CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-1163 |
Description: The attacker may exploit a path traversal vulnerability leading to information disclosure.
CVSS: HIGH (7.1) EPSS Score: 0.07% SSVC Exploitation: poc
May 9th, 2025 (about 2 months ago)
|
|
CVE-2024-24762 |
Description: `python-multipart` is a streaming multipart parser for Python. When using form data, `python-multipart` uses a Regular Expression to parse the HTTP `Content-Type` header, including options. An attacker could send a custom-made `Content-Type` option that is very difficult for the RegEx to process, consuming CPU resources and stalling indefinitely (minutes or more) while holding the main event loop. This means that process can't handle any more requests, leading to regular expression denial of service. This vulnerability has been patched in version 0.0.7.
CVSS: HIGH (7.5) EPSS Score: 1.8% SSVC Exploitation: poc
May 9th, 2025 (about 2 months ago)
|
|
CVE-2024-9524 |
Description: Link Following Local Privilege Escalation Vulnerability in System Speedup Service in Avira Operations GmbH Avira Prime Version 1.1.96.2 on Windows 10 x64 allows local attackers to escalate privileges and execute arbitrary code in the context of SYSTEM via creating a symbolic link and leveraging a TOCTTOU (time-of-check to time-of-use) attack.
CVSS: HIGH (7.8) EPSS Score: 0.02%
May 9th, 2025 (about 2 months ago)
|
|
CVE-2024-13962 |
Description: Link Following Local Privilege Escalation Vulnerability in TuneupSvc in Gen Digital Inc. Avast Cleanup Premium Version 24.2.16593.17810 on Windows 10 Pro x64 allows local attackers to escalate privileges and execute arbitrary code in the context of SYSTEM via creating a symbolic link and leveraging a TOCTTOU (time-of-check to time-of-use) attack.
CVSS: HIGH (7.8) EPSS Score: 0.02%
May 9th, 2025 (about 2 months ago)
|
|
CVE-2024-13961 |
Description: Link Following Local Privilege Escalation Vulnerability in TuneupSvc in Avast Cleanup Premium Version 24.2.16593.17810 on Windows 10 Pro x64 allows local attackers to escalate privileges and execute arbitrary code in the context of SYSTEM via creating a symbolic link and leveraging a TOCTTOU (time-of-check to time-of-use) attack.
CVSS: HIGH (7.8) EPSS Score: 0.02%
May 9th, 2025 (about 2 months ago)
|
|
CVE-2024-13960 |
Description: Link Following Local Privilege Escalation Vulnerability in TuneUp Service in AVG TuneUp Version 23.4 (build 15592) on Windows 10 allows local attackers to escalate privileges and execute arbitrary code in the context of SYSTEM via creating a symbolic link and leveraging a TOCTTOU (time-of-check to time-of-use) attack.
CVSS: HIGH (7.8) EPSS Score: 0.02%
May 9th, 2025 (about 2 months ago)
|
|
CVE-2024-13959 |
Description: Link Following Local Privilege Escalation Vulnerability in TuneupSvc.exe in AVG TuneUp 24.2.16593.9844 on Windows allows local attackers to escalate privileges and execute arbitrary code in the context of SYSTEM via creating a symbolic link and leveraging the service to delete a directory
CVSS: HIGH (7.8) EPSS Score: 0.02%
May 9th, 2025 (about 2 months ago)
|
|
CVE-2024-13944 |
Description: Link Following Local Privilege Escalation Vulnerability in NortonUtilitiesSvc in Norton Utilities Ultimate Version 24.2.16862.6344 on Windows 10 Pro x64 allows local attackers to escalate privileges and execute arbitrary code in the context of SYSTEM via the creation of a symbolic link and leveraging a TOCTTOU (time-of-check to time-of-use) attack.
CVSS: HIGH (7.8) EPSS Score: 0.01%
May 9th, 2025 (about 2 months ago)
|
|
CVE-2024-13759 |
Description: Local Privilege Escalation in Avira.Spotlight.Service.exe in Avira Prime 1.1.96.2 on Windows 10 x64 allows local attackers to gain system-level privileges via arbitrary file deletion
CVSS: HIGH (7.8) EPSS Score: 0.02%
May 9th, 2025 (about 2 months ago)
|
|
CVE-2025-4206 |
Description: The WordPress CRM, Email & Marketing Automation for WordPress | Award Winner — Groundhogg plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'process_export_delete' and 'process_import_delete' functions in all versions up to, and including, 4.1.1.2. This makes it possible for authenticated attackers, with Administrator-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php).
CVSS: HIGH (7.2) EPSS Score: 0.66%
May 9th, 2025 (about 2 months ago)
|