Total
1343 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-21391 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2025-07-30 | 7.1 High |
| Windows Storage Elevation of Privilege Vulnerability | ||||
| CVE-2025-1079 | 3 Apple, Google, Linux | 3 Macos, Web Designer, Linux Kernel | 2025-07-29 | 7.8 High |
| Client RCE on macOS and Linux via improper symbolic link resolution in Google Web Designer's preview feature | ||||
| CVE-2025-23267 | 1 Nvidia | 1 Container Toolkit | 2025-07-21 | 8.5 High |
| NVIDIA Container Toolkit for all platforms contains a vulnerability in the update-ldcache hook, where an attacker could cause a link following by using a specially crafted container image. A successful exploit of this vulnerability might lead to data tampering and denial of service. | ||||
| CVE-2024-35254 | 1 Microsoft | 1 Azure Monitor Agent | 2025-07-16 | 7.1 High |
| Azure Monitor Agent Elevation of Privilege Vulnerability | ||||
| CVE-2024-35253 | 1 Microsoft | 1 Azure File Sync | 2025-07-16 | 4.4 Medium |
| Microsoft Azure File Sync Elevation of Privilege Vulnerability | ||||
| CVE-2024-30104 | 1 Microsoft | 2 365 Apps, Office | 2025-07-16 | 7.8 High |
| Microsoft Office Remote Code Execution Vulnerability | ||||
| CVE-2024-30093 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2025-07-16 | 7.3 High |
| Windows Storage Elevation of Privilege Vulnerability | ||||
| CVE-2024-30065 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2025-07-16 | 5.5 Medium |
| Windows Themes Denial of Service Vulnerability | ||||
| CVE-2024-30076 | 1 Microsoft | 11 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 8 more | 2025-07-16 | 6.8 Medium |
| Windows Container Manager Service Elevation of Privilege Vulnerability | ||||
| CVE-2025-7012 | 2025-07-15 | N/A | ||
| An issue in Cato Networks' CatoClient for Linux, before version 5.5, allows a local attacker to escalate privileges to root by exploiting improper symbolic link handling. | ||||
| CVE-2025-29837 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-07-15 | 5.5 Medium |
| Improper link resolution before file access ('link following') in Windows Installer allows an authorized attacker to disclose information locally. | ||||
| CVE-2025-29975 | 1 Microsoft | 1 Pc Manager | 2025-07-15 | 7.8 High |
| Improper link resolution before file access ('link following') in Microsoft PC Manager allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-47181 | 1 Microsoft | 1 Edge Update | 2025-07-15 | 8.8 High |
| Improper link resolution before file access ('link following') in Microsoft Edge (Chromium-based) allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-48384 | 1 Git | 1 Git | 2025-07-13 | 8.1 High |
| Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. When reading a config value, Git strips any trailing carriage return and line feed (CRLF). When writing a config entry, values with a trailing CR are not quoted, causing the CR to be lost when the config is later read. When initializing a submodule, if the submodule path contains a trailing CR, the altered path is read resulting in the submodule being checked out to an incorrect location. If a symlink exists that points the altered path to the submodule hooks directory, and the submodule contains an executable post-checkout hook, the script may be unintentionally executed after checkout. This vulnerability is fixed in v2.43.7, v2.44.4, v2.45.4, v2.46.4, v2.47.3, v2.48.2, v2.49.1, and v2.50.1. | ||||
| CVE-2024-45315 | 1 Sonicwall | 1 Connect Tunnel | 2025-07-13 | 5.5 Medium |
| The Improper link resolution before file access ('Link Following') vulnerability in SonicWall Connect Tunnel (version 12.4.3.271 and earlier of Windows client) allows users with standard privileges to create arbitrary folders and files, potentially leading to local Denial of Service (DoS) attack. | ||||
| CVE-2025-0377 | 1 Hashicorp | 1 Go-slug | 2025-07-13 | 7.5 High |
| HashiCorp’s go-slug library is vulnerable to a zip-slip style attack when a non-existing user-provided path is extracted from the tar entry. | ||||
| CVE-2025-1683 | 1 1e | 1 Client | 2025-07-13 | 7.8 High |
| Improper link resolution before file access in the Nomad module of the 1E Client, in versions prior to 25.3, enables an attacker with local unprivileged access on a Windows system to delete arbitrary files on the device by exploiting symbolic links. | ||||
| CVE-2024-52522 | 1 Rclone | 1 Rclone | 2025-07-12 | 6.8 Medium |
| Rclone is a command-line program to sync files and directories to and from different cloud storage providers. Insecure handling of symlinks with --links and --metadata in rclone while copying to local disk allows unprivileged users to indirectly modify ownership and permissions on symlink target files when a superuser or privileged process performs a copy. This vulnerability could enable privilege escalation and unauthorized access to critical system files, compromising system integrity, confidentiality, and availability. This vulnerability is fixed in 1.68.2. | ||||
| CVE-2025-32817 | 1 Sonicwall | 1 Connect Tunnel | 2025-07-12 | 6.1 Medium |
| A Improper Link Resolution vulnerability (CWE-59) in the SonicWall Connect Tunnel Windows (32 and 64 bit) client, this results in unauthorized file overwrite, potentially leading to denial of service or file corruption. | ||||
| CVE-2025-23010 | 1 Sonicwall | 1 Netextender | 2025-07-12 | 7.2 High |
| An Improper Link Resolution Before File Access ('Link Following') vulnerability in SonicWall NetExtender Windows (32 and 64 bit) client which allows an attacker to manipulate file paths. | ||||