Total
76 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-50563 | 1 Fortinet | 4 Fortianalyzer, Fortianalyzer Cloud, Fortimanager and 1 more | 2026-06-17 | N/A | 7.3 HIGH |
| A weak authentication in Fortinet FortiManager Cloud, FortiAnalyzer versions 7.6.0 through 7.6.1, 7.4.1 through 7.4.3, FortiAnalyzer Cloud versions 7.4.1 through 7.4.3, FortiManager versions 7.6.0 through 7.6.1, 7.4.1 through 7.4.3, FortiManager Cloud versions 7.4.1 through 7.4.3 allows attacker to execute unauthorized code or commands via a brute-force attack. | |||||
| CVE-2024-49019 | 1 Microsoft | 7 Windows Server 2008, Windows Server 2012, Windows Server 2016 and 4 more | 2026-06-17 | N/A | 7.8 HIGH |
| Active Directory Certificate Services Elevation of Privilege Vulnerability | |||||
| CVE-2024-48886 | 1 Fortinet | 6 Fortianalyzer, Fortianalyzer Cloud, Fortimanager and 3 more | 2026-06-17 | N/A | 9.0 CRITICAL |
| A weak authentication in Fortinet FortiOS versions 7.4.0 through 7.4.4, 7.2.0 through 7.2.8, 7.0.0 through 7.0.15, 6.4.0 through 6.4.15, FortiProxy versions 7.4.0 through 7.4.4, 7.2.0 through 7.2.10, 7.0.0 through 7.0.17, 2.0.0 through 2.0.14, FortiManager versions 7.6.0 through 7.6.1, 7.4.1 through 7.4.3, FortiManager Cloud versions 7.4.1 through 7.4.3, FortiAnalyzer Cloud versions 7.4.1 through 7.4.3 allows attacker to execute unauthorized code or commands via a brute-force attack. | |||||
| CVE-2024-47397 | 2026-06-17 | N/A | 7.5 HIGH | ||
| Weak authentication issue exists in AE1021 firmware versions 2.0.10 and earlier and AE1021PE firmware versions 2.0.10 and earlier. If this vulnerability is exploited, the authentication may be bypassed with an undocumented specific string. | |||||
| CVE-2024-47127 | 1 Gotenna | 1 Gotenna Pro | 2026-06-17 | N/A | 6.5 MEDIUM |
| In the goTenna Pro App there is a vulnerability that makes it possible to inject any custom message with any GID and Callsign using a software defined radio in existing goTenna mesh networks. This vulnerability can be exploited if the device is being used in an unencrypted environment or if the cryptography has already been compromised. It is advised to share encryption keys via QR scanning for higher security operations and update your app to the current release for enhanced encryption protocols. | |||||
| CVE-2024-45551 | 1 Qualcomm | 484 Aqt1000, Aqt1000 Firmware, Ar8035 and 481 more | 2026-06-17 | N/A | 6.2 MEDIUM |
| Cryptographic issue occurs during PIN/password verification using Gatekeeper, where RPMB writes can be dropped on verification failure, potentially leading to a user throttling bypass. | |||||
| CVE-2024-45367 | 2026-06-17 | N/A | 9.1 CRITICAL | ||
| The web server for ONS-S8 - Spectra Aggregation Switch includes an incomplete authentication process, which can lead to an attacker authenticating without a password. | |||||
| CVE-2024-41722 | 1 Gotenna | 1 Gotenna | 2026-06-17 | N/A | 6.5 MEDIUM |
| In the goTenna Pro ATAK Plugin there is a vulnerability that makes it possible to inject any custom message with any GID and Callsign using a software defined radio in existing goTenna mesh networks. This vulnerability can be exploited if the device is being used in an unencrypted environment or if the cryptography has already been compromised. It is advised to use encryption shared with local QR code for higher security operations. | |||||
| CVE-2024-39848 | 2026-06-17 | N/A | 9.1 CRITICAL | ||
