Total
1434 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-23892 | 1 Mcafee | 1 Endpoint Security For Linux Threat Prevention | 2026-02-24 | 6.9 MEDIUM | 8.2 HIGH |
| By exploiting a time of check to time of use (TOCTOU) race condition during the Endpoint Security for Linux Threat Prevention and Firewall (ENSL TP/FW) installation process, a local user can perform a privilege escalation attack to obtain administrator privileges for the purpose of executing arbitrary code through insecure use of predictable temporary file locations. | |||||
| CVE-2025-1697 | 1 Hp | 1 Touchpoint Analytics Service | 2026-02-24 | N/A | 7.8 HIGH |
| A potential security vulnerability has been identified in the HP Touchpoint Analytics Service for certain HP PC products with versions prior to 4.2.2439. This vulnerability could potentially allow a local attacker to escalate privileges. HP is providing software updates to mitigate this potential vulnerability. | |||||
| CVE-2020-7346 | 1 Mcafee | 1 Data Loss Prevention | 2026-02-23 | 4.6 MEDIUM | 7.8 HIGH |
| Privilege Escalation vulnerability in McAfee Data Loss Prevention (DLP) for Windows prior to 11.6.100 allows a local, low privileged, attacker through the use of junctions to cause the product to load DLLs of the attacker's choosing. This requires the creation and removal of junctions by the attacker along with sending a specific IOTL command at the correct time. | |||||
| CVE-2020-16939 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2026-02-23 | 4.6 MEDIUM | 7.8 HIGH |
| <p>An elevation of privilege vulnerability exists when Group Policy improperly checks access. An attacker who successfully exploited this vulnerability could run processes in an elevated context.</p> <p>To exploit the vulnerability, an attacker would first have to log on to the system, and then run a specially crafted application to take control over the affected system.</p> <p>The security update addresses the vulnerability by correcting how Group Policy checks access.</p> | |||||
| CVE-2020-16853 | 1 Microsoft | 1 Onedrive | 2026-02-23 | 3.6 LOW | 7.1 HIGH |
| <p>An elevation of privilege vulnerability exists when the OneDrive for Windows Desktop application improperly handles symbolic links. An attacker who successfully exploited this vulnerability could overwrite a targeted file with an elevated status.</p> <p>To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and delete a targeted file with an elevated status.</p> <p>The update addresses this vulnerability by correcting where the OneDrive updater performs file writes while running with elevation.</p> | |||||
| CVE-2020-16851 | 1 Microsoft | 1 Onedrive | 2026-02-23 | 3.6 LOW | 7.1 HIGH |
| <p>An elevation of privilege vulnerability exists when the OneDrive for Windows Desktop application improperly handles symbolic links. An attacker who successfully exploited this vulnerability could overwrite a targeted file with an elevated status.</p> <p>To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and delete a targeted file with an elevated status.</p> <p>The update addresses this vulnerability by correcting where the OneDrive updater performs file writes while running with elevation.</p> | |||||
| CVE-2026-2490 | 2026-02-23 | N/A | 5.5 MEDIUM | ||
| RustDesk Client for Windows Transfer File Link Following Information Disclosure Vulnerability. This vulnerability allows local attackers to disclose sensitive information on affected installations of RustDesk Client for Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Transfer File feature. By uploading a symbolic link, an attacker can abuse the service to read arbitrary files. An attacker can leverage this vulnerability to disclose information in the context of SYSTEM. Was ZDI-CAN-27909. | |||||
| CVE-2019-1188 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2026-02-20 | 9.3 HIGH | 7.5 HIGH |
| A remote code execution vulnerability exists in Microsoft Windows that could allow remote code execution if a .LNK file is processed. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. The attacker could present to the user a removable drive, or remote share, that contains a malicious .LNK file and an associated malicious binary. When the user opens this drive(or remote share) in Windows Explorer, or any other application that parses the .LNK file, the malicious binary will execute code of the attacker’s choice, on the target system. The security update addresses the vulnerability by correcting the processing of shortcut LNK references. | |||||
| CVE-2025-15314 | 1 Tanium | 1 End-user-cx | 2026-02-20 | N/A | 5.5 MEDIUM |
| Tanium addressed an arbitrary file deletion vulnerability in end-user-cx. | |||||
| CVE-2024-39578 | 1 Dell | 1 Powerscale Onefs | 2026-02-20 | N/A | 6.3 MEDIUM |
