High Vulnerabilities
| Primary Vendor — Product |
Description | Published | CVSS Score | Source Info |
|---|---|---|---|---|
| 1clickmigration–1 Click WordPress Migration Plugin 100% FREE for a limited time | The 1 Click WordPress Migration Plugin – 100% FREE for a limited time plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ‘start_restore’ function in all versions up to, and including, 2.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site’s server which may make remote code execution possible. | 2025-05-09 | 8.8 | CVE-2025-3455 |
| Aira–Prime | Link Following Local Privilege Escalation Vulnerability in System Speedup Service in Avira Operations GmbH Avira Prime Version 1.1.96.2 on Windows 10 x64 allows local attackers to escalate privileges and execute arbitrary code in the context of SYSTEM via creating a symbolic link and leveraging a TOCTTOU (time-of-check to time-of-use) attack. | 2025-05-09 | 7.8 | CVE-2024-9524 |
| Arista Networks–CloudVision | On affected versions of the Arista CloudVision Portal (CVP on-prem), the time-bound device onboarding token can be used to gain admin privileges on CloudVision. | 2025-05-08 | 8.7 | CVE-2024-8100 |
| Arista Networks–CloudVision Portal | On affected versions of the CloudVision Portal, improper access controls could enable a malicious authenticated user to take broader actions on managed EOS devices than intended. This advisory impacts the Aris […] Content was cut in order to protect the source.Please visit the source for the rest of the article. This article has been indexed from Bulletins
Read the original article: Post navigation |