-2025-30371 | 1 Metabase | 1 Metabase | 2025-07-12 | N/A |
| Metabase is a business intelligence and embedded analytics tool. Versions prior to v0.52.16.4, v1.52.16.4, v0.53.8, and v1.53.8 are vulnerable to circumvention of local link access protection in GeoJson endpoint. Self hosted Metabase instances that are using the GeoJson feature could be potentially impacted if their Metabase is colocated with other unsecured resources. This is fixed in v0.52.16.4, v1.52.16.4, v0.53.8, and v1.53.8. Migrating to Metabase Cloud or redeploying Metabase in a dedicated subnet with strict outbound port controls is an available workaround. | ||||
| CVE-2025-33075 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-07-11 | 7.8 High |
| Improper link resolution before file access ('link following') in Windows Installer allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-32721 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2025-07-11 | 7.3 High |
| Improper link resolution before file access ('link following') in Windows Recovery Driver allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2023-24904 | 1 Microsoft | 1 Windows Server 2008 | 2025-07-10 | 7.1 High |
| Windows Installer Elevation of Privilege Vulnerability | ||||
| CVE-2023-29343 | 1 Microsoft | 1 Windows Sysmon | 2025-07-10 | 7.8 High |
| SysInternals Sysmon for Windows Elevation of Privilege Vulnerability | ||||
| CVE-2024-38098 | 1 Microsoft | 1 Azure Connected Machine Agent | 2025-07-10 | 7.8 High |
| Azure Connected Machine Agent Elevation of Privilege Vulnerability | ||||
| CVE-2024-38084 | 1 Microsoft | 1 Officeplus | 2025-07-10 | 7.8 High |
| Microsoft OfficePlus Elevation of Privilege Vulnerability | ||||
| CVE-2025-29795 | 1 Microsoft | 1 Edge Update | 2025-07-09 | 7.8 High |
| Improper link resolution before file access ('link following') in Microsoft Edge (Chromium-based) allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-21204 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-07-09 | 7.8 High |
| Improper link resolution before file access ('link following') in Windows Update Stack allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-27727 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-07-08 | 7.8 High |
| Improper link resolution before file access ('link following') in Windows Installer allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-41667 | 2025-07-08 | 8.8 High | ||
| A low privileged remote attacker with file access can replace a critical file used by the arp-preinit script to get read, write and execute access to any file on the device. | ||||
| CVE-2025-41666 | 2025-07-08 | 8.8 High | ||
| A low privileged remote attacker with file access can replace a critical file used by the watchdog to get read, write and execute access to any file on the device after the watchdog has been initialized. | ||||
| CVE-2025-41668 | 2025-07-08 | 8.8 High | ||
| A low privileged remote attacker with file access can replace a critical file or folder used by the service security-profile to get read, write and execute access to any file on the device. | ||||
| CVE-2024-49051 | 1 Microsoft | 1 Pc Manager | 2025-07-08 | 7.8 High |
| Microsoft PC Manager Elevation of Privilege Vulnerability | ||||
| CVE-2024-43603 | 1 Microsoft | 4 Visual Studio, Visual Studio 2017, Visual Studio 2019 and 1 more | 2025-07-08 | 5.5 Medium |
| Visual Studio Collector Service Denial of Service Vulnerability | ||||