Total
2550 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-40802 | 1 Apple | 1 Macos | 2026-06-17 | N/A | 7.8 HIGH |
| The issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.7.6, macOS Sonoma 14.6, macOS Ventura 13.6.8. A local attacker may be able to elevate their privileges. | |||||
| CVE-2024-40781 | 1 Apple | 1 Macos | 2026-06-17 | N/A | 7.8 HIGH |
| The issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.7.6, macOS Sonoma 14.6, macOS Ventura 13.6.8. A local attacker may be able to elevate their privileges. | |||||
| CVE-2024-40662 | 1 Google | 1 Android | 2026-06-17 | N/A | 7.8 HIGH |
| In scheme of Uri.java, there is a possible way to craft a malformed Uri object due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2024-40658 | 1 Google | 1 Android | 2026-06-17 | N/A | 7.8 HIGH |
| In getConfig of SoftVideoDecoderOMXComponent.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2024-40657 | 1 Google | 1 Android | 2026-06-17 | N/A | 7.8 HIGH |
| In addPreferencesForType of AccountTypePreferenceLoader.java, there is a possible way to disable apps for other users due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2024-40462 | 1 Ocuco | 1 Innovation | 2026-06-17 | N/A | 7.8 HIGH |
| An issue in Ocuco Innovation v.2.10.24.51 allows a local attacker to escalate privileges via the SETTINGSVATIGATOR.EXE component | |||||
| CVE-2024-40461 | 1 Ocuco | 1 Innovation | 2026-06-17 | N/A | 7.8 HIGH |
| An issue in Ocuco Innovation v.2.10.24.51 allows a local attacker to escalate privileges via the STOCKORDERENTRY.EXE component | |||||
| CVE-2024-40460 | 1 Ocuco | 1 Innovation | 2026-06-17 | N/A | 7.8 HIGH |
| An issue in Ocuco Innovation v.2.10.24.51 allows a local attacker to escalate privileges via the JOBENTRY.EXE | |||||
| CVE-2024-40459 | 1 Ocuco | 1 Innovation | 2026-06-17 | N/A | 7.8 HIGH |
| An issue in Ocuco Innovation APPMANAGER.EXE v.2.10.24.51 allows a local attacker to escalate privileges via the application manager function | |||||
| CVE-2024-40458 | 1 Ocuco | 1 Innovation | 2026-06-17 | N/A | 7.8 HIGH |
| An issue in Ocuco Innovation Tracking.exe v.2.10.24.51 allows a local attacker to escalate privileges via the modification of TCP packets. | |||||
| CVE-2024-3828 | 2026-06-17 | N/A | 8.8 HIGH | ||
| The Spectra Pro plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.1.5. This is due to the plugin allowing lower-privileged users to create registration forms and set the default role to administrator This makes it possible for authenticated attackers, with author-level access and above, to create administrator-level accounts. | |||||
| CVE-2024-3507 | 2026-06-17 | N/A | 7.7 HIGH | ||
| Improper privilege management vulnerability in Lunar software that affects versions 6.0.2 through 6.6.0. This vulnerability allows an attacker to perform a secondary process injection into the Lunar application and abuse those rights to access sensitive user information. | |||||
| CVE-2024-3470 | 1 Github | 1 Enterprise Server | 2026-06-17 | N/A | 5.9 MEDIUM |
| An Improper Privilege Management vulnerability was identified in GitHub Enterprise Server that allowed an attacker to use a deploy key pertaining to an organization to bypass an organization ruleset. An attacker would require access to a valid deploy key for a repository in the organization as well as repository administrator access. This vulnerability affected versions of GitHub Enterprise Server 3.11 to 3.12 and was fixed in versions 3.11.8 and 3.12.2. This vulnerability was reported via the GitHub Bug Bounty program. | |||||
| CVE-2024-3325 | 1 Cloud | 1 Jasperreports Server | 2026-06-17 | N/A | 7.2 HIGH |
| Vulnerability in Jaspersoft JasperReport Servers.This issue affects JasperReport Servers: from 8.0.4 through 9.0.0. | |||||
| CVE-2024-3137 | 2026-06-17 | N/A | 7.1 HIGH | ||
| Improper Privilege Management in uvdesk/community-skeleton | |||||
| CVE-2024-3057 | 2026-06-17 | N/A | 9.8 CRITICAL | ||
| A flaw exists whereby a user can make a specific call to a FlashArray endpoint allowing privilege escalation. | |||||
| CVE-2024-39634 | 2026-06-17 | N/A | 8.8 HIGH | ||
| Improper Privilege Management vulnerability in IdeaBox PowerPack Pro for Elementor allows Privilege Escalation.This issue affects PowerPack Pro for Elementor: from n/a through 2.10.14. | |||||
| CVE-2024-39633 | 2026-06-17 | N/A | 8.8 HIGH | ||
| Improper Privilege Management vulnerability in IdeaBox PowerPack for Beaver Builder allows Privilege Escalation.This issue affects PowerPack for Beaver Builder: from n/a through 2.33.0. | |||||
| CVE-2024-39574 | 1 Dell | 1 Insightiq | 2026-06-17 | N/A | 6.7 MEDIUM |
| Dell PowerScale InsightIQ, version 5.1, contain an Improper Privilege Management vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Denial of service. | |||||
| CVE-2024-39342 | 2026-06-17 | N/A | 6.6 MEDIUM | ||
| Entrust Instant Financial Issuance (formerly known as Cardwizard) 6.10.0, 6.9.0, 6.9.1, 6.9.2, and 6.8.x and earlier uses a DLL library (i.e. DCG.Security.dll) with a custom AES encryption process that relies on static hard-coded key values. These keys are not uniquely generated per installation of the software. Combined with the encrypted password that can be obtained from "WebAPI.cfg.xml" in CVE-2024-39341, the decryption is trivial and can lead to privilege escalation on the Windows host. | |||||