Total
11398 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-5990 | 1 Rockwellautomation | 2 Thinmanager, Thinserver | 2026-06-17 | N/A | 7.5 HIGH |
| Due to an improper input validation, an unauthenticated threat actor can send a malicious message to a monitor thread within Rockwell Automation ThinServer™ and cause a denial-of-service condition on the affected device. | |||||
| CVE-2024-5989 | 1 Rockwellautomation | 2 Thinmanager, Thinserver | 2026-06-17 | N/A | 9.8 CRITICAL |
| Due to an improper input validation, an unauthenticated threat actor can send a malicious message to invoke SQL injection into the program and cause a remote code execution condition on the Rockwell Automation ThinManager® ThinServer™. | |||||
| CVE-2024-5988 | 1 Rockwellautomation | 2 Thinmanager, Thinserver | 2026-06-17 | N/A | 9.8 CRITICAL |
| Due to an improper input validation, an unauthenticated threat actor can send a malicious message to invoke a local or remote executable and cause a remote code execution condition on the Rockwell Automation ThinManager® ThinServer™. | |||||
| CVE-2024-5969 | 1 Coderevolution | 1 Aiomatic | 2026-06-17 | N/A | 5.8 MEDIUM |
| The AIomatic - Automatic AI Content Writer for WordPress is vulnerable to arbitrary email sending vulnerability in versions up to, and including, 2.0.5. This is due to insufficient limitations on the email recipient and the content in the 'aiomatic_send_email' function which are reachable via AJAX. This makes it possible for unauthenticated attackers to send emails with any content to any recipient. | |||||
| CVE-2024-5913 | 1 Paloaltonetworks | 1 Pan-os | 2026-06-17 | N/A | 6.1 MEDIUM |
| An improper input validation vulnerability in Palo Alto Networks PAN-OS software enables an attacker with the ability to tamper with the physical file system to elevate privileges. | |||||
| CVE-2024-5681 | 1 Schneider-electric | 1 Ecostruxure Foxboro Dcs Control Core Services | 2026-06-17 | N/A | 7.8 HIGH |
| CWE-20: Improper Input Validation vulnerability exists that could cause local denial-of-service, privilege escalation, and potentially kernel execution when a malicious actor with local user access crafts a script/program using an IOCTL call in the Foxboro.sys driver. | |||||
| CVE-2024-5533 | 1 Elegantthemes | 1 Divi | 2026-06-17 | N/A | 6.4 MEDIUM |
| The Divi theme for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 4.25.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2024-5439 | 1 Creativethemes | 1 Blocksy | 2026-06-17 | N/A | 6.4 MEDIUM |
| The Blocksy theme for WordPress is vulnerable to Reflected Cross-Site Scripting via the custom_url parameter in all versions up to, and including, 2.0.50 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | |||||
| CVE-2024-5276 | 1 Fortra | 1 Filecatalyst Workflow | 2026-06-17 | N/A | 9.8 CRITICAL |
| A SQL Injection vulnerability in Fortra FileCatalyst Workflow allows an attacker to modify application data. Likely impacts include creation of administrative users and deletion or modification of data in the application database. Data exfiltration via SQL injection is not possible using this vulnerability. Successful unauthenticated exploitation requires a Workflow system with anonymous access enabled, otherwise an authenticated user is required. This issue affects all versions of FileCatalyst Workflow from 5.1.6 Build 135 and earlier. | |||||
| CVE-2024-5171 | 1 Aomedia | 1 Libaom | 2026-06-17 | N/A | 9.8 CRITICAL |
| Integer overflow in libaom internal function img_alloc_helper can lead to heap buffer overflow. This function can be reached via 3 callers: * Calling aom_img_alloc() with a large value of the d_w, d_h, or align parameter may result in integer overflows in the calculations of buffer sizes and offsets and some fields of the returned aom_image_t struct may be invalid. * Calling aom_img_wrap() with a large value of the d_w, d_h, or align parameter may result in integer overflows in the calculations of buffer sizes and offsets and some fields of the returned aom_image_t struct may be invalid. * Calling aom_img_alloc_with_border() with a large value of the d_w, d_h, align, size_align, or border parameter may result in integer overflows in the calculations of buffer sizes and offsets and some fields of the returned aom_image_t struct may be invalid. | |||||
