CWE-59 · Improper Link Resolution Before File Access
1542 CVEs classified under CWE-59 (Improper Link Resolution Before File Access). Browse by severity and year.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-34078 | Critical | 10.0 | 2026-04-07 | Flatpak is a Linux application sandboxing and distribution framework. Prior to 1.16.4, the Flatpak portal accepts paths in the sandbox-expose options which can… |
CVE-2024-37143 | Critical | 10.0 | 2024-12-10 | Dell PowerFlex appliance versions prior to IC 46.381.00 and IC 46.376.00, Dell PowerFlex rack versions prior to RCM 3.8.1.0 (for RCM 3.8.x train) and prior to… |
CVE-2024-28189 | Critical | 10.0 | 2024-04-18 | Judge0 is an open-source online code execution system. The application uses the UNIX chown command on an untrusted file within the sandbox. An attacker can abu… |
CVE-2024-28185 | Critical | 10.0 | 2024-04-18 | Judge0 is an open-source online code execution system. The application does not account for symlinks placed inside the sandbox directory, which can be leverage… |
CVE-2022-22995 | Critical | 10.0 | 2022-03-25 | The combination of primitives offered by SMB and AFP in their default configuration allows the arbitrary writing of files. By exploiting these combination of p… |
CVE-2026-44881 | Critical | 9.9 | 2026-05-28 | Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and… |
CVE-2026-7374 | Critical | 9.9 | 2026-05-26 | A flaw was found in KubeVirt's virt-handler component. This vulnerability allows an authenticated OpenShift user with edit permissions in a single namespace to… |
CVE-2023-6069 | Critical | 9.9 | 2023-11-10 | Improper Link Resolution Before File Access in GitHub repository froxlor/froxlor prior to 2.1.0. |
CVE-2018-5225 | Critical | 9.9 | 2018-03-22 | In browser editing in Atlassian Bitbucket Server from version 4.13.0 before 5.4.8 (the fixed version for 4.13.0 through 5.4.7), 5.5.0 before 5.5.8 (the fixed v… |
CVE-2026-50549 | Critical | 9.8 | 2026-06-25 | Cursor is a code editor built for programming with AI. Prior to 3.0, Cursor runs agent terminal commands in a sandbox by default. Before a Write, the agent can… |
CVE-2025-66277 | Critical | 9.8 | 2026-02-11 | A link following vulnerability has been reported to affect several QNAP operating system versions. The remote attackers can then exploit the vulnerability to t… |
CVE-2025-43220 | Critical | 9.8 | 2025-07-30 | This issue was addressed with improved validation of symlinks. This issue is fixed in iPadOS 17.7.9, macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13… |
CVE-2025-30457 | Critical | 9.8 | 2025-03-31 | This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. A maliciou… |
CVE-2024-48862 | Critical | 9.8 | 2024-11-22 | A link following vulnerability has been reported to affect QuLog Center. If exploited, the vulnerability could allow remote attackers to traverse the file syst… |
CVE-2024-6868 | Critical | 9.8 | 2024-10-29 | mudler/LocalAI version 2.17.1 allows for arbitrary file write due to improper handling of automatic archive extraction. When model configurations specify addit… |
CVE-2022-34960 | Critical | 9.8 | 2022-08-25 | The container package in MikroTik RouterOS 7.4beta4 allows an attacker to create mount points pointing to symbolic links, which resolve to locations on the hos… |
CVE-2022-26612 | Critical | 9.8 | 2022-04-07 | In Apache Hadoop, The unTar function uses unTarUsingJava function on Windows and the built-in tar utility on Unix and other OSes. As a result, a TAR entry may… |
CVE-2021-21691 | Critical | 9.8 | 2021-11-04 | Creating symbolic links is possible without the 'symlink' agent-to-controller access control permission in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier. |
CVE-2020-27172 | Critical | 9.8 | 2020-12-28 | An issue was discovered in G-Data before 25.5.9.25 using Symbolic links, it is possible to abuse the infected-file restore mechanism to achieve arbitrary write… |
CVE-2020-9682 | Critical | 9.8 | 2020-07-17 | Adobe Creative Cloud Desktop Application versions 5.1 and earlier have a symlink vulnerability vulnerability. Successful exploitation could lead to arbitrary f… |