| Internet2 Grouper before 5.6 allows authentication bypass when LDAP authentication is used in certain ways. This is related to internet2.middleware.grouper.ws.security.WsGrouperLdapAuthentication and the use of the UyY29r password for the M3vwHr account. This also affects "Grouper for Web Services" before 4.13.1. | |||||
| CVE-2024-38239 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2026-06-17 | N/A | 7.2 HIGH |
| Windows Kerberos Elevation of Privilege Vulnerability | |||||
| CVE-2024-38182 | 1 Microsoft | 1 Dynamics 365 | 2026-06-17 | N/A | 9.0 CRITICAL |
| Weak authentication in Microsoft Dynamics 365 allows an unauthenticated attacker to elevate privileges over a network. | |||||
| CVE-2024-36787 | 1 Netgear | 2 Wnr614, Wnr614 Firmware | 2026-06-17 | N/A | 8.8 HIGH |
| An issue in Netgear WNR614 JNR1010V2 N300-V1.1.0.54_1.0.1 allows attackers to bypass authentication and access the administrative interface via unspecified vectors. | |||||
| CVE-2024-35248 | 1 Microsoft | 1 Dynamics 365 Business Central | 2026-06-17 | N/A | 7.3 HIGH |
| Microsoft Dynamics 365 Business Central Elevation of Privilege Vulnerability | |||||
| CVE-2024-34451 | 1 Ghost | 1 Ghost | 2026-06-17 | N/A | 9.1 CRITICAL |
| Ghost through 5.85.1 allows remote attackers to bypass an authentication rate-limit protection mechanism by using many X-Forwarded-For headers with different values. NOTE: the vendor's position is that Ghost should be installed with a reverse proxy that allows only trusted X-Forwarded-For headers. | |||||
| CVE-2024-32119 | 1 Fortinet | 1 Forticlientems | 2026-06-17 | N/A | 4.8 MEDIUM |
| An improper authentication vulnerability [CWE-287] in Fortinet FortiClientEMS version 7.4.0 and before 7.2.4 allows an unauthenticated attacker with the knowledge of the targeted user's FCTUID and VDOM to perform operations such as uploading or tagging on behalf of the targeted user via specially crafted TCP requests. | |||||
| CVE-2024-29837 | 1 Cs-technologies | 1 Evolution | 2026-06-17 | N/A | 8.8 HIGH |
| The Web interface of Evolution Controller Versions 2.04.560.31.03.2024 and below uses poor session management, allowing for an unauthenticated attacker to access administrator functionality if any other user is already signed in. | |||||
| CVE-2024-29038 | 1 Tpm2-tools Project | 1 Tpm2-tools | 2026-06-17 | N/A | 4.3 MEDIUM |
| tpm2-tools is the source repository for the Trusted Platform Module (TPM2.0) tools. A malicious attacker can generate arbitrary quote data which is not detected by `tpm2 checkquote`. This issue was patched in version 5.7. | |||||
| CVE-2024-13239 | 1 Two-factor Authentication Project | 1 Two-factor Authentication | 2026-06-17 | N/A | 9.8 CRITICAL |
| Weak Authentication vulnerability in Drupal Two-factor Authentication (TFA) allows Authentication Abuse.This issue affects Two-factor Authentication (TFA): from 0.0.0 before 1.5.0. | |||||
| CVE-2023-53894 | 1 Dulldusk | 1 Phpfilemanager | 2026-06-17 | N/A | 9.8 CRITICAL |
| phpfm 1.7.9 contains an authentication bypass vulnerability that allows attackers to log in by exploiting loose type comparison in password hash validation. Attackers can craft specific password hashes beginning with 0e or 00e to bypass authentication and upload malicious PHP files to the server. | |||||
| CVE-2023-49340 | 2026-06-17 | N/A | 9.8 CRITICAL | ||
| An issue was discovered in Newland Nquire 1000 Interactive Kiosk version NQ1000-II_G_V1.00.011, allows remote attackers to escalate privileges and bypass authentication via incorrect access control in the web management portal. | |||||