| CVE-2024-5138 | 1 Canonical | 1 Snapd | 2026-06-17 | N/A | 8.1 HIGH |
| The snapctl component within snapd allows a confined snap to interact with the snapd daemon to take certain privileged actions on behalf of the snap. It was found that snapctl did not properly parse command-line arguments, allowing an unprivileged user to trigger an authorised action on behalf of the snap that would normally require administrator privileges to perform. This could possibly allow an unprivileged user to perform a denial of service or similar. | |||||
| CVE-2024-58044 | 1 Huawei | 2 Emui, Harmonyos | 2026-06-17 | N/A | 8.4 HIGH |
| Permission verification bypass vulnerability in the notification module Impact: Successful exploitation of this vulnerability may affect availability. | |||||
| CVE-2024-57960 | 1 Huawei | 2 Emui, Harmonyos | 2026-06-17 | N/A | 7.7 HIGH |
| Input verification vulnerability in the ExternalStorageProvider module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | |||||
| CVE-2024-56437 | 1 Huawei | 1 Harmonyos | 2026-06-17 | N/A | 5.7 MEDIUM |
| Vulnerability of input parameters not being verified in the widget framework module Impact: Successful exploitation of this vulnerability may affect availability. | |||||
| CVE-2024-56321 | 1 Thoughtworks | 1 Gocd | 2026-06-17 | N/A | 3.8 LOW |
| GoCD is a continuous deliver server. GoCD versions 18.9.0 through 24.4.0 (inclusive) can allow GoCD admins to abuse the backup configuration "post-backup script" feature to potentially execute arbitrary scripts on the hosting server or container as GoCD's user, rather than pre-configured scripts. In practice the impact of this vulnerability is limited, as in most configurations a user who can log into the GoCD UI as an admin also has host administration permissions for the host/container that GoCD runs on, in order to manage artifact storage and other service-level configuration options. Additionally, since a GoCD admin has ability to configure and schedule pipelines tasks on all GoCD agents available to the server, the fundamental functionality of GoCD allows co-ordinated task execution similar to that of post-backup-scripts. However in restricted environments where the host administration is separated from the role of a GoCD admin, this may be unexpected. The issue is fixed in GoCD 24.5.0. Post-backup scripts can no longer be executed from within certain sensitive locations on the GoCD server. No known workarounds are available. | |||||
| CVE-2024-56190 | 1 Google | 1 Android | 2026-06-17 | N/A | 7.8 HIGH |
| In wl_update_hidden_ap_ie() of wl_cfgscan.c, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2024-56135 | 1 Progress | 2 Loadmaster, Multi-tenant Loadmaster | 2026-06-17 | N/A | 8.4 HIGH |
| Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection. This issue affects: Product Affected Versions LoadMaster From 7.2.55.0 to 7.2.60.1 (inclusive) From 7.2.49.0 to 7.2.54.12 (inclusive) 7.2.48.12 and all prior versions ECS All prior versions to 7.2.60.1 (inclusive) | |||||
| CVE-2024-56134 | 1 Progress | 2 Loadmaster, Multi-tenant Loadmaster | 2026-06-17 | N/A | 8.4 HIGH |
| Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection. This issue affects: Product Affected Versions LoadMaster From 7.2.55.0 to 7.2.60.1 (inclusive) From 7.2.49.0 to 7.2.54.12 (inclusive) 7.2.48.12 and all prior versions Multi-Tenant Hypervisor 7.1.35.12 and all prior versions ECS All prior versions to 7.2.60.1 (inclusive) | |||||
| CVE-2024-56133 | 1 Progress | 2 Loadmaster, Multi-tenant Loadmaster | 2026-06-17 | N/A | 8.4 HIGH |
| Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection. This issue affects: Product Affected Versions LoadMaster From 7.2.55.0 to 7.2.60.1 (inclusive) From 7.2.49.0 to 7.2.54.12 (inclusive) 7.2.48.12 and all prior versions ECS All prior versions to 7.2.60.1 (inclusive) | |||||
| CVE-2024-56132 | 1 Progress | 2 Loadmaster, Multi-tenant Loadmaster | 2026-06-17 | N/A | 8.4 HIGH |
| Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection. This issue affects: Product Affected Versions LoadMaster From 7.2.55.0 to 7.2.60.1 (inclusive) From 7.2.49.0 to 7.2.54.12 (inclusive) 7.2.48.12 and all prior versions ECS All prior versions to 7.2.60.1 (inclusive) | |||||