Total
11538 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-36047 | 1 Infoblox | 1 Nios | 2026-06-17 | N/A | 9.8 CRITICAL |
| Infoblox NIOS through 8.6.4 and 9.x through 9.0.3 has Improper Input Validation. | |||||
| CVE-2024-35384 | 1 Cesanta | 1 Mjs | 2026-06-17 | N/A | 5.5 MEDIUM |
| An issue in Cesanta mjs 2.20.0 allows a remote attacker to cause a denial of service via the mjs_array_length function in the mjs.c file. | |||||
| CVE-2024-35296 | 1 Apache | 1 Traffic Server | 2026-06-17 | N/A | 8.2 HIGH |
| Invalid Accept-Encoding header can cause Apache Traffic Server to fail cache lookup and force forwarding requests. This issue affects Apache Traffic Server: from 8.0.0 through 8.1.10, from 9.0.0 through 9.2.4. Users are recommended to upgrade to version 8.1.11 or 9.2.5, which fixes the issue. | |||||
| CVE-2024-35227 | 1 Discourse | 1 Discourse | 2026-06-17 | N/A | 7.5 HIGH |
| Discourse is an open-source discussion platform. Prior to version 3.2.3 on the `stable` branch and version 3.3.0.beta3 on the `tests-passed` branch, Oneboxing against a carefully crafted malicious URL can reduce the availability of a Discourse instance. The problem has been patched in version 3.2.3 on the `stable` branch and version 3.3.0.beta3 on the `tests-passed` branch. There are no known workarounds available for this vulnerability. | |||||
| CVE-2024-35212 | 1 Siemens | 1 Sinec Traffic Analyzer | 2026-06-17 | N/A | 6.2 MEDIUM |
| A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V1.2). The affected application lacks input validation due to which an attacker can gain access to the Database entries. | |||||
| CVE-2024-34693 | 1 Apache | 1 Superset | 2026-06-17 | N/A | 6.8 MEDIUM |
| Improper Input Validation vulnerability in Apache Superset, allows for an authenticated attacker to create a MariaDB connection with local_infile enabled. If both the MariaDB server (off by default) and the local mysql client on the web server are set to allow for local infile, it's possible for the attacker to execute a specific MySQL/MariaDB SQL command that is able to read files from the server and insert their content on a MariaDB database table.This issue affects Apache Superset: before 3.1.3 and version 4.0.0 Users are recommended to upgrade to version 4.0.1 or 3.1.3, which fixes the issue. | |||||
| CVE-2024-34545 | 1 Intel | 1 Raid Web Console | 2026-06-17 | N/A | 5.2 MEDIUM |
| Improper input validation in some Intel(R) RAID Web Console software all versions may allow an authenticated user to potentially enable information disclosure via adjacent access. | |||||
| CVE-2024-34473 | 2026-06-17 | N/A | 5.3 MEDIUM | ||
| An issue was discovered in appmgr in O-RAN Near-RT RIC I-Release. An attacker could register an unintended RMR message type during xApp registration to disrupt other service components. | |||||
| CVE-2024-34365 | 1 Apache | 1 Karaf Cave | 2026-06-17 | N/A | 9.1 CRITICAL |
| ** UNSUPPORTED WHEN ASSIGNED ** Improper Input Validation vulnerability in Apache Karaf Cave.This issue affects all versions of Apache Karaf Cave. As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance to trusted users.NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2024-34163 | 1 Intel | 18 Nuc X15 Laptop Kit Lapac71g, Nuc X15 Laptop Kit Lapac71g Firmware, Nuc X15 Laptop Kit Lapac71h and 15 more | 2026-06-17 | N/A | 7.5 HIGH |
| Improper input validation in firmware for some Intel(R) NUC may allow a privileged user to potentially enableescalation of privilege via local access. | |||||
| CVE-2024-34118 | 3 Adobe, Apple, Microsoft | 3 Illustrator, Macos, Windows | 2026-06-17 | N/A | 5.5 MEDIUM |
| Illustrator versions 28.5, 27.9.4 and earlier are affected by an Improper Input Validation vulnerability that could lead to an application denial-of-service condition. An attacker could exploit this vulnerability to render the application unresponsive or terminate its execution. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2024-34109 | 1 Adobe | 3 Commerce, Commerce Webhooks, Magento | 2026-06-17 | N/A | 7.2 HIGH |
| Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction, but admin privileges are required. | |||||
| CVE-2024-34108 | 1 Adobe | 3 Commerce, Commerce Webhooks, Magento | 2026-06-17 | N/A | 9.1 CRITICAL |
| Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction, but admin privileges are required and scope is changed. | |||||
| CVE-2024-34098 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2026-06-17 | N/A | 7.8 HIGH |
| Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2024-34009 | 1 Moodle | 1 Moodle | 2026-06-17 | N/A | 7.5 HIGH |
| Insufficient checks whether ReCAPTCHA was enabled made it possible to bypass the checks on the login page. This did not affect other pages where ReCAPTCHA is utilized. | |||||
| CVE-2024-33999 | 1 Moodle | 1 Moodle | 2026-06-17 | N/A | 9.8 CRITICAL |
| The referrer URL used by MFA required additional sanitizing, rather than being used directly. | |||||
| CVE-2024-33996 | 1 Moodle | 1 Moodle | 2026-06-17 | N/A | 6.2 MEDIUM |
| Incorrect validation of allowed event types in a calendar web service made it possible for some users to create events with types/audiences they did not have permission to publish to. | |||||
| CVE-2024-33792 | 1 Netis-systems | 2 Mex605, Mex605 Firmware | 2026-06-17 | N/A | 9.8 CRITICAL |
| netis-systems MEX605 v2.00.06 allows attackers to execute arbitrary OS commands via a crafted payload to the tracert page. | |||||
| CVE-2024-33700 | 1 Level1 | 2 Wbr-6012, Wbr-6012 Firmware | 2026-06-17 | N/A | 7.5 HIGH |
| The LevelOne WBR-6012 router firmware R0.40e6 suffers from an input validation vulnerability within its FTP functionality, enabling attackers to cause a denial of service through a series of malformed FTP commands. This can lead to device reboots and service disruption. | |||||
| CVE-2024-33659 | 1 Ami | 1 Aptio V | 2026-06-17 | N/A | 8.8 HIGH |
| AMI APTIOV contains a vulnerability in BIOS where an attacker may cause an Improper Input Validation by a local attacker. Successful exploitation of these vulnerabilities may lead to overwriting arbitrary memory and execute arbitrary code at SMM level, also impacting Confidentiality, Integrity, and Availability. | |||||
