Total
11557 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-28240 | 1 Glpi-project | 1 Glpi Agent | 2026-06-17 | N/A | 7.3 HIGH |
| The GLPI Agent is a generic management agent. A vulnerability that only affects GLPI-Agent installed on windows via MSI packaging can allow a local user to cause denial of agent service by replacing GLPI server url with a wrong url or disabling the service. Additionally, in the case the Deploy task is installed, a local malicious user can trigger privilege escalation configuring a malicious server providing its own deploy task payload. GLPI-Agent 1.7.2 contains a patch for this issue. As a workaround, edit GLPI-Agent related key under `HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall` and add `SystemComponent` DWORD value setting it to `1` to hide GLPI-Agent from installed applications. | |||||
| CVE-2024-28226 | 1 Openatom | 1 Openharmony | 2026-06-17 | N/A | 8.1 HIGH |
| in OpenHarmony v4.0.0 and prior versions allow a remote attacker cause DOS through improper input. | |||||
| CVE-2024-28127 | 2026-06-17 | N/A | 7.5 HIGH | ||
| Improper input validation in UEFI firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. | |||||
| CVE-2024-28103 | 1 Rubyonrails | 1 Rails | 2026-06-17 | N/A | 5.4 MEDIUM |
| Action Pack is a framework for handling and responding to web requests. Since 6.1.0, the application configurable Permissions-Policy is only served on responses with an HTML related Content-Type. This vulnerability is fixed in 6.1.7.8, 7.0.8.2, and 7.1.3.3. | |||||
| CVE-2024-28049 | 1 Intel | 14 Killer, Killer Wi-fi 6 Ax1650, Killer Wi-fi 6e Ax1675 and 11 more | 2026-06-17 | N/A | 5.7 MEDIUM |
| Improper input validation in firmware for some Intel(R) PROSet/Wireless Software and Intel(R) Killer(TM) Wi-Fi wireless products before version 23.40 may allow an unauthenticated user to enable denial of service via adjacent access. | |||||
| CVE-2024-28047 | 2026-06-17 | N/A | 5.3 MEDIUM | ||
| Improper input validation in UEFI firmware for some Intel(R) Processors may allow a privileged user to potentially enable information disclosure via local access. | |||||
| CVE-2024-28028 | 2026-06-17 | N/A | 7.5 HIGH | ||
| Improper input validation in some Intel(R) Neural Compressor software before version v3.0 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access. | |||||
| CVE-2024-27932 | 1 Deno | 1 Deno | 2026-06-17 | N/A | 4.6 MEDIUM |
| Deno is a JavaScript, TypeScript, and WebAssembly runtime. Starting in version 1.8.0 and prior to version 1.40.4, Deno improperly checks that an import specifier's hostname is equal to or a child of a token's hostname, which can cause tokens to be sent to servers they shouldn't be sent to. An auth token intended for `example[.]com` may be sent to `notexample[.]com`. Anyone who uses DENO_AUTH_TOKENS and imports potentially untrusted code is affected. Version 1.40.0 contains a patch for this issue | |||||
| CVE-2024-27931 | 1 Deno | 1 Deno | 2026-06-17 | N/A | 5.8 MEDIUM |
| Deno is a JavaScript, TypeScript, and WebAssembly runtime with secure defaults. Insufficient validation of parameters in `Deno.makeTemp*` APIs would allow for creation of files outside of the allowed directories. This may allow the user to overwrite important files on the system that may affect other systems. A user may provide a prefix or suffix to a `Deno.makeTemp*` API containing path traversal characters. This is fixed in Deno 1.41.1. | |||||
| CVE-2024-27896 | 1 Huawei | 2 Emui, Harmonyos | 2026-06-17 | N/A | 7.5 HIGH |
| Input verification vulnerability in the log module. Impact: Successful exploitation of this vulnerability can affect integrity. | |||||
| CVE-2024-27805 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2026-06-17 | N/A | 5.5 MEDIUM |
| An issue was addressed with improved validation of environment variables. This issue is fixed in iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and iPadOS 17.5, macOS Monterey 12.7.5, macOS Sonoma 14.5, macOS Ventura 13.6.7, tvOS 17.5, watchOS 10.5. An app may be able to access sensitive user data. | |||||
| CVE-2024-27613 | 1 Numbas | 1 Editor | 2026-06-17 | N/A | 7.3 HIGH |
| Numbas editor before 7.3 mishandles reading of themes and extensions. | |||||
| CVE-2024-27612 | 1 Numbas | 1 Editor | 2026-06-17 | N/A | 6.2 MEDIUM |
| Numbas editor before 7.3 mishandles editing of themes and extensions. | |||||
| CVE-2024-27447 | 1 Pretix | 1 Pretix | 2026-06-17 | N/A | 9.8 CRITICAL |
| pretix before 2024.1.1 mishandles file validation. | |||||
| CVE-2024-27386 | 1 Samsung | 4 Exynos 1380, Exynos 1380 Firmware, Exynos 1480 and 1 more | 2026-06-17 | N/A | 6.7 MEDIUM |
| A vulnerability was discovered in the slsi_handle_nan_rx_event_log_ind function in Samsung Mobile Processor Exynos 1380 and Exynos 1480 related to no input validation check on tag_len for tx coming from userspace, which can lead to heap overwrite. | |||||
| CVE-2024-27385 | 1 Samsung | 4 Exynos 1380, Exynos 1380 Firmware, Exynos 1480 and 1 more | 2026-06-17 | N/A | 6.7 MEDIUM |
| A vulnerability was discovered in the slsi_handle_nan_rx_event_log_ind function in Samsung Mobile Processor Exynos 1380 and Exynos 1480 related to no input validation check on tag_len for rx coming from userspace, which can lead to heap overwrite. | |||||
| CVE-2024-27378 | 1 Samsung | 10 Exynos 1280, Exynos 1280 Firmware, Exynos 1330 and 7 more | 2026-06-17 | N/A | 6.0 MEDIUM |
| An issue was discovered in Samsung Mobile Processor Exynos 980, Exynos 850, Exynos 1280, Exynos 1380, and Exynos 1330. In the function slsi_send_action_frame_cert(), there is no input validation check on len coming from userspace, which can lead to a heap over-read. | |||||
| CVE-2024-27366 | 1 Samsung | 18 Exynos 1080, Exynos 1080 Firmware, Exynos 1280 and 15 more | 2026-06-17 | N/A | 4.4 MEDIUM |
| An issue was discovered in Samsung Mobile Processor, Wearable Processor Exynos Exynos 980, Exynos 850, Exynos 1080, Exynos 1280, Exynos 1380, Exynos 1330, Exynos 1480, Exynos W920, Exynos W930. In the function slsi_rx_scan_done_ind(), there is no input validation check on a length coming from userspace, which can lead to a potential heap over-read. | |||||
| CVE-2024-27254 | 5 Hp, Ibm, Linux and 2 more | 7 Hp-ux, Aix, Db2 and 4 more | 2026-06-17 | N/A | 5.3 MEDIUM |
| IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.5, 11.1, and 11.5 federated server is vulnerable to denial of service with a specially crafted query under certain conditions. IBM X-Force ID: 283813. | |||||
| CVE-2024-27241 | 1 Zoom | 5 Meeting Software Development Kit, Rooms, Workplace and 2 more | 2026-06-17 | N/A | 5.3 MEDIUM |
| Improper input validation in some Zoom Apps and SDKs may allow an authenticated user to conduct a denial of service via network access. | |||||
