CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-13960 |
Description: Link Following Local Privilege Escalation Vulnerability in TuneUp Service in AVG TuneUp Version 23.4 (build 15592) on Windows 10 allows local attackers to escalate privileges and execute arbitrary code in the context of SYSTEM via creating a symbolic link and leveraging a TOCTTOU (time-of-check to time-of-use) attack.
CVSS: HIGH (7.8) EPSS Score: 0.02%
May 9th, 2025 (about 1 month ago)
|
|
CVE-2024-13959 |
Description: Link Following Local Privilege Escalation Vulnerability in TuneupSvc.exe in AVG TuneUp 24.2.16593.9844 on Windows allows local attackers to escalate privileges and execute arbitrary code in the context of SYSTEM via creating a symbolic link and leveraging the service to delete a directory
CVSS: HIGH (7.8) EPSS Score: 0.02%
May 9th, 2025 (about 1 month ago)
|
|
CVE-2024-13944 |
Description: Link Following Local Privilege Escalation Vulnerability in NortonUtilitiesSvc in Norton Utilities Ultimate Version 24.2.16862.6344 on Windows 10 Pro x64 allows local attackers to escalate privileges and execute arbitrary code in the context of SYSTEM via the creation of a symbolic link and leveraging a TOCTTOU (time-of-check to time-of-use) attack.
CVSS: HIGH (7.8) EPSS Score: 0.01%
May 9th, 2025 (about 1 month ago)
|
|
CVE-2024-13759 |
Description: Local Privilege Escalation in Avira.Spotlight.Service.exe in Avira Prime 1.1.96.2 on Windows 10 x64 allows local attackers to gain system-level privileges via arbitrary file deletion
CVSS: HIGH (7.8) EPSS Score: 0.02%
May 9th, 2025 (about 1 month ago)
|
|
CVE-2025-4206 |
Description: The WordPress CRM, Email & Marketing Automation for WordPress | Award Winner — Groundhogg plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'process_export_delete' and 'process_import_delete' functions in all versions up to, and including, 4.1.1.2. This makes it possible for authenticated attackers, with Administrator-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php).
CVSS: HIGH (7.2) EPSS Score: 0.66%
May 9th, 2025 (about 1 month ago)
|
|
CVE-2025-4467 |
Description: A vulnerability was found in SourceCodester Online Student Clearance System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/edit-admin.php. The manipulation of the argument txtfullname/txtemail/cmddesignation leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. In SourceCodester Online Student Clearance System 1.0 wurde eine Schwachstelle ausgemacht. Sie wurde als kritisch eingestuft. Das betrifft eine unbekannte Funktionalität der Datei /admin/edit-admin.php. Durch das Beeinflussen des Arguments txtfullname/txtemail/cmddesignation mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk angegangen werden. Der Exploit steht zur öffentlichen Verfügung.
CVSS: HIGH (7.3) EPSS Score: 0.03%
May 9th, 2025 (about 1 month ago)
|
|
CVE-2025-3455 |
Description: The 1 Click WordPress Migration Plugin – 100% FREE for a limited time plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'start_restore' function in all versions up to, and including, 2.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.
CVSS: HIGH (8.8) EPSS Score: 0.26%
May 9th, 2025 (about 1 month ago)
|
|
CVE-2025-4462 |
Description: A vulnerability, which was classified as critical, has been found in TOTOLINK N150RT 3.4.0-B20190525. This issue affects some unknown processing of the file /boafrm/formWsc. The manipulation of the argument localPin leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Eine Schwachstelle wurde in TOTOLINK N150RT 3.4.0-B20190525 entdeckt. Sie wurde als kritisch eingestuft. Es geht hierbei um eine nicht näher spezifizierte Funktion der Datei /boafrm/formWsc. Durch Manipulation des Arguments localPin mit unbekannten Daten kann eine buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk angegangen werden. Der Exploit steht zur öffentlichen Verfügung.
CVSS: HIGH (8.7) EPSS Score: 0.14%
May 9th, 2025 (about 1 month ago)
|
|
CVE-2025-4377 |
Description: Improper Limitation of a Pathname caused a Path Traversal vulnerability in Sparx Systems Pro Cloud Server.
This vulnerability is present in logview.php and it allows reading arbitrary files on the filesystem.
Logview is accessible on Pro Cloud Server Configuration interface.
This issue affects Pro Cloud Server: earlier than 6.0.165.
CVSS: HIGH (8.3) EPSS Score: 0.08%
May 9th, 2025 (about 1 month ago)
|
|
CVE-2025-3462 |
Description: "This issue is limited to motherboards and does not affect laptops, desktop computers, or other endpoints." An insufficient validation in ASUS DriverHub may allow unauthorized sources to interact with the software's features via crafted HTTP requests.
Refer to the 'Security Update for ASUS DriverHub' section on the ASUS Security Advisory for more information.
CVSS: HIGH (8.4) EPSS Score: 0.06%
May 9th, 2025 (about 1 month ago)
|