Total
11398 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-0178 | 1 Watchguard | 28 Firebox M270, Firebox M290, Firebox M370 and 25 more | 2026-06-17 | N/A | 6.1 MEDIUM |
| Improper Input Validation vulnerability in WatchGuard Fireware OS allows an attacker to manipulate the value of the HTTP Host header in requests sent to the Web UI. An attacker could exploit this vulnerability to redirect users to malicious websites, poison the web cache, or inject malicious JavaScript into responses sent by the Web UI. This issue affects Fireware OS: from 12.0 up to and including 12.11. | |||||
| CVE-2025-0052 | 2026-06-17 | N/A | N/A | ||
| Improper input validation performed during the authentication process of FlashBlade could lead to a system Denial of Service. | |||||
| CVE-2025-0051 | 2026-06-17 | N/A | N/A | ||
| Improper input validation performed during the authentication process of FlashArray could lead to a system Denial of Service. | |||||
| CVE-2025-0037 | 2026-06-17 | N/A | 6.6 MEDIUM | ||
| In AMD Versal Adaptive SoC devices, the lack of address validation when executing PLM runtime services through the PLM firmware can allow access to isolated or protected memory spaces, resulting in the loss of integrity and confidentiality. | |||||
| CVE-2024-9875 | 2026-06-17 | N/A | 7.1 HIGH | ||
| Okta Privileged Access server agent (SFTD) versions 1.82.0 to 1.84.0 are affected by a privilege escalation vulnerability when the sudo command bundles feature is enabled. To remediate this vulnerability, upgrade the Okta Privileged Access server agent (SFTD) to version 1.87.1 or greater. | |||||
| CVE-2024-9507 | 2026-06-17 | N/A | 4.9 MEDIUM | ||
| The Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder plugin for WordPress is vulnerable to arbitrary file read in all versions up to, and including, 2.15.2 due to improper input validation within the iconUpload function. This makes it possible for authenticated attackers, with Administrator-level access and above, to leverage a PHP filter chain attack and read the contents of arbitrary files on the server, which can contain sensitive information. | |||||
| CVE-2024-9407 | 2026-06-17 | N/A | 4.7 MEDIUM | ||
| A vulnerability exists in the bind-propagation option of the Dockerfile RUN --mount instruction. The system does not properly validate the input passed to this option, allowing users to pass arbitrary parameters to the mount instruction. This issue can be exploited to mount sensitive directories from the host into a container during the build process and, in some cases, modify the contents of those mounted files. Even if SELinux is used, this vulnerability can bypass its protection by allowing the source directory to be relabeled to give the container access to host files. | |||||
| CVE-2024-9348 | 2026-06-17 | N/A | N/A | ||
| Docker Desktop before v4.34.3 allows RCE via unsanitized GitHub source link in Build view. | |||||
| CVE-2024-9257 | 1 Logsign | 1 Unified Secops Platform | 2026-06-17 | N/A | 6.5 MEDIUM |
| Logsign Unified SecOps Platform delete_gsuite_key_file Input Validation Arbitrary File Deletion Vulnerability. This vulnerability allows remote attackers to delete arbitrary files within sensitive directories on affected installations of Logsign Unified SecOps Platform. Authentication is required to exploit this vulnerability. The specific flaw exists within the delete_gsuite_key_file endpoint. The issue results from the lack of proper validation of a user-supplied filename prior to using it in file operations. An attacker can leverage this vulnerability to delete critical files on the system. Was ZDI-CAN-25265. | |||||
| CVE-2024-9042 | 2026-06-17 | N/A | 5.9 MEDIUM | ||
| This CVE affects only Windows worker nodes. Your worker node is vulnerable to this issue if it is running one of the affected versions listed below. | |||||
| CVE-2024-8936 | 2026-06-17 | N/A | 6.5 MEDIUM | ||
| CWE-20: Improper Input Validation vulnerability exists that could lead to loss of confidentiality of controller memory after a successful Man-In-The-Middle attack followed by sending a crafted Modbus function call used to tamper with memory. | |||||
| CVE-2024-8889 | 1 Circutor | 2 Tcp2rs\+, Tcp2rs\+ Firmware | 2026-06-17 | N/A | 9.3 CRITICAL |
| Vulnerability in CIRCUTOR TCP2RS+ firmware version 1.3b, which could allow an attacker to modify any configuration value, even if the device has the user/password authentication option enabled, without authentication by sending packets through the UDP protocol and port 2000, deconfiguring the device and thus disabling its use. This equipment is at the end of its useful life cycle. | |||||
| CVE-2024-8755 | 1 Progress | 1 Loadmaster | 2026-06-17 | N/A | 8.4 HIGH |
| Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection.This issue affects: Product Affected Versions LoadMaster From 7.2.55.0 to 7.2.60.1 (inclusive) From 7.2.49.0 to 7.2.54.12 (inclusive) 7.2.48.12 and all prior versions Multi-Tenant Hypervisor 7.1.35.12 and all prior versions ECS All prior versions to 7.2.60.1 (inclusive) | |||||
| CVE-2024-8518 | 2026-06-17 | N/A | 3.3 LOW | ||
| CWE-20: Improper Input Validation vulnerability exists that could cause a crash of the Zelio Soft 2 application when a specially crafted project file is loaded by an application user. | |||||
| CVE-2024-8445 | 2026-06-17 | N/A | 5.7 MEDIUM | ||
| The fix for CVE-2024-2199 in 389-ds-base was insufficient to cover all scenarios. In certain product versions, an authenticated user may cause a server crash while modifying `userPassword` using malformed input. | |||||
| CVE-2024-8073 | 1 Hillstonenet | 1 Web Application Firewall | 2026-06-17 | N/A | 9.8 CRITICAL |
| Improper Input Validation vulnerability in Hillstone Networks Hillstone Networks Web Application Firewall on 5.5R6 allows Command Injection.This issue affects Hillstone Networks Web Application Firewall: from 5.5R6-2.6.7 through 5.5R6-2.8.13. | |||||
| CVE-2024-7988 | 1 Rockwellautomation | 1 Thinmanager Thinserver | 2026-06-17 | N/A | 9.8 CRITICAL |
| A remote code execution vulnerability exists in the Rockwell Automation ThinManager® ThinServer™ that allows a threat actor to execute arbitrary code with System privileges. This vulnerability exists due to the lack of proper data input validation, which allows files to be overwritten. | |||||
| CVE-2024-7980 | 2 Google, Microsoft | 2 Chrome, Windows | 2026-06-17 | N/A | 7.8 HIGH |
| Insufficient data validation in Installer in Google Chrome on Windows prior to 128.0.6613.84 allowed a local attacker to perform privilege escalation via a crafted symbolic link. (Chromium security severity: Medium) | |||||
| CVE-2024-7977 | 2 Google, Microsoft | 2 Chrome, Windows | 2026-06-17 | N/A | 7.8 HIGH |
| Insufficient data validation in Installer in Google Chrome on Windows prior to 128.0.6613.84 allowed a local attacker to perform privilege escalation via a malicious file. (Chromium security severity: Medium) | |||||
| CVE-2024-7974 | 1 Google | 1 Chrome | 2026-06-17 | N/A | 8.8 HIGH |
| Insufficient data validation in V8 API in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: Medium) | |||||