Total
11571 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-23983 | 2026-06-17 | N/A | N/A | ||
| Improper handling of canonical URL-encoding may lead to bypass not properly constrained by request rules. | |||||
| CVE-2024-23717 | 1 Google | 1 Android | 2026-06-17 | N/A | 8.8 HIGH |
| In access_secure_service_from_temp_bond of btm_sec.cc, there is a possible way to achieve keystroke injection due to improper input validation. This could lead to remote (proximal/adjacent) escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2024-23707 | 1 Google | 1 Android | 2026-06-17 | N/A | 7.8 HIGH |
| In multiple locations, there is a possible permissions bypass due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. | |||||
| CVE-2024-23706 | 1 Google | 1 Android | 2026-06-17 | N/A | 7.8 HIGH |
| In multiple locations, there is a possible bypass of health data permissions due to an improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2024-23705 | 1 Google | 1 Android | 2026-06-17 | N/A | 7.8 HIGH |
| In multiple locations, there is a possible failure to persist or enforce user restrictions due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. | |||||
| CVE-2024-23669 | 1 Fortinet | 1 Fortiwebmanager | 2026-06-17 | N/A | 6.5 MEDIUM |
| An improper authorization in Fortinet FortiWebManager version 7.2.0 and 7.0.0 through 7.0.4 and 6.3.0 and 6.2.3 through 6.2.4 and 6.0.2 allows attacker to execute unauthorized code or commands via HTTP requests or CLI. | |||||
| CVE-2024-23668 | 1 Fortinet | 1 Fortiwebmanager | 2026-06-17 | N/A | 8.8 HIGH |
| An improper authorization in Fortinet FortiWebManager version 7.2.0 and 7.0.0 through 7.0.4 and 6.3.0 and 6.2.3 through 6.2.4 and 6.0.2 allows attacker to execute unauthorized code or commands via HTTP requests or CLI. | |||||
| CVE-2024-23634 | 1 Geoserver | 1 Geoserver | 2026-06-17 | N/A | 6.0 MEDIUM |
| GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. An arbitrary file renaming vulnerability exists in versions prior to 2.23.5 and 2.24.2 that enables an authenticated administrator with permissions to modify stores through the REST Coverage Store or Data Store API to rename arbitrary files and directories with a name that does not end in `.zip`. Store file uploads rename zip files to have a `.zip` extension if it doesn't already have one before unzipping the file. This is fine for file and url upload methods where the files will be in a specific subdirectory of the data directory but, when using the external upload method, this allows arbitrary files and directories to be renamed. Renaming GeoServer files will most likely result in a denial of service, either completely preventing GeoServer from running or effectively deleting specific resources (such as a workspace, layer or style). In some cases, renaming GeoServer files could revert to the default settings for that file which could be relatively harmless like removing contact information or have more serious consequences like allowing users to make OGC requests that the customized settings would have prevented them from making. The impact of renaming non-GeoServer files depends on the specific environment although some sort of denial of service is a likely outcome. Versions 2.23.5 and 2.24.2 contain a fix for this issue. | |||||
| CVE-2024-23600 | 2026-06-17 | N/A | 2.7 LOW | ||
| Improper Input Validation of query search results for private field data in PingIDM (Query Filter module) allows for a potentially efficient brute forcing approach leading to information disclosure. | |||||
| CVE-2024-23487 | 2026-06-17 | N/A | 7.5 HIGH | ||
| Improper input validation in UserAuthenticationSmm driver in UEFI firmware for some Intel(R) Server D50DNP Family products may allow a privileged user to enable escalation of privilege via local access. | |||||
| CVE-2024-23483 | 1 Zscaler | 1 Client Connector | 2026-06-17 | N/A | 7.0 HIGH |
| An Improper Input Validation vulnerability in Zscaler Client Connector on MacOS allows OS Command Injection. This issue affects Zscaler Client Connector on MacOS <4.2. | |||||
| CVE-2024-23482 | 1 Zscaler | 1 Client Connector | 2026-06-17 | N/A | 7.0 HIGH |
| The ZScaler service is susceptible to a local privilege escalation vulnerability found in the ZScalerService process. Fixed Version: Mac ZApp 4.2.0.241 and later. | |||||
| CVE-2024-23469 | 1 Solarwinds | 1 Access Rights Manager | 2026-06-17 | N/A | 9.6 CRITICAL |
| SolarWinds Access Rights Manager (ARM) is susceptible to a Remote Code Execution vulnerability. If exploited, this vulnerability allows an unauthenticated user to perform the actions with SYSTEM privileges. | |||||
| CVE-2024-23386 | 1 Qualcomm | 20 Fastconnect 6900, Fastconnect 6900 Firmware, Fastconnect 7800 and 17 more | 2026-06-17 | N/A | 6.7 MEDIUM |
| memory corruption when WiFi display APIs are invoked with large random inputs. | |||||
| CVE-2024-23362 | 1 Qualcomm | 464 9205 Lte Modem, 9205 Lte Modem Firmware, Aqt1000 and 461 more | 2026-06-17 | N/A | 7.1 HIGH |
| Cryptographic issue while parsing RSA keys in COBR format. | |||||
| CVE-2024-23335 | 1 Mybb | 1 Mybb | 2026-06-17 | N/A | 4.7 MEDIUM |
| MyBB is a free and open source forum software. The backup management module of the Admin CP may accept `.htaccess` as the name of the backup file to be deleted, which may expose the stored backup files over HTTP on Apache servers. MyBB 1.8.38 resolves this issue. Users are advised to upgrade. There are no known workarounds for this vulnerability | |||||
| CVE-2024-23320 | 1 Apache | 1 Dolphinscheduler | 2026-06-17 | N/A | 8.8 HIGH |
| Improper Input Validation vulnerability in Apache DolphinScheduler. An authenticated user can cause arbitrary, unsandboxed javascript to be executed on the server. This issue is a legacy of CVE-2023-49299. We didn't fix it completely in CVE-2023-49299, and we added one more patch to fix it. This issue affects Apache DolphinScheduler: until 3.2.1. Users are recommended to upgrade to version 3.2.1, which fixes the issue. | |||||
| CVE-2024-23294 | 1 Apple | 1 Macos | 2026-06-17 | N/A | 7.8 HIGH |
| This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sonoma 14.4. Processing malicious input may lead to code execution. | |||||
| CVE-2024-23263 | 4 Apple, Fedoraproject, Webkitgtk and 1 more | 10 Ipados, Iphone Os, Macos and 7 more | 2026-06-17 | N/A | 6.5 MEDIUM |
| A logic issue was addressed with improved validation. This issue is fixed in Safari 17.4, iOS 16.7.6 and iPadOS 16.7.6, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, tvOS 17.4, visionOS 1.1, watchOS 10.4. Processing maliciously crafted web content may prevent Content Security Policy from being enforced. | |||||
| CVE-2024-23246 | 1 Apple | 6 Ipados, Iphone Os, Macos and 3 more | 2026-06-17 | N/A | 8.6 HIGH |
| This issue was addressed by removing the vulnerable code. This issue is fixed in iOS 16.7.6 and iPadOS 16.7.6, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, tvOS 17.4, visionOS 1.1, watchOS 10.4. An app may be able to break out of its sandbox. | |||||
