Vulnerabilities (CVE)

Filtered by CWE-20
Total 11560 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2024-25008 2026-06-17 N/A 6.8 MEDIUM
Ericsson RAN Compute and Site Controller 6610 contains a vulnerability in the Control System where Improper Input Validation can lead to arbitrary code execution, for example to obtain a Linux Shell with the same privileges as the attacker. The attacker would require elevated privileges for example a valid OAM user having the system administrator role to exploit the vulnerability.
CVE-2024-24984 2026-06-17 N/A 6.5 MEDIUM
Improper input validation for some Intel(R) Wireless Bluetooth(R) products for Windows before version 23.40 may allow an unauthenticated user to potentially enable denial of service via adjacent access.
CVE-2024-24981 2026-06-17 N/A 7.5 HIGH
Improper input validation in PfrSmiUpdateFw driver in UEFI firmware for some Intel(R) Server M50FCP Family products may allow a privileged user to enable escalation of privilege via local access.
CVE-2024-24973 1 Intel 2 Distribution For Gdb, Oneapi Base Toolkit 2026-06-17 N/A 2.2 LOW
Improper input validation for some Intel(R) Distribution for GDB software before version 2024.0.1 may allow an authenticated user to potentially enable denial of service via local access.
CVE-2024-24941 1 Jetbrains 1 Intellij Idea 2026-06-17 N/A 6.1 MEDIUM
In JetBrains IntelliJ IDEA before 2023.3.3 a plugin for JetBrains Space was able to send an authentication token to an inappropriate URL
CVE-2024-24696 1 Zoom 3 Meeting Software Development Kit, Vdi Windows Meeting Clients, Zoom 2026-06-17 N/A 6.8 MEDIUM
Improper input validation in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows may allow an authenticated user to conduct a disclosure of information via network access.
CVE-2024-24695 1 Zoom 3 Meeting Software Development Kit, Vdi Windows Meeting Clients, Zoom 2026-06-17 N/A 6.8 MEDIUM
Improper input validation in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows may allow an authenticated user to conduct a disclosure of information via network access.
CVE-2024-24582 2026-06-17 N/A 7.5 HIGH
Improper input validation in XmlCli feature for UEFI firmware for some Intel(R) processors may allow privileged user to potentially enable escalation of privilege via local access.
CVE-2024-24549 3 Apache, Debian, Fedoraproject 3 Tomcat, Debian Linux, Fedora 2026-06-17 N/A 7.5 HIGH
Denial of Service due to improper input validation vulnerability for HTTP/2 requests in Apache Tomcat. When processing an HTTP/2 request, if the request exceeded any of the configured limits for headers, the associated HTTP/2 stream was not reset until after all of the headers had been processed.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M16, from 10.1.0-M1 through 10.1.18, from 9.0.0-M1 through 9.0.85, from 8.5.0 through 8.5.98. Other, older, EOL versions may also be affected. Users are recommended to upgrade to version 11.0.0-M17, 10.1.19, 9.0.86 or 8.5.99 which fix the issue.
CVE-2024-23983 2026-06-17 N/A N/A
Improper handling of canonical URL-encoding may lead to bypass not properly constrained by request rules.
CVE-2024-23717 1 Google 1 Android 2026-06-17 N/A 8.8 HIGH
In access_secure_service_from_temp_bond of btm_sec.cc, there is a possible way to achieve keystroke injection due to improper input validation. This could lead to remote (proximal/adjacent) escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2024-23707 1 Google 1 Android 2026-06-17 N/A 7.8 HIGH
In multiple locations, there is a possible permissions bypass due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.
CVE-2024-23706 1 Google 1 Android 2026-06-17 N/A 7.8 HIGH
In multiple locations, there is a possible bypass of health data permissions due to an improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2024-23705 1 Google 1 Android 2026-06-17 N/A 7.8 HIGH
In multiple locations, there is a possible failure to persist or enforce user restrictions due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.
CVE-2024-23669 1 Fortinet 1 Fortiwebmanager 2026-06-17 N/A 6.5 MEDIUM
An improper authorization in Fortinet FortiWebManager version 7.2.0 and 7.0.0 through 7.0.4 and 6.3.0 and 6.2.3 through 6.2.4 and 6.0.2 allows attacker to execute unauthorized code or commands via HTTP requests or CLI.
CVE-2024-23668 1 Fortinet 1 Fortiwebmanager 2026-06-17 N/A 8.8 HIGH
An improper authorization in Fortinet FortiWebManager version 7.2.0 and 7.0.0 through 7.0.4 and 6.3.0 and 6.2.3 through 6.2.4 and 6.0.2 allows attacker to execute unauthorized code or commands via HTTP requests or CLI.
CVE-2024-23634 1 Geoserver 1 Geoserver 2026-06-17 N/A 6.0 MEDIUM
GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. An arbitrary file renaming vulnerability exists in versions prior to 2.23.5 and 2.24.2 that enables an authenticated administrator with permissions to modify stores through the REST Coverage Store or Data Store API to rename arbitrary files and directories with a name that does not end in `.zip`. Store file uploads rename zip files to have a `.zip` extension if it doesn't already have one before unzipping the file. This is fine for file and url upload methods where the files will be in a specific subdirectory of the data directory but, when using the external upload method, this allows arbitrary files and directories to be renamed. Renaming GeoServer files will most likely result in a denial of service, either completely preventing GeoServer from running or effectively deleting specific resources (such as a workspace, layer or style). In some cases, renaming GeoServer files could revert to the default settings for that file which could be relatively harmless like removing contact information or have more serious consequences like allowing users to make OGC requests that the customized settings would have prevented them from making. The impact of renaming non-GeoServer files depends on the specific environment although some sort of denial of service is a likely outcome. Versions 2.23.5 and 2.24.2 contain a fix for this issue.
CVE-2024-23600 2026-06-17 N/A 2.7 LOW
Improper Input Validation of query search results for private field data in PingIDM (Query Filter module) allows for a potentially efficient brute forcing approach leading to information disclosure.
CVE-2024-23487 2026-06-17 N/A 7.5 HIGH
Improper input validation in UserAuthenticationSmm driver in UEFI firmware for some Intel(R) Server D50DNP Family products may allow a privileged user to enable escalation of privilege via local access.
CVE-2024-23483 1 Zscaler 1 Client Connector 2026-06-17 N/A 7.0 HIGH
An Improper Input Validation vulnerability in Zscaler Client Connector on MacOS allows OS Command Injection. This issue affects Zscaler Client Connector on MacOS <4.2.