Total
2550 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-5759 | 1 Tenable | 1 Security Center | 2026-06-17 | N/A | 5.4 MEDIUM |
| An improper privilege management vulnerability exists in Tenable Security Center where an authenticated, remote attacker could view unauthorized objects and launch scans without having the required privileges | |||||
| CVE-2024-5566 | 1 Github | 1 Enterprise Server | 2026-06-17 | N/A | 5.8 MEDIUM |
| An improper privilege management vulnerability allowed users to migrate private repositories without having appropriate scopes defined on the related Personal Access Token. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.14 and was fixed in version 3.13.1, 3.12.6, 3.11.12, 3.10.14, and 3.9.17. | |||||
| CVE-2024-5525 | 1 Codester | 1 Astrotalks | 2026-06-17 | N/A | 8.3 HIGH |
| Improper privilege management vulnerability in Astrotalks affecting version 10/03/2023. This vulnerability allows a local user to access the application as an administrator without any provided credentials, allowing the attacker to perform administrative actions. | |||||
| CVE-2024-5009 | 1 Progress | 1 Whatsup Gold | 2026-06-17 | N/A | 8.4 HIGH |
| In WhatsUp Gold versions released before 2023.1.3, an Improper Access Control vulnerability in Wug.UI.Controllers.InstallController.SetAdminPassword allows local attackers to modify admin's password. | |||||
| CVE-2024-58104 | 1 Trendmicro | 1 Apex One | 2026-06-17 | N/A | 7.3 HIGH |
| A vulnerability in the Trend Micro Apex One Security Agent Plug-in User Interface Manager could allow a local attacker to bypass existing security and execute arbitrary code on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | |||||
| CVE-2024-57778 | 2026-06-17 | N/A | 8.8 HIGH | ||
| An issue in Orbe ONetView Roeador Onet-1200 Orbe 1680210096 allows a remote attacker to escalate privileges via the servers response from status code 500 to status code 200. | |||||
| CVE-2024-57602 | 1 Easyappointments | 1 Easyappointments | 2026-06-17 | N/A | 9.8 CRITICAL |
| An issue in Alex Tselegidis EasyAppointments v.1.5.0 allows a remote attacker to escalate privileges via the index.php file. | |||||
| CVE-2024-57062 | 1 Soundcloud | 1 Soundcloud | 2026-06-17 | N/A | 6.7 MEDIUM |
| An issue in SoundCloud IOS application v.7.65.2 allows a local attacker to escalate privileges and obtain sensitive information via the session handling component. | |||||
| CVE-2024-56447 | 1 Huawei | 2 Emui, Harmonyos | 2026-06-17 | N/A | 7.8 HIGH |
| Vulnerability of improper permission control in the window management module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | |||||
| CVE-2024-56335 | 1 Dani-garcia | 1 Vaultwarden | 2026-06-17 | N/A | 7.6 HIGH |
| vaultwarden is an unofficial Bitwarden compatible server written in Rust, formerly known as bitwarden_rs. In affected versions an attacker is capable of updating or deleting groups from an organization given a few conditions: 1. The attacker has a user account in the server. 2. The attacker's account has admin or owner permissions in an unrelated organization. 3. The attacker knows the target organization's UUID and the target group's UUID. Note that this vulnerability is related to group functionality and as such is only applicable for servers who have enabled the `ORG_GROUPS_ENABLED` setting, which is disabled by default. This attack can lead to different situations: 1. Denial of service, the attacker can limit users from accessing the organization's data by removing their membership from the group. 2. Privilege escalation, if the attacker is part of the victim organization, they can escalate their own privileges by joining a group they wouldn't normally have access to. For attackers that aren't part of the organization, this shouldn't lead to any possible plain-text data exfiltration as all the data is encrypted client side. This vulnerability is patched in Vaultwarden `1.32.7`, and users are recommended to update as soon as possible. If it's not possible to update to `1.32.7`, some possible workarounds are: 1. Disabling `ORG_GROUPS_ENABLED`, which would disable groups functionality on the server. 2. Disabling `SIGNUPS_ALLOWED`, which would not allow an attacker to create new accounts on the server. | |||||
