Total
9151 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2026-20805 | 1 Microsoft | 13 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 10 more | 2026-06-17 | N/A | 5.5 MEDIUM |
| Exposure of sensitive information to an unauthorized actor in Desktop Windows Manager allows an authorized attacker to disclose information locally. | |||||
| CVE-2026-20800 | 1 Gitea | 1 Gitea | 2026-06-17 | N/A | 6.5 MEDIUM |
| Gitea's notification API does not re-validate repository access permissions when returning notification details. After a user's access to a private repository is revoked, they may still view issue and pull request titles through previously received notifications. | |||||
| CVE-2026-20730 | 1 F5 | 2 Big-ip Access Policy Manager, Big-ip Access Policy Manager Client | 2026-06-17 | N/A | 3.3 LOW |
| A vulnerability exists in BIG-IP Edge Client and browser VPN clients on Windows that may allow attackers to gain access to sensitive information. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated | |||||
| CVE-2026-20682 | 1 Apple | 2 Ipados, Iphone Os | 2026-06-17 | N/A | 5.3 MEDIUM |
| A logic issue was addressed with improved state management. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3. An attacker may be able to discover a user’s deleted notes. | |||||
| CVE-2026-20681 | 1 Apple | 1 Macos | 2026-06-17 | N/A | 3.3 LOW |
| A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Tahoe 26.3. An app may be able to access information about a user's contacts. | |||||
| CVE-2026-20680 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2026-06-17 | N/A | 6.5 MEDIUM |
| The issue was addressed with additional restrictions on the observability of app states. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3, macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, macOS Tahoe 26.3. A sandboxed app may be able to access sensitive user data. | |||||
| CVE-2026-20678 | 1 Apple | 2 Ipados, Iphone Os | 2026-06-17 | N/A | 5.5 MEDIUM |
| An authorization issue was addressed with improved state management. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3. An app may be able to access sensitive user data. | |||||
| CVE-2026-20674 | 1 Apple | 2 Ipados, Iphone Os | 2026-06-17 | N/A | 4.6 MEDIUM |
| A privacy issue was addressed by removing sensitive data. This issue is fixed in iOS 26.3 and iPadOS 26.3. An attacker with physical access to a locked device may be able to view sensitive user information. | |||||
| CVE-2026-20662 | 1 Apple | 1 Macos | 2026-06-17 | N/A | 4.6 MEDIUM |
| An authorization issue was addressed with improved state management. This issue is fixed in macOS Sequoia 15.7.4, macOS Tahoe 26.3. An attacker with physical access to a locked device may be able to view sensitive user information. | |||||
| CVE-2026-20648 | 1 Apple | 1 Macos | 2026-06-17 | N/A | 5.5 MEDIUM |
| A privacy issue was addressed by moving sensitive data to a protected location. This issue is fixed in macOS Tahoe 26.3. A malicious app may be able to access notifications from other iCloud devices. | |||||
| CVE-2026-20647 | 1 Apple | 1 Macos | 2026-06-17 | N/A | 5.5 MEDIUM |
| This issue was addressed with improved data protection. This issue is fixed in macOS Tahoe 26.3. An app may be able to access sensitive user data. | |||||
| CVE-2026-20641 | 1 Apple | 6 Ipados, Iphone Os, Macos and 3 more | 2026-06-17 | N/A | 7.1 HIGH |
| A privacy issue was addressed with improved checks. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3, macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, macOS Tahoe 26.3, tvOS 26.3, visionOS 26.3, watchOS 26.3. An app may be able to identify what other apps a user has installed. | |||||
| CVE-2026-20623 | 1 Apple | 1 Macos | 2026-06-17 | N/A | 5.5 MEDIUM |
| A permissions issue was addressed by removing the vulnerable code. This issue is fixed in macOS Tahoe 26.3. An app may be able to access protected user data. | |||||
| CVE-2026-20619 | 1 Apple | 1 Macos | 2026-06-17 | N/A | 5.5 MEDIUM |
| A logging issue was addressed with improved data redaction. This issue is fixed in macOS Sequoia 15.7.4, macOS Tahoe 26.3. An app may be able to access sensitive user data. | |||||
| CVE-2026-20612 | 1 Apple | 1 Macos | 2026-06-17 | N/A | 5.5 MEDIUM |
| A privacy issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, macOS Tahoe 26.3. An app may be able to access sensitive user data. | |||||
| CVE-2026-20606 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2026-06-17 | N/A | 7.1 HIGH |
| This issue was addressed by removing the vulnerable code. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3, macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, macOS Tahoe 26.3. An app may be able to bypass certain Privacy preferences. | |||||
| CVE-2026-20166 | 1 Splunk | 2 Splunk, Splunk Cloud Platform | 2026-06-17 | N/A | 5.4 MEDIUM |
| In Splunk Enterprise versions below 10.2.1 and 10.0.4, and Splunk Cloud Platform versions below 10.2.2510.5, 10.1.2507.16, and 10.0.2503.12, a low-privileged user that does not hold the "admin" or "power" Splunk roles could retrieve the Observability Cloud API access token through the Discover Splunk Observability Cloud app due to improper access control. This vulnerability does not affect Splunk Enterprise versions below 9.4.9 and 9.3.10 because the Discover Splunk Observability Cloud app does not come with Splunk Enterprise. | |||||
| CVE-2026-20164 | 1 Splunk | 2 Splunk, Splunk Cloud Platform | 2026-06-17 | N/A | 6.5 MEDIUM |
| In Splunk Enterprise versions below 10.2.0, 10.0.3, 9.4.9, and 9.3.10, and Splunk Cloud Platform versions below 10.2.2510.5, 10.1.2507.16, 10.0.2503.11, and 9.3.2411.123, a low-privileged user that does not hold the "admin" or "power" Splunk roles could access the `/splunkd/__raw/servicesNS/-/-/configs/conf-passwords` REST API endpoint, which exposes the hashed or plaintext password values that are stored in the passwords.conf configuration file due to improper access control. This vulnerability could allow for the unauthorized disclosure of sensitive credentials. | |||||
| CVE-2026-20141 | 1 Splunk | 1 Splunk | 2026-06-17 | N/A | 4.3 MEDIUM |
| In Splunk Enterprise versions below 10.0.2, 10.0.3, 9.4.8, and 9.3.9, a low-privileged user who does not hold the "admin" Splunk role could access the Splunk Monitoring Console App endpoints due to an improper access control. This could lead to a sensitive information disclosure.<br><br>The Monitoring Console app is a bundled app that comes with Splunk Enterprise. It is not available for download on SplunkBase, and is not installed on Splunk Cloud Platform instances. This vulnerability does not affect [Cloud Monitoring Console](https://help.splunk.com/en/splunk-cloud-platform/administer/admin-manual/10.2.2510/monitor-your-splunk-cloud-platform-deployment/introduction-to-the-cloud-monitoring-console). | |||||
| CVE-2026-20137 | 1 Splunk | 2 Splunk, Splunk Cloud Platform | 2026-06-17 | N/A | 3.5 LOW |
| In Splunk Enterprise versions below 10.2.0, 10.0.3, 9.4.5, 9.3.7, and 9.2.9, and Splunk Cloud Platform versions below 10.1.2507.0, 10.0.2503.9, 9.3.2411.112, and 9.3.2408.122, a low-privileged user who does not hold the "admin" or "power" Splunk roles could bypass the SPL safeguards for risky commands when they create a Data Model that contains an injected SPL query within an object. They can bypass the safeguards by exploiting a path traversal vulnerability. | |||||