
CVE-2024-13962 – Link Following Local Privilege Escalation Vulnerability in Avast Cleanup Premium Version 24.2.16593.17810
https://notcve.org/view.php?id=CVE-2024-13962
09 May 2025 — Link Following Local Privilege Escalation Vulnerability in TuneupSvc in Gen Digital Inc. Avast Cleanup Premium Version 24.2.16593.17810 on Windows 10 Pro x64 allows local attackers to escalate privileges and execute arbitrary code in the context of SYSTEM via creating a symbolic link and leveraging a TOCTTOU (time-of-check to time-of-use) attack. • https://www.gendigital.com/us/en/contact-us/security-advisories • CWE-59: Improper Link Resolution Before File Access ('Link Following') •

CVE-2024-13961 – Avast Cleanup Premium TuneupSvc Link Following Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-13961
09 May 2025 — Link Following Local Privilege Escalation Vulnerability in TuneupSvc in Avast Cleanup Premium Version 24.2.16593.17810 on Windows 10 Pro x64 allows local attackers to escalate privileges and execute arbitrary code in the context of SYSTEM via creating a symbolic link and leveraging a TOCTTOU (time-of-check to time-of-use) attack. • https://www.gendigital.com/us/en/contact-us/security-advisories • CWE-59: Improper Link Resolution Before File Access ('Link Following') CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •

CVE-2024-13960 – Link Following Local Privilege Escalation Vulnerability in AVG TuneUp Version 23.4
https://notcve.org/view.php?id=CVE-2024-13960
09 May 2025 — Link Following Local Privilege Escalation Vulnerability in TuneUp Service in AVG TuneUp Version 23.4 (build 15592) on Windows 10 allows local attackers to escalate privileges and execute arbitrary code in the context of SYSTEM via creating a symbolic link and leveraging a TOCTTOU (time-of-check to time-of-use) attack. • https://www.gendigital.com/us/en/contact-us/security-advisories • CWE-59: Improper Link Resolution Before File Access ('Link Following') CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •

CVE-2024-13959 – Link Following Local Privilege Escalation Vulnerability in AVG TuneUp 24.2.16593.9844
https://notcve.org/view.php?id=CVE-2024-13959
09 May 2025 — Link Following Local Privilege Escalation Vulnerability in TuneupSvc.exe in AVG TuneUp 24.2.16593.9844 on Windows allows local attackers to escalate privileges and execute arbitrary code in the context of SYSTEM via creating a symbolic link and leveraging the service to delete a directory • https://www.gendigital.com/us/en/contact-us/security-advisories • CWE-59: Improper Link Resolution Before File Access ('Link Following') •

CVE-2024-13759 – Local Privilege Escalation in Avira Prime 1.1.96.2 on Windows 10 x64
https://notcve.org/view.php?id=CVE-2024-13759
09 May 2025 — Local Privilege Escalation in Avira.Spotlight.Service.exe in Avira Prime 1.1.96.2 on Windows 10 x64 allows local attackers to gain system-level privileges via arbitrary file deletion • https://www.gendigital.com/us/en/contact-us/security-advisories/) • CWE-59: Improper Link Resolution Before File Access ('Link Following') •

CVE-2024-13944 – Link Following Local Privilege Escalation Vulnerability in NortonUtilitiesSvc in Norton Utilities Ultimate (Also affects Avast CleanUp and AVG TuneUp)
https://notcve.org/view.php?id=CVE-2024-13944
09 May 2025 — Link Following Local Privilege Escalation Vulnerability in NortonUtilitiesSvc in Norton Utilities Ultimate Version 24.2.16862.6344 on Windows 10 Pro x64 allows local attackers to escalate privileges and execute arbitrary code in the context of SYSTEM via the creation of a symbolic link and leveraging a TOCTTOU (time-of-check to time-of-use) attack. • https://www.gendigital.com/us/en/contact-us/security-advisories • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •

CVE-2025-3528 – Mirror-registry: local privilege escalation due to incorrect permissions in mirror-registry
https://notcve.org/view.php?id=CVE-2025-3528
09 May 2025 — A flaw was found in the Mirror Registry. The quay-app container shipped as part of the Mirror Registry for OpenShift has write access to the `/etc/passwd`. This flaw allows a malicious actor with access to the container to modify the passwd file and elevate their privileges to the root user within that pod. • https://access.redhat.com/security/cve/CVE-2025-3528 • CWE-276: Incorrect Default Permissions •

CVE-2025-26168
https://notcve.org/view.php?id=CVE-2025-26168
07 May 2025 — IXON VPN Client before 1.4.4 on Linux and macOS allows Local Privilege Escalation to root because there is code execution from a configuration file that can be controlled by a low-privileged user. • https://ixon-cloud.my.salesforce.com/sfc/p/#1t000000vlSF/a/TX000000DQmH/WRGwuYg2iMsKX6NAIK3MygCUOlg0SPQ..YvGWrwfNeM • CWE-732: Incorrect Permission Assignment for Critical Resource •

CVE-2025-26169
https://notcve.org/view.php?id=CVE-2025-26169
07 May 2025 — IXON VPN Client before 1.4.4 on Windows allows Local Privilege Escalation to SYSTEM because there is code execution from a configuration file that can be controlled by a low-privileged user. • https://ixon-cloud.my.salesforce.com/sfc/p/#1t000000vlSF/a/TX000000DQmH/WRGwuYg2iMsKX6NAIK3MygCUOlg0SPQ..YvGWrwfNeM • CWE-732: Incorrect Permission Assignment for Critical Resource •

CVE-2025-29746
https://notcve.org/view.php?id=CVE-2025-29746
07 May 2025 — Cross Site Scripting vulnerability in Koillection v.1.6.10 allows a remote attacker to escalate privileges via the collection, Wishlist and album components • https://gist.github.com/unklerunkle/73e2ab58d1a5b9129be5de55765ea4fe • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •