Low
CVSS: 2.1
Metabase is a business intelligence and embedded analytics tool. Versions prior to v0.52.16.4, v1.52.16.4, v0.53.8, and v1.53.8 are vulnerable to circumvention of local link access protection in GeoJson endpoint. Self hosted Metabase instan…
High
CVSS: 7.8
Improper link resolution before file access ('link following') in Microsoft Edge (Chromium-based) allows an authorized attacker to elevate privileges locally.
High
CVSS: 8.8
A vulnerability in binary-husky/gpt_academic version git 310122f allows for remote code execution. The application supports the extraction of user-provided RAR files without proper validation. The Python rarfile module, which supports symli…
High
CVSS: 7.1
A vulnerability in the `ImageClassificationDataset.from_csv()` API of the `dmlc/gluon-cv` repository, version 0.10.0, allows for arbitrary file write. The function downloads and extracts `tar.gz` files from URLs without proper sanitization,…
High
CVSS: 8.8
GPT Academic version 3.83 is vulnerable to a Local File Read (LFI) vulnerability through its HotReload function. This function can download and extract tar.gz files from arxiv.org. Despite implementing protections against path traversal, th…
High
CVSS: 7.8
Improper link resolution before file access in the Nomad module of the 1E Client, in versions prior to 25.3, enables an attacker with local unprivileged access on a Windows system to delete arbitrary files on the device by exploiting symbol…
High
CVSS: 7.1
Improper link resolution before file access ('link following') in Microsoft Windows allows an authorized attacker to elevate privileges locally.
High
CVSS: 7.5
GPT Academic provides interactive interfaces for large language models. In 3.91 and earlier, GPT Academic does not properly account for soft links. An attacker can create a malicious file as a soft link pointing to a target file, then packa…
Medium
CVSS: 5.6
A vulnerability in the uninstaller component of Cisco AnyConnect Secure Mobility Client for Mac OS could allow an authenticated, local attacker to corrupt the content of any file in the filesystem.
The vulnerability is due to the incorrect…
High
CVSS: 7.8
Windows Disk Cleanup Tool Elevation of Privilege Vulnerability
High
CVSS: 7.1
Windows Setup Files Cleanup Elevation of Privilege Vulnerability
High
KEV CVSS: 7.1
Windows Storage Elevation of Privilege Vulnerability
High
CVSS: 7.8
Windows Installer Elevation of Privilege Vulnerability
Medium
CVSS: 6.0
Windows Deployment Services Denial of Service Vulnerability
High
CVSS: 7.8
Microsoft PC Manager Elevation of Privilege Vulnerability
Medium
CVSS: 6.0
Azure Network Watcher VM Extension Elevation of Privilege Vulnerability
High
CVSS: 7.8
Parallels Desktop Technical Data Reporter Link Following Local Privilege Escalation Vulnerability.
This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. An attacker must first obta…
Low
CVSS: 3.9
Symlink following in the installer for Zoom Workplace App for macOS before 6.2.10 may allow an authenticated user to conduct a denial of service via local access.
Medium
CVSS: 4.4
This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Sequoia 15.3, macOS Sonoma 14.7.3, macOS Ventura 13.7.3. A malicious app may be able to create symlinks to protected regions of the disk.
Medium
CVSS: 5.5
This issue was addressed with improved handling of symlinks. This issue is fixed in iOS 18.3 and iPadOS 18.3, iPadOS 17.7.4. Restoring a maliciously crafted backup file may lead to modification of protected system files.