| CVE-2024-55954 | 2026-06-17 | N/A | 8.7 HIGH | ||
| OpenObserve is a cloud-native observability platform. A vulnerability in the user management endpoint `/api/{org_id}/users/{email_id}` allows an "Admin" role user to remove a "Root" user from the organization. This violates the intended privilege hierarchy, enabling a non-root user to remove the highest-privileged account. Due to insufficient role checks, the `remove_user_from_org` function does not prevent an "Admin" user from removing a "Root" user. As a result, an attacker with an "Admin" role can remove critical "Root" users, potentially gaining effective full control by eliminating the highest-privileged accounts. The `DELETE /api/{org_id}/users/{email_id}` endpoint is affected. This issue has been addressed in release version `0.14.1` and all users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2024-55949 | 2026-06-17 | N/A | N/A | ||
| MinIO is a high-performance, S3 compatible object store, open sourced under GNU AGPLv3 license. Minio is subject to a privilege escalation in IAM import API, all users are impacted since MinIO commit `580d9db85e04f1b63cc2909af50f0ed08afa965f`. This issue has been addressed in commit `f246c9053f9603e610d98439799bdd2a6b293427` which is included in RELEASE.2024-12-13T22-19-12Z. There are no workarounds possible, all users are advised to upgrade immediately. | |||||
| CVE-2024-55632 | 1 Trendmicro | 1 Apex One | 2026-06-17 | N/A | 7.8 HIGH |
| A security agent link following vulnerability in Trend Micro Apex One could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | |||||
| CVE-2024-55631 | 1 Trendmicro | 1 Apex One | 2026-06-17 | N/A | 7.8 HIGH |
| An engine link following vulnerability in Trend Micro Apex One could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | |||||
| CVE-2024-54560 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2026-06-17 | N/A | 5.5 MEDIUM |
| A logic issue was addressed with improved checks. This issue is fixed in iOS 18 and iPadOS 18, macOS Sequoia 15, tvOS 18, watchOS 11. A malicious app may be able to modify other apps without having App Management permission. | |||||
| CVE-2024-53706 | 2026-06-17 | N/A | 7.8 HIGH | ||
| A vulnerability in the Gen7 SonicOS Cloud platform NSv, allows a remote authenticated local low-privileged attacker to elevate privileges to `root` and potentially lead to code execution. | |||||
| CVE-2024-53350 | 1 Kubeslice | 1 Kubeslice | 2026-06-17 | N/A | 7.4 HIGH |
| Insecure permissions in kubeslice v1.3.1 allow attackers to gain access to the service account's token, leading to escalation of privileges. | |||||
| CVE-2024-53349 | 1 Linuxfoundation | 1 Kuadrant | 2026-06-17 | N/A | 7.4 HIGH |
| Insecure permissions in kuadrant v0.11.3 allow attackers to gain access to the service account's token, leading to escalation of privileges via the secretes component in the k8s cluster | |||||
| CVE-2024-52926 | 2026-06-17 | N/A | 6.5 MEDIUM | ||
| Delinea Privilege Manager before 12.0.2 mishandles the security of the Windows agent. | |||||
| CVE-2024-52516 | 1 Nextcloud | 1 Nextcloud Server | 2026-06-17 | N/A | 3.0 LOW |
| Nextcloud Server is a self hosted personal cloud system. When a server is configured to only allow sharing with users that are in ones own groups, after a user was removed from a group, previously shared items were not unshared. It is recommended that the Nextcloud Server is upgraded to 22.2.11 or 23.0.11 or 24.0.6 and Nextcloud Enterprise Server is upgraded to 22.2.11 or 23.0.11 or 24.0.6. | |||||