Fallos del tipo CWE-59
629 resultadosCVE-2026-41433HIGHOpenTelemetry eBPF Instrumentation: Privileged Java agent injection allows arbitrary host file overwrite via untrusted TMPDIREPSS 0.2%CVE-2025-43395LOWThis issue was addressed with improved handling of symlinks. This issue is fixed in macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, macOS Tahoe 2EPSS 0.2%CVE-2026-45403LOWAnythingLLM: filesystem-copy-file follows nested symlinks and copies files from outside the allowed directoryEPSS 0.2%CVE-2023-20004MEDIUMCisco TelePresence Collaboration Endpoint and RoomOS Software Arbitrary File Write VulnerabilityEPSS 0.2%CVE-2025-64437MEDIUMKubeVirt Isolation Detection Flaw Allows Arbitrary File Permission ChangesEPSS 0.2%CVE-2025-43379MEDIUMThis issue was addressed with improved validation of symlinks. This issue is fixed in iOS 26.1 and iPadOS 26.1, macOS Sequoia 15.7.2, macOS EPSS 0.2%CVE-2025-31198MEDIUMThis issue was addressed with improved validation of symlinks. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS VenturaEPSS 0.2%CVE-2025-15543MEDIUMRead-Only Root Access via USB Storage Device in TP-Link VX800vEPSS 0.2%CVE-2023-41971MEDIUMWindows ZCC Upgrade DoS And Privilege Escalation Through RPC ControlEPSS 0.2%CVE-2024-11857HIGHRealtek Bluetooth HCI Adaptor - Privilege EscalationEPSS 0.2%CVE-2024-13962HIGHLink Following Local Privilege Escalation Vulnerability in Avast Cleanup Premium Version 24.2.16593.17810EPSS 0.2%CVE-2022-42292MEDIUM
NVIDIA GeForce Experience contains a vulnerability in the NVContainer component, where a user without administrator privileges can create aEPSS 0.2%CVE-2026-35349MEDIUMuutils coreutils Path-Based Safety Bypass with --preserve-rootEPSS 0.2%CVE-2024-9524HIGHPrivilege Escalation Vulnerability in Avira Prime Version 1.1.96.2EPSS 0.2%CVE-2024-13959HIGHLink Following Local Privilege Escalation Vulnerability in AVG TuneUp 24.2.16593.9844EPSS 0.2%CVE-2025-68146MEDIUMfilelock has TOCTOU race condition that allows symlink attacks during lock file creationEPSS 0.2%CVE-2024-0206HIGH
A symbolic link manipulation vulnerability in Trellix Anti-Malware Engine prior to the January 2024 release allows an authenticated local uEPSS 0.2%CVE-2023-28141MEDIUMNTFS JunctionEPSS 0.2%CVE-2025-15319HIGHTanium addressed a local privilege escalation vulnerability in Patch Endpoint Tools.EPSS 0.2%CVE-2025-3908MEDIUMThe configuration initialization tool in OpenVPN 3 Linux v20 through v24 on Linux allows a local attacker to use symlinks pointing at an arbEPSS 0.2%