Total
2609 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-27094 | 1 Opengoofy | 1 Hippo4j | 2026-06-17 | N/A | 8.8 HIGH |
| An issue found in OpenGoofy Hippo4j v.1.4.3 allows attackers to escalate privileges via the ThreadPoolController of the tenant Management module. | |||||
| CVE-2023-26604 | 2 Debian, Systemd Project | 2 Debian Linux, Systemd | 2026-06-17 | N/A | 7.8 HIGH |
| systemd before 247 does not adequately block local privilege escalation for some Sudo configurations, e.g., plausible sudoers files in which the "systemctl status" command may be executed. Specifically, systemd does not set LESSSECURE to 1, and thus other programs may be launched from the less program. This presents a substantial security risk when running systemctl from Sudo, because less executes as root when the terminal size is too small to show the complete systemctl output. | |||||
| CVE-2023-26600 | 1 Zohocorp | 4 Manageengine Assetexplorer, Manageengine Servicedesk Plus, Manageengine Servicedesk Plus Msp and 1 more | 2026-06-17 | N/A | 6.5 MEDIUM |
| ManageEngine ServiceDesk Plus through 14104, ServiceDesk Plus MSP through 14000, Support Center Plus through 14000, and Asset Explorer through 6987 allow privilege escalation via query reports. | |||||
| CVE-2023-26540 | 2026-06-17 | N/A | 9.8 CRITICAL | ||
| Improper Privilege Management vulnerability in Favethemes Houzez allows Privilege Escalation.This issue affects Houzez: from n/a through 2.7.1. | |||||
| CVE-2023-26475 | 1 Xwiki | 1 Xwiki | 2026-06-17 | N/A | 9.9 CRITICAL |
| XWiki Platform is a generic wiki platform. Starting in version 2.3-milestone-1, the annotation displayer does not execute the content in a restricted context. This allows executing anything with the right of the author of any document by annotating the document. This has been patched in XWiki 13.10.11, 14.4.7 and 14.10. There is no easy workaround except to upgrade. | |||||
| CVE-2023-26246 | 1 Hyundai | 2 Gen5w L, Gen5w L Firmware | 2026-06-17 | N/A | 7.8 HIGH |
| An issue was discovered in the Hyundai Gen5W_L in-vehicle infotainment system AE_E_PE_EUR.S5W_L001.001.211214. The AppUpgrade binary file, which is used during the firmware installation process, can be modified by an attacker to bypass the digital signature check. This indirectly allows an attacker to install custom firmware in the IVI system. | |||||
| CVE-2023-26245 | 1 Hyundai | 2 Gen5w L, Gen5w L Firmware | 2026-06-17 | N/A | 7.8 HIGH |
| An issue was discovered in the Hyundai Gen5W_L in-vehicle infotainment system AE_E_PE_EUR.S5W_L001.001.211214. The AppUpgrade binary file, which is used during the firmware installation process, can be modified by an attacker to bypass the version check in order to install any firmware version (e.g., newer, older, or customized). This indirectly allows an attacker to install custom firmware in the IVI system. | |||||
| CVE-2023-26244 | 1 Hyundai | 2 Gen5w L, Gen5w L Firmware | 2026-06-17 | N/A | 7.8 HIGH |
| An issue was discovered in the Hyundai Gen5W_L in-vehicle infotainment system AE_E_PE_EUR.S5W_L001.001.211214. The AppDMClient binary file, which is used during the firmware installation process, can be modified by an attacker to bypass the digital signature check of AppUpgrade and .lge.upgrade.xml files, which are used during the firmware installation process. This indirectly allows an attacker to use a custom version of AppUpgrade and .lge.upgrade.xml files. | |||||
| CVE-2023-26243 | 1 Hyundai | 2 Gen5w L, Gen5w L Firmware | 2026-06-17 | N/A | 7.8 HIGH |
| An issue was discovered in the Hyundai Gen5W_L in-vehicle infotainment system AE_E_PE_EUR.S5W_L001.001.211214. The decryption binary used to decrypt firmware files has an information leak that allows an attacker to read the AES key and initialization vector from memory. An attacker may exploit this to create custom firmware that may be installed in the IVI system. Then, an attacker may be able to install a backdoor in the IVI system that may allow him to control it, if it is connected to the Internet through Wi-Fi. | |||||
| CVE-2023-26236 | 1 Watchguard | 8 Edr, Edr Firmware, Epdr and 5 more | 2026-06-17 | N/A | 7.8 HIGH |
| An issue was discovered in WatchGuard EPDR 8.0.21.0002. Due to a weak implementation of message handling between WatchGuard EPDR processes, it is possible to perform a Local Privilege Escalation on Windows by sending a crafted message to a named pipe. | |||||
| CVE-2023-26062 | 1 Nokia | 1 Web Element Manager | 2026-06-17 | N/A | 7.0 HIGH |
