Total
2550 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-39302 | 2026-06-17 | N/A | 3.7 LOW | ||
| BigBlueButton is an open-source virtual classroom designed to help teachers teach and learners learn. An attacker may be able to exploit the overly elevated file permissions in the `/usr/local/bigbluebutton/core/vendor/bundle/ruby/2.7.0/gems/resque-2.6.0` directory with the goal of privilege escalation, potentially exposing sensitive information on the server. This issue has been patched in version(s) 2.6.18, 2.7.8 and 3.0.0-alpha.7. | |||||
| CVE-2024-39206 | 2026-06-17 | N/A | 7.5 HIGH | ||
| An issue discovered in MSP360 Backup Agent v7.8.5.15 and v7.9.4.84 allows attackers to obtain network share credentials used in a backup due to enginesettings.list being encrypted with a hard coded key. | |||||
| CVE-2024-38830 | 1 Vmware | 2 Aria Operations, Cloud Foundation | 2026-06-17 | N/A | 7.8 HIGH |
| VMware Aria Operations contains a local privilege escalation vulnerability. A malicious actor with local administrative privileges may trigger this vulnerability to escalate privileges to root user on the appliance running VMware Aria Operations. | |||||
| CVE-2024-38818 | 2026-06-17 | N/A | 6.7 MEDIUM | ||
| VMware NSX contains a local privilege escalation vulnerability. An authenticated malicious actor may exploit this vulnerability to obtain permissions from a separate group role than previously assigned. | |||||
| CVE-2024-38775 | 2026-06-17 | N/A | 7.2 HIGH | ||
| Improper Privilege Management vulnerability in WebAppick CTX Feed allows Privilege Escalation.This issue affects CTX Feed: from n/a through 6.5.6. | |||||
| CVE-2024-38770 | 2026-06-17 | N/A | 9.8 CRITICAL | ||
| Improper Privilege Management vulnerability in Revmakx Backup and Staging by WP Time Capsule allows Privilege Escalation, Authentication Bypass.This issue affects Backup and Staging by WP Time Capsule: from n/a through 1.22.20. | |||||
| CVE-2024-38499 | 2026-06-17 | N/A | 8.8 HIGH | ||
| CA Client Automation (ITCM) allows non-admin/non-root users to encrypt a string using CAF CLI and SD_ACMD CLI. This would allow the non admin user to access the critical encryption keys which further causes the exploitation of stored credentials. This fix doesn't allow a non-admin/non-root user to execute "caf encrypt"/"sd_acmd encrypt" commands. | |||||
| CVE-2024-38089 | 1 Microsoft | 1 Defender For Iot | 2026-06-17 | N/A | 9.1 CRITICAL |
| Microsoft Defender for IoT Elevation of Privilege Vulnerability | |||||
| CVE-2024-38014 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2026-06-17 | N/A | 7.8 HIGH |
| Windows Installer Elevation of Privilege Vulnerability | |||||
| CVE-2024-37980 | 1 Microsoft | 4 Sql Server 2016, Sql Server 2017, Sql Server 2019 and 1 more | 2026-06-17 | N/A | 8.8 HIGH |
| Microsoft SQL Server Elevation of Privilege Vulnerability | |||||
| CVE-2024-37952 | 1 Themeenergy | 1 Book Your Travel | 2026-06-17 | N/A | 8.8 HIGH |
| Improper Privilege Management vulnerability in themeenergy BookYourTravel allows Privilege Escalation.This issue affects BookYourTravel: from n/a through 8.18.17. | |||||
| CVE-2024-37858 | 1 Oretnom23 | 1 Lost And Found Information System | 2026-06-17 | N/A | 9.8 CRITICAL |
| SQL Injection vulnerability in Lost and Found Information System 1.0 allows a remote attacker to escalate privileges via the id parameter to php-lfis/admin/categories/manage_category.php. | |||||
| CVE-2024-37726 | 2026-06-17 | N/A | 6.8 MEDIUM | ||
| Insecure Permissions vulnerability in Micro-Star International Co., Ltd MSI Center v.2.0.36.0 allows a local attacker to escalate privileges via the Export System Info function in MSI.CentralServer.exe | |||||
| CVE-2024-37665 | 1 Wvp-pro | 1 Gb28181 | 2026-06-17 | N/A | 8.8 HIGH |
| An access control issue in Wvp GB28181 Pro 2.0 allows authenticated attackers to escalate privileges to Administrator via a crafted POST request. | |||||
| CVE-2024-37560 | 2026-06-17 | N/A | 8.0 HIGH | ||
| Improper Privilege Management vulnerability in IqbalRony WP User Switch allows Privilege Escalation.This issue affects WP User Switch: from n/a through 1.1.0. | |||||
| CVE-2024-37484 | 1 Zephyr-one | 1 Zephyr Project Manager | 2026-06-17 | N/A | 8.8 HIGH |
| Improper Privilege Management vulnerability in Dylan James Zephyr Project Manager allows Privilege Escalation.This issue affects Zephyr Project Manager: from n/a through 3.3.97. | |||||
| CVE-2024-37455 | 1 Brainstormforce | 1 Ultimate Addons For Elementor | 2026-06-17 | N/A | 8.8 HIGH |
| Improper Privilege Management vulnerability in Brainstorm Force Ultimate Addons for Elementor allows Privilege Escalation.This issue affects Ultimate Addons for Elementor: from n/a through 1.36.31. | |||||
| CVE-2024-37364 | 2026-06-17 | N/A | 6.8 MEDIUM | ||
| Ariane Allegro Scenario Player through 2024-03-05, when Ariane Duo kiosk mode is used, allows physically proximate attackers to obtain sensitive information (such as hotel invoice content with PII), and potentially create unauthorized room keys, by entering a guest-search quote character and then accessing the underlying Windows OS. | |||||
| CVE-2024-37133 | 1 Dell | 1 Powerscale Onefs | 2026-06-17 | N/A | 6.7 MEDIUM |
| Dell PowerScale OneFS versions 8.2.2.x through 9.8.0.0 contain an improper privilege management vulnerability. A local high privileged attacker could potentially exploit this vulnerability, leading to unauthorized gain of root-level access. | |||||
| CVE-2024-37126 | 1 Dell | 1 Powerscale Onefs | 2026-06-17 | N/A | 6.7 MEDIUM |
| Dell PowerScale OneFS versions 8.2.2.x through 9.8.0.0 contain an improper privilege management vulnerability. A local high privileged attacker could potentially exploit this vulnerability, leading to unauthorized gain of root-level access. | |||||