Total
1389 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-54798 | 1 Raszi | 2 Node-tmp, Tmp | 2025-11-03 | 2.5 Low |
| tmp is a temporary file and directory creator for node.js. In versions 0.2.3 and below, tmp is vulnerable to an arbitrary temporary file / directory write via symbolic link dir parameter. This is fixed in version 0.2.4. | ||||
| CVE-2025-52936 | 2025-11-03 | N/A | ||
| Improper Link Resolution Before File Access ('Link Following') vulnerability in yrutschle sslh.This issue affects sslh: before 2.2.2. | ||||
| CVE-2025-43220 | 1 Apple | 5 Ipados, Macos, Macos Sequoia and 2 more | 2025-11-03 | 9.8 Critical |
| This issue was addressed with improved validation of symlinks. This issue is fixed in iPadOS 17.7.9, macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7. An app may be able to access protected user data. | ||||
| CVE-2024-12905 | 1 Redhat | 2 Openshift Devspaces, Rhdh | 2025-11-03 | 7.5 High |
| An Improper Link Resolution Before File Access ("Link Following") and Improper Limitation of a Pathname to a Restricted Directory ("Path Traversal"). This vulnerability occurs when extracting a maliciously crafted tar file, which can result in unauthorized file writes or overwrites outside the intended extraction directory. The issue is associated with index.js in the tar-fs package. This issue affects tar-fs: from 0.0.0 before 1.16.4, from 2.0.0 before 2.1.2, from 3.0.0 before 3.0.8. | ||||
| CVE-2025-43252 | 1 Apple | 2 Macos, Macos Sequoia | 2025-11-03 | 6.5 Medium |
| This issue was addressed by adding an additional prompt for user consent. This issue is fixed in macOS Sequoia 15.6. A website may be able to access sensitive user data when resolving symlinks. | ||||
| CVE-2022-30333 | 4 Debian, Linux, Opengroup and 1 more | 4 Debian Linux, Linux Kernel, Unix and 1 more | 2025-11-03 | 7.5 High |
| RARLAB UnRAR before 6.12 on Linux and UNIX allows directory traversal to write to files during an extract (aka unpack) operation, as demonstrated by creating a ~/.ssh/authorized_keys file. NOTE: WinRAR and Android RAR are unaffected. | ||||
| CVE-2022-21919 | 1 Microsoft | 17 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 14 more | 2025-10-30 | 7 High |
| Windows User Profile Service Elevation of Privilege Vulnerability | ||||
| CVE-2022-21999 | 1 Microsoft | 17 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 14 more | 2025-10-30 | 7.8 High |
| Windows Print Spooler Elevation of Privilege Vulnerability | ||||
| CVE-2021-41379 | 1 Microsoft | 25 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 22 more | 2025-10-30 | 5.5 Medium |
| Windows Installer Elevation of Privilege Vulnerability | ||||
| CVE-2023-36758 | 1 Microsoft | 1 Visual Studio 2022 | 2025-10-30 | 7.8 High |
| Visual Studio Elevation of Privilege Vulnerability | ||||
| CVE-2025-12341 | 1 Ermig1979 | 1 Antidupl | 2025-10-30 | 7.8 High |
| A vulnerability was detected in ermig1979 AntiDupl up to 2.3.12. Impacted is an unknown function of the file AntiDupl.NET.WinForms.exe of the component Delete Duplicate Image Handler. The manipulation results in link following. The attack is only possible with local access. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2019-0841 | 1 Microsoft | 6 Windows 10 1703, Windows 10 1709, Windows 10 1803 and 3 more | 2025-10-29 | 7.8 High |
| An elevation of privilege vulnerability exists when Windows AppX Deployment Service (AppXSVC) improperly handles hard links, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0730, CVE-2019-0731, CVE-2019-0796, CVE-2019-0805, CVE-2019-0836. | ||||
| CVE-2019-1064 | 1 Microsoft | 11 Windows 10 1607, Windows 10 1703, Windows 10 1709 and 8 more | 2025-10-29 | 7.8 High |
| An elevation of privilege vulnerability exists when Windows AppX Deployment Service (AppXSVC) improperly handles hard links. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could then install programs; view, change or delete data. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system. The security update addresses the vulnerability by correcting how Windows AppX Deployment Service handles hard links. | ||||
| CVE-2019-1069 | 1 Microsoft | 12 Windows 10, Windows 10 1507, Windows 10 1607 and 9 more | 2025-10-29 | 7.8 High |
| An elevation of privilege vulnerability exists in the way the Task Scheduler Service validates certain file operations. An attacker who successfully exploited the vulnerability could gain elevated privileges on a victim system. To exploit the vulnerability, an attacker would require unprivileged code execution on a victim system. The security update addresses the vulnerability by correctly validating file operations. | ||||
| CVE-2019-1129 | 1 Microsoft | 8 Windows 10 1703, Windows 10 1709, Windows 10 1803 and 5 more | 2025-10-29 | 7.8 High |
| An elevation of privilege vulnerability exists when Windows AppX Deployment Service (AppXSVC) improperly handles hard links, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1130. | ||||
| CVE-2019-1130 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1703 and 11 more | 2025-10-29 | 7.8 High |
| An elevation of privilege vulnerability exists when Windows AppX Deployment Service (AppXSVC) improperly handles hard links, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1129. | ||||
| CVE-2019-1253 | 1 Microsoft | 8 Windows 10 1703, Windows 10 1709, Windows 10 1803 and 5 more | 2025-10-29 | 7.8 High |
| An elevation of privilege vulnerability exists when the Windows AppX Deployment Server improperly handles junctions.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1215, CVE-2019-1278, CVE-2019-1303. | ||||
| CVE-2019-1315 | 1 Microsoft | 13 Windows 10 1607, Windows 10 1703, Windows 10 1709 and 10 more | 2025-10-29 | 7.8 High |
| An elevation of privilege vulnerability exists when Windows Error Reporting manager improperly handles hard links, aka 'Windows Error Reporting Manager Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1339, CVE-2019-1342. | ||||
| CVE-2019-1385 | 1 Microsoft | 6 Windows 10 1709, Windows 10 1803, Windows 10 1809 and 3 more | 2025-10-29 | 7.8 High |
| An elevation of privilege vulnerability exists when the Windows AppX Deployment Extensions improperly performs privilege management, resulting in access to system files.To exploit this vulnerability, an authenticated attacker would need to run a specially crafted application to elevate privileges.The security update addresses the vulnerability by correcting how AppX Deployment Extensions manages privileges., aka 'Windows AppX Deployment Extensions Elevation of Privilege Vulnerability'. | ||||
| CVE-2020-0638 | 1 Microsoft | 9 Windows 10 1709, Windows 10 1803, Windows 10 1809 and 6 more | 2025-10-29 | 7.8 High |
| An elevation of privilege vulnerability exists in the way the Update Notification Manager handles files.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Update Notification Manager Elevation of Privilege Vulnerability'. | ||||