| A mobile network solution internal fault is found in Nokia Web Element Manager before 22 R1, in which an authenticated, unprivileged user can execute administrative functions. Exploitation is not possible from outside of mobile network solution architecture. This means that exploit is not possible from mobile network user UEs, from roaming networks, or from the Internet. Exploitation is possible only from a CSP (Communication Service Provider) mobile network solution internal BTS management network. | |||||
| CVE-2023-26009 | 2026-06-17 | N/A | 9.8 CRITICAL | ||
| Improper Privilege Management vulnerability in Favethemes Houzez Login Register allows Privilege Escalation.This issue affects Houzez Login Register: from n/a through 2.6.3. | |||||
| CVE-2023-25834 | 1 Esri | 1 Portal For Arcgis | 2026-06-17 | N/A | 5.4 MEDIUM |
| Changes to user permissions in Portal for ArcGIS 10.9.1 and below are incompletely applied in specific use cases. This issue may allow users to access content that they are no longer privileged to access. | |||||
| CVE-2023-25701 | 1 Watchtowerhq | 1 Watchtower | 2026-06-17 | N/A | 9.8 CRITICAL |
| Improper Privilege Management vulnerability in WhatArmy WatchTowerHQ allows Privilege Escalation.This issue affects WatchTowerHQ: from n/a through 3.6.16. | |||||
| CVE-2023-25590 | 2 Arubanetworks, Linux | 2 Clearpass Policy Manager, Linux Kernel | 2026-06-17 | N/A | 7.8 HIGH |
| A vulnerability in the ClearPass OnGuard Linux agent could allow malicious users on a Linux instance to elevate their user privileges to those of a higher role. A successful exploit allows malicious users to execute arbitrary code with root level privileges on the Linux instance. | |||||
| CVE-2023-25535 | 1 Dell | 1 Supportassist For Home Pcs | 2026-06-17 | N/A | 7.2 HIGH |
| Dell SupportAssist for Home PCs Installer Executable file version prior to 3.13.2.19 used for initial installation has a high vulnerability that can result in local privilege escalation (LPE). This vulnerability only affects first-time installations done prior to 8th March 2023 | |||||
| CVE-2023-25521 | 1 Nvidia | 4 Dgx A100, Dgx A100 Firmware, Dgx A800 and 1 more | 2026-06-17 | N/A | 7.5 HIGH |
| NVIDIA DGX A100/A800 contains a vulnerability in SBIOS where an attacker may cause execution with unnecessary privileges by leveraging a weakness whereby proper input parameter validation is not performed. A successful exploit of this vulnerability may lead to denial of service, information disclosure, and data tampering. | |||||
| CVE-2023-25188 | 1 Nokia | 2 Asika Airscale, Asika Airscale Firmware | 2026-06-17 | N/A | 5.1 MEDIUM |
| An issue was discovered on NOKIA Airscale ASIKA Single RAN devices before 21B. If/when CSP (as a BTS administrator) removes security hardenings from the Nokia Single RAN BTS baseband unit, the BTS baseband unit diagnostic tool AaShell (which is by default disabled) allows unauthenticated access from the mobile network solution internal BTS management network to the BTS embedded Linux operating-system level. | |||||
| CVE-2023-25185 | 1 Nokia | 2 Asika Airscale, Asika Airscale Firmware | 2026-06-17 | N/A | 3.8 LOW |
| An issue was discovered on NOKIA Airscale ASIKA Single RAN devices before 21B. A mobile network solution internal fault was found in Nokia Single RAN software releases. Certain software processes in the BTS internal software design have unnecessarily high privileges to BTS embedded operating system (OS) resources. | |||||
| CVE-2023-25149 | 1 Timescale | 1 Timescaledb | 2026-06-17 | N/A | 8.8 HIGH |
| TimescaleDB, an open-source time-series SQL database, has a privilege escalation vulnerability in versions 2.8.0 through 2.9.2. During installation, TimescaleDB creates a telemetry job that is runs as the installation user. The queries run as part of the telemetry data collection were not run with a locked down `search_path`, allowing malicious users to create functions that would be executed by the telemetry job, leading to privilege escalation. In order to be able to take advantage of this vulnerability, a user would need to be able to create objects in a database and then get a superuser to install TimescaleDB into their database. When TimescaleDB is installed as trusted extension, non-superusers can install the extension without help from a superuser. Version 2.9.3 fixes this issue. As a mitigation, the `search_path` of the user running the telemetry job can be locked down to not include schemas writable by other users. The vulnerability is not exploitable on instances in Timescale Cloud and Managed Service for TimescaleDB due to additional security provisions in place on those platforms. | |||||