Total
890 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2026-22914 | 1 Sick | 2 Tdc-x401gl, Tdc-x401gl Firmware | 2026-06-17 | N/A | 4.3 MEDIUM |
| An attacker with limited permissions may still be able to write files to specific locations on the device, potentially leading to system manipulation. | |||||
| CVE-2026-22908 | 1 Sick | 2 Tdc-x401gl, Tdc-x401gl Firmware | 2026-06-17 | N/A | 9.1 CRITICAL |
| Uploading unvalidated container images may allow remote attackers to gain full access to the system, potentially compromising its integrity and confidentiality. | |||||
| CVE-2026-22907 | 1 Sick | 2 Tdc-x401gl, Tdc-x401gl Firmware | 2026-06-17 | N/A | 9.9 CRITICAL |
| An attacker may gain unauthorized access to the host filesystem, potentially allowing them to read and modify system data. | |||||
| CVE-2026-22337 | 2026-06-17 | N/A | 9.8 CRITICAL | ||
| Incorrect Privilege Assignment vulnerability in Directorist Directorist Social Login allows Privilege Escalation.This issue affects Directorist Social Login: from n/a before 2.1.4. | |||||
| CVE-2026-22315 | 2026-06-17 | N/A | 7.2 HIGH | ||
| Incorrect Privilege Assignment vulnerability in Mesalvo Meona Client Launcher Component, Mesalvo Meona Server Component enables the export of user data, including cleartext passwords, via the SQL editor. This issue affects Meona Client Launcher Component: through 19.06.2020 15:11:49; Meona Server Component: through 2025.04 5+323020. | |||||
| CVE-2026-22268 | 1 Dell | 1 Powerprotect Data Manager | 2026-06-17 | N/A | 6.3 MEDIUM |
| Dell PowerProtect Data Manager, version(s) prior to 19.22, contain(s) an Incorrect Privilege Assignment vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to denial of service of a Dell Enterprise Support connection. | |||||
| CVE-2026-22267 | 1 Dell | 1 Powerprotect Data Manager | 2026-06-17 | N/A | 8.1 HIGH |
| Dell PowerProtect Data Manager, version(s) prior to 19.22, contain(s) an Incorrect Privilege Assignment vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Elevation of privileges. | |||||
| CVE-2026-22069 | 2026-06-17 | N/A | 7.3 HIGH | ||
| A local privilege escalation vulnerability exists in O+ Connect because it fails to validate the identity of the caller on the pipe interface. | |||||
| CVE-2026-21425 | 1 Dell | 1 Powerscale Onefs | 2026-06-17 | N/A | 6.7 MEDIUM |
| Dell PowerScale OneFS, versions prior to 9.10.1.6 and versions 9.11.0.0 through 9.12.0.1, contains an incorrect privilege assignment vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges. | |||||
| CVE-2026-20852 | 1 Microsoft | 12 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 9 more | 2026-06-17 | N/A | 7.7 HIGH |
| Incorrect privilege assignment in Windows Hello allows an unauthorized attacker to perform tampering locally. | |||||
| CVE-2026-20804 | 1 Microsoft | 12 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 9 more | 2026-06-17 | N/A | 7.7 HIGH |
| Incorrect privilege assignment in Windows Hello allows an unauthorized attacker to perform tampering locally. | |||||
| CVE-2026-20110 | 2026-06-17 | N/A | 6.5 MEDIUM | ||
| A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, local attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability exists because incorrect privileges are associated with the start maintenance command. An attacker could exploit this vulnerability by accessing the management CLI of the affected device as a low-privileged user and using the start maintenance command. A successful exploit could allow the attacker to put the device in maintenance mode, which shuts down interfaces, resulting in a denial of service (DoS) condition. In case of exploitation, a device administrator can connect to the CLI and use the stop maintenance command to restore operations. | |||||
| CVE-2026-1964 | 1 Wekan Project | 1 Wekan | 2026-06-17 | 4.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability was determined in WeKan up to 8.20. This impacts an unknown function of the file models/boards.js of the component REST Endpoint. This manipulation causes improper access controls. Remote exploitation of the attack is possible. Upgrading to version 8.21 will fix this issue. Patch name: 545566f5663545d16174e0f2399f231aa693ab6e. It is advisable to upgrade the affected component. | |||||