| Dell PowerScale OneFS versions 8.2.2.x through 9.8.0.1 contains a UNIX symbolic link (symlink) following vulnerability. A local high privileged attacker could potentially exploit this vulnerability, leading to denial of service, information tampering. | |||||
| CVE-2024-25953 | 1 Dell | 1 Powerscale Onefs | 2026-02-20 | N/A | 6.0 MEDIUM |
| Dell PowerScale OneFS versions 9.4.0.x through 9.7.0.x contains an UNIX symbolic link (symlink) following vulnerability. A local high privileged attacker could potentially exploit this vulnerability, leading to denial of service, information tampering. | |||||
| CVE-2024-25952 | 1 Dell | 1 Powerscale Onefs | 2026-02-20 | N/A | 6.0 MEDIUM |
| Dell PowerScale OneFS versions 8.2.2.x through 9.7.0.x contains an UNIX symbolic link (symlink) following vulnerability. A local high privileged attacker could potentially exploit this vulnerability, leading to denial of service, information tampering. | |||||
| CVE-2026-2627 | 2026-02-18 | 6.8 MEDIUM | 7.8 HIGH | ||
| A security flaw has been discovered in Softland FBackup up to 9.9. This impacts an unknown function in the library C:\Program Files\Common Files\microsoft shared\ink\HID.dll of the component Backup/Restore. The manipulation results in link following. The attack needs to be approached locally. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2026-22702 | 1 Virtualenv | 1 Virtualenv | 2026-02-18 | N/A | 4.5 MEDIUM |
| virtualenv is a tool for creating isolated virtual python environments. Prior to version 20.36.1, TOCTOU (Time-of-Check-Time-of-Use) vulnerabilities in virtualenv allow local attackers to perform symlink-based attacks on directory creation operations. An attacker with local access can exploit a race condition between directory existence checks and creation to redirect virtualenv's app_data and lock file operations to attacker-controlled locations. This issue has been patched in version 20.36.1. | |||||
| CVE-2024-23459 | 1 Zscaler | 1 Client Connector | 2026-02-17 | N/A | 7.1 HIGH |
| An Improper Link Resolution Before File Access ('Link Following') vulnerability in Zscaler Client Connector on Mac allows a system file to be overwritten.This issue affects Zscaler Client Connector on Mac : before 3.7. | |||||
| CVE-2019-12749 | 2 Canonical, Freedesktop | 2 Ubuntu Linux, Dbus | 2026-02-13 | 3.6 LOW | 7.1 HIGH |
| dbus before 1.10.28, 1.12.x before 1.12.16, and 1.13.x before 1.13.12, as used in DBusServer in Canonical Upstart in Ubuntu 14.04 (and in some, less common, uses of dbus-daemon), allows cookie spoofing because of symlink mishandling in the reference implementation of DBUS_COOKIE_SHA1 in the libdbus library. (This only affects the DBUS_COOKIE_SHA1 authentication mechanism.) A malicious client with write access to its own home directory could manipulate a ~/.dbus-keyrings symlink to cause a DBusServer with a different uid to read and write in unintended locations. In the worst case, this could result in the DBusServer reusing a cookie that is known to the malicious client, and treating that cookie as evidence that a subsequent client connection came from an attacker-chosen uid, allowing authentication bypass. | |||||
| CVE-2026-20610 | 1 Apple | 1 Macos | 2026-02-13 | N/A | 7.8 HIGH |
| This issue was addressed with improved handling of symlinks. This issue is fixed in macOS Tahoe 26.3. An app may be able to gain root privileges. | |||||
| CVE-2026-26225 | 2026-02-13 | N/A | N/A | ||
| Intego Personal Backup, a macOS backup utility that allows users to create scheduled backups and bootable system clones, contains a local privilege escalation vulnerability. Backup task definitions are stored in a location writable by non-privileged users while being processed with elevated privileges. By crafting a malicious serialized task file, a local attacker can trigger arbitrary file writes to sensitive system locations, leading to privilege escalation to root. | |||||
| CVE-2025-66277 | 1 Qnap | 2 Qts, Quts Hero | 2026-02-12 | N/A | 9.8 CRITICAL |
| A link following vulnerability has been reported to affect several QNAP operating system versions. The remote attackers can then exploit the vulnerability to traverse the file system to unintended locations. We have already fixed the vulnerability in the following versions: QTS 5.2.8.3350 build 20251216 and later QuTS hero h5.3.2.3354 build 20251225 and later QuTS hero h5.2.8.3350 build 20251216 and later | |||||
| CVE-2025-62676 | 1 Fortinet | 1 Forticlient | 2026-02-12 | N/A | 7.1 HIGH |
| An Improper Link Resolution Before File Access ('Link Following') vulnerability [CWE-59] vulnerability in Fortinet FortiClientWindows 7.4.0 through 7.4.4, FortiClientWindows 7.2.0 through 7.2.12, FortiClientWindows 7.0 all versions may allow a local low-privilege attacker to perform an arbitrary file write with elevated permissions via crafted named pipe messages. | |||||