Vulnerabilities (CVE)

Filtered by CWE-20
Total 11571 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2024-23983 2026-06-17 N/A N/A
Improper handling of canonical URL-encoding may lead to bypass not properly constrained by request rules.
CVE-2024-23717 1 Google 1 Android 2026-06-17 N/A 8.8 HIGH
In access_secure_service_from_temp_bond of btm_sec.cc, there is a possible way to achieve keystroke injection due to improper input validation. This could lead to remote (proximal/adjacent) escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2024-23707 1 Google 1 Android 2026-06-17 N/A 7.8 HIGH
In multiple locations, there is a possible permissions bypass due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.
CVE-2024-23706 1 Google 1 Android 2026-06-17 N/A 7.8 HIGH
In multiple locations, there is a possible bypass of health data permissions due to an improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2024-23705 1 Google 1 Android 2026-06-17 N/A 7.8 HIGH
In multiple locations, there is a possible failure to persist or enforce user restrictions due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.
CVE-2024-23669 1 Fortinet 1 Fortiwebmanager 2026-06-17 N/A 6.5 MEDIUM
An improper authorization in Fortinet FortiWebManager version 7.2.0 and 7.0.0 through 7.0.4 and 6.3.0 and 6.2.3 through 6.2.4 and 6.0.2 allows attacker to execute unauthorized code or commands via HTTP requests or CLI.
CVE-2024-23668 1 Fortinet 1 Fortiwebmanager 2026-06-17 N/A 8.8 HIGH
An improper authorization in Fortinet FortiWebManager version 7.2.0 and 7.0.0 through 7.0.4 and 6.3.0 and 6.2.3 through 6.2.4 and 6.0.2 allows attacker to execute unauthorized code or commands via HTTP requests or CLI.
CVE-2024-23634 1 Geoserver 1 Geoserver 2026-06-17 N/A 6.0 MEDIUM
GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. An arbitrary file renaming vulnerability exists in versions prior to 2.23.5 and 2.24.2 that enables an authenticated administrator with permissions to modify stores through the REST Coverage Store or Data Store API to rename arbitrary files and directories with a name that does not end in `.zip`. Store file uploads rename zip files to have a `.zip` extension if it doesn't already have one before unzipping the file. This is fine for file and url upload methods where the files will be in a specific subdirectory of the data directory but, when using the external upload method, this allows arbitrary files and directories to be renamed. Renaming GeoServer files will most likely result in a denial of service, either completely preventing GeoServer from running or effectively deleting specific resources (such as a workspace, layer or style). In some cases, renaming GeoServer files could revert to the default settings for that file which could be relatively harmless like removing contact information or have more serious consequences like allowing users to make OGC requests that the customized settings would have prevented them from making. The impact of renaming non-GeoServer files depends on the specific environment although some sort of denial of service is a likely outcome. Versions 2.23.5 and 2.24.2 contain a fix for this issue.
CVE-2024-23600 2026-06-17 N/A 2.7 LOW
Improper Input Validation of query search results for private field data in PingIDM (Query Filter module) allows for a potentially efficient brute forcing approach leading to information disclosure.
CVE-2024-23487 2026-06-17 N/A 7.5 HIGH
Improper input validation in UserAuthenticationSmm driver in UEFI firmware for some Intel(R) Server D50DNP Family products may allow a privileged user to enable escalation of privilege via local access.
CVE-2024-23483 1 Zscaler 1 Client Connector 2026-06-17 N/A 7.0 HIGH
An Improper Input Validation vulnerability in Zscaler Client Connector on MacOS allows OS Command Injection. This issue affects Zscaler Client Connector on MacOS <4.2.
CVE-2024-23482 1 Zscaler 1 Client Connector 2026-06-17 N/A 7.0 HIGH
The ZScaler service is susceptible to a local privilege escalation vulnerability found in the ZScalerService process. Fixed Version: Mac ZApp 4.2.0.241 and later.
CVE-2024-23469 1 Solarwinds 1 Access Rights Manager 2026-06-17 N/A 9.6 CRITICAL
SolarWinds Access Rights Manager (ARM) is susceptible to a Remote Code Execution vulnerability. If exploited, this vulnerability allows an unauthenticated user to perform the actions with SYSTEM privileges.
CVE-2024-23386 1 Qualcomm 20 Fastconnect 6900, Fastconnect 6900 Firmware, Fastconnect 7800 and 17 more 2026-06-17 N/A 6.7 MEDIUM
memory corruption when WiFi display APIs are invoked with large random inputs.
CVE-2024-23362 1 Qualcomm 464 9205 Lte Modem, 9205 Lte Modem Firmware, Aqt1000 and 461 more 2026-06-17 N/A 7.1 HIGH
Cryptographic issue while parsing RSA keys in COBR format.
CVE-2024-23335 1 Mybb 1 Mybb 2026-06-17 N/A 4.7 MEDIUM
MyBB is a free and open source forum software. The backup management module of the Admin CP may accept `.htaccess` as the name of the backup file to be deleted, which may expose the stored backup files over HTTP on Apache servers. MyBB 1.8.38 resolves this issue. Users are advised to upgrade. There are no known workarounds for this vulnerability
CVE-2024-23320 1 Apache 1 Dolphinscheduler 2026-06-17 N/A 8.8 HIGH
Improper Input Validation vulnerability in Apache DolphinScheduler. An authenticated user can cause arbitrary, unsandboxed javascript to be executed on the server. This issue is a legacy of CVE-2023-49299. We didn't fix it completely in CVE-2023-49299, and we added one more patch to fix it. This issue affects Apache DolphinScheduler: until 3.2.1. Users are recommended to upgrade to version 3.2.1, which fixes the issue.
CVE-2024-23294 1 Apple 1 Macos 2026-06-17 N/A 7.8 HIGH
This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sonoma 14.4. Processing malicious input may lead to code execution.
CVE-2024-23263 4 Apple, Fedoraproject, Webkitgtk and 1 more 10 Ipados, Iphone Os, Macos and 7 more 2026-06-17 N/A 6.5 MEDIUM
A logic issue was addressed with improved validation. This issue is fixed in Safari 17.4, iOS 16.7.6 and iPadOS 16.7.6, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, tvOS 17.4, visionOS 1.1, watchOS 10.4. Processing maliciously crafted web content may prevent Content Security Policy from being enforced.
CVE-2024-23246 1 Apple 6 Ipados, Iphone Os, Macos and 3 more 2026-06-17 N/A 8.6 HIGH
This issue was addressed by removing the vulnerable code. This issue is fixed in iOS 16.7.6 and iPadOS 16.7.6, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, tvOS 17.4, visionOS 1.1, watchOS 10.4. An app may be able to break out of its sandbox.