| CVE-2026-1963 | 1 Wekan Project | 1 Wekan | 2026-06-17 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability was found in WeKan up to 8.20. This affects an unknown function of the file models/attachments.js of the component Attachment Storage. The manipulation results in improper access controls. The attack may be launched remotely. Upgrading to version 8.21 mitigates this issue. The patch is identified as c413a7e860bc4d93fe2adcf82516228570bf382d. Upgrading the affected component is advised. | |||||
| CVE-2026-1962 | 1 Wekan Project | 1 Wekan | 2026-06-17 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability has been found in WeKan up to 8.20. The impacted element is an unknown function of the file server/attachmentMigration.js of the component Attachment Migration. The manipulation leads to improper access controls. The attack may be initiated remotely. Upgrading to version 8.21 is sufficient to resolve this issue. The identifier of the patch is 053bf1dfb76ef230db162c64a6ed50ebedf67eee. It is recommended to upgrade the affected component. | |||||
| CVE-2026-1898 | 1 Wekan Project | 1 Wekan | 2026-06-17 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability was determined in WeKan up to 8.20. This affects an unknown part of the file packages/wekan-ldap/server/syncUser.js of the component LDAP User Sync. This manipulation causes improper access controls. It is possible to initiate the attack remotely. Upgrading to version 8.21 is able to mitigate this issue. Patch name: 146905a459106b5d00b4f09453a6554255e6965a. You should upgrade the affected component. | |||||
| CVE-2026-1896 | 1 Wekan Project | 1 Wekan | 2026-06-17 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability has been found in WeKan up to 8.20. Affected by this vulnerability is the function ComprehensiveBoardMigration of the file server/migrations/comprehensiveBoardMigration.js of the component Migration Operation Handler. The manipulation of the argument boardId leads to improper access controls. The attack is possible to be carried out remotely. Upgrading to version 8.21 addresses this issue. The identifier of the patch is cc35dafef57ef6e44a514a523f9a8d891e74ad8f. Upgrading the affected component is advised. | |||||
| CVE-2026-1895 | 1 Wekan Project | 1 Wekan | 2026-06-17 | 6.5 MEDIUM | 6.3 MEDIUM |
| A flaw has been found in WeKan up to 8.20. Affected is the function applyWipLimit of the file models/lists.js of the component Attachment Storage Handler. Executing a manipulation can lead to improper access controls. The attack can be executed remotely. Upgrading to version 8.21 is able to address this issue. This patch is called 8c0b4f79d8582932528ec2fdf2a4487c86770fb9. It is recommended to upgrade the affected component. | |||||
| CVE-2026-1894 | 1 Wekan Project | 1 Wekan | 2026-06-17 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability was detected in WeKan up to 8.20. This impacts an unknown function of the file models/checklistItems.js of the component REST API. Performing a manipulation of the argument item.cardId/item.checklistId/card.boardId results in improper authorization. Remote exploitation of the attack is possible. Upgrading to version 8.21 will fix this issue. The patch is named 251d49eea94834cf351bb395808f4a56fb4dbb44. Upgrading the affected component is recommended. | |||||
| CVE-2026-1892 | 1 Wekan Project | 1 Wekan | 2026-06-17 | 4.6 MEDIUM | 5.0 MEDIUM |
| A security vulnerability has been detected in WeKan up to 8.20. This affects the function setBoardOrgs of the file models/boards.js of the component REST API. Such manipulation of the argument item.cardId/item.checklistId/card.boardId leads to improper authorization. The attack may be launched remotely. A high complexity level is associated with this attack. The exploitability is reported as difficult. Upgrading to version 8.21 mitigates this issue. The name of the patch is cabfeed9a68e21c469bf206d8655941444b9912c. It is suggested to upgrade the affected component. | |||||