Total
1480 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-0014 | 2026-06-17 | N/A | 7.3 HIGH | ||
| Incorrect default permissions on the AMD Ryzen(TM) AI installation folder could allow an attacker to achieve privilege escalation, potentially resulting in arbitrary code execution. | |||||
| CVE-2024-9947 | 1 Properfraction | 1 Profilepress | 2026-06-17 | N/A | 8.1 HIGH |
| The ProfilePress Pro plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 4.11.1. This is due to insufficient verification on the user being returned by the social login token. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email and the user does not have an already-existing account for the service returning the token. | |||||
| CVE-2024-9858 | 1 Google | 1 Migrate To Containers | 2026-06-17 | N/A | 7.8 HIGH |
| There exists an insecure default user permission in Google Cloud Migrate to containers from version 1.1.0 to 1.2.2 Windows installs. A local "m2cuser" was greated with administrator privileges. This posed a security risk if the "analyze" or "generate" commands were interrupted or skipping the action to delete the local user “m2cuser”. We recommend upgrading to 1.2.3 or beyond | |||||
| CVE-2024-9845 | 1 Ivanti | 1 Automation | 2026-06-17 | N/A | 7.8 HIGH |
| Under specific circumstances, insecure permissions in Ivanti Automation before version 2024.4.0.1 allows a local authenticated attacker to achieve local privilege escalation. | |||||
| CVE-2024-9191 | 1 Okta | 1 Verify | 2026-06-17 | N/A | 7.1 HIGH |
| The Okta Device Access features, provided by the Okta Verify agent for Windows, provides access to the OktaDeviceAccessPipe, which enables attackers in a compromised device to retrieve passwords associated with Desktop MFA passwordless logins. The vulnerability was discovered via routine penetration testing. Note: A precondition of this vulnerability is that the user must be using the Okta Device Access passwordless feature. Okta Device Access users not using passwordless are not affected, and customers only using Okta Verify on platforms other than Windows, or only using FastPass are not affected. | |||||
| CVE-2024-9167 | 1 Ivanti | 1 Velocity License Server | 2026-06-17 | N/A | 7.8 HIGH |
| Under specific circumstances, insecure permissions in Ivanti Velocity License Server before version 5.2 allows a local authenticated attacker to achieve local privilege escalation. | |||||
| CVE-2024-8533 | 1 Rockwellautomation | 6 2800c Optixpanel Compact, 2800c Optixpanel Compact Firmware, 2800s Optixpanel Standard and 3 more | 2026-06-17 | N/A | 8.8 HIGH |
| A privilege escalation vulnerability exists in the Rockwell Automation affected products. The vulnerability occurs due to improper default file permissions allowing users to exfiltrate credentials and escalate privileges. | |||||
| CVE-2024-8496 | 1 Ivanti | 1 Workspace Control | 2026-06-17 | N/A | 7.8 HIGH |
| Under specific circumstances, insecure permissions in Ivanti Workspace Control before version 10.18.40.0 allows a local authenticated attacker to achieve local privilege escalation. | |||||
| CVE-2024-8037 | 1 Canonical | 1 Juju | 2026-06-17 | N/A | 6.5 MEDIUM |
| Vulnerable juju hook tool abstract UNIX domain socket. When combined with an attack of JUJU_CONTEXT_ID, any user on the local system with access to the default network namespace may connect to the @/var/lib/juju/agents/unit-xxxx-yyyy/agent.socket and perform actions that are normally reserved to a juju charm. | |||||
| CVE-2024-7587 | 2 Iconics, Mitsubishielectric | 2 Genesis64, Mc Works64 | 2026-06-17 | N/A | 7.8 HIGH |
| Incorrect Default Permissions vulnerability in GenBroker32, which is included in the installers for Mitsubishi Electric GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric GENESIS32 versions 9.70.300.23 and prior, Mitsubishi Electric Iconics Digital Solutions GENESIS32 versions 9.70.300.23 and prior, and Mitsubishi Electric MC Works64 all versions allows a local authenticated attacker to disclose or tamper with confidential information and data contained in the products, or cause a denial of service (DoS) condition on the products, by accessing a folder with incorrect permissions, when GenBroker32 is installed on the same PC as GENESIS64, ICONICS Suite, MC Works64, or GENESIS32. | |||||
| CVE-2024-7525 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2026-06-17 | N/A | 8.1 HIGH |
| It was possible for a web extension with minimal permissions to create a `StreamFilter` which could be used to read and modify the response body of requests on any site. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1, Thunderbird < 128.1, and Thunderbird < 115.14. | |||||
| CVE-2024-6974 | 1 Catonetworks | 1 Cato Client | 2026-06-17 | N/A | 8.8 HIGH |
| Cato Networks Windows SDP Client Local Privilege Escalation via self-upgradeThis issue affects SDP Client: before 5.10.34. | |||||
| CVE-2024-6640 | 2026-06-17 | N/A | 6.3 MEDIUM | ||
| In ICMPv6 Neighbor Discovery (ND), the ID is always 0. When pf is configured to allow ND and block incoming Echo Requests, a crafted Echo Request packet after a Neighbor Solicitation (NS) can trigger an Echo Reply. The packet has to come from the same host as the NS and have a zero as identifier to match the state created by the Neighbor Discovery and allow replies to be generated. ICMPv6 packets with identifier value of zero bypass firewall rules written on the assumption that the incoming packets are going to create a state in the state table. | |||||
| CVE-2024-6476 | 2026-06-17 | N/A | 4.2 MEDIUM | ||
| Gee-netics, member of the AXIS Camera Station Pro Bug Bounty Program has found that it is possible for a non-admin user to gain system privileges by redirecting a file deletion upon service restart. Axis has released patched versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution. | |||||
| CVE-2024-6326 | 1 Rockwellautomation | 2 Factorytalk Policy Manager, Factorytalk System Services | 2026-06-17 | N/A | 5.5 MEDIUM |
| An exposure of sensitive information vulnerability exists in the Rockwell Automation FactoryTalk® System Service. A malicious user could exploit this vulnerability by starting a back-up or restore process, which temporarily exposes private keys, passwords, pre-shared keys, and database folders when they are temporarily copied to an interim folder. This vulnerability is due to the lack of explicit permissions set on the backup folder. If private keys are obtained by a malicious user, they could impersonate resources on the secured network. | |||||
| CVE-2024-6325 | 1 Rockwellautomation | 1 Factorytalk Policy Manager | 2026-06-17 | N/A | 6.5 MEDIUM |
| The v6.40 release of Rockwell Automation FactoryTalk® Policy Manager CVE-2021-22681 https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.PN1550.html and CVE-2022-1161 https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.PN1585.html by implementing CIP security and did not update to the versions of the software CVE-2022-1161 https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.PN1585.html and CVE-2022-1161. https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.PN1585.html | |||||
| CVE-2024-6238 | 1 Pgadmin | 1 Pgadmin 4 | 2026-06-17 | N/A | 7.4 HIGH |
| pgAdmin <= 8.8 has an installation Directory permission issue. Because of this issue, attackers can gain unauthorised access to the installation directory on the Debian or RHEL 8 platforms. | |||||
| CVE-2024-6148 | 1 Citrix | 1 Workspace | 2026-06-17 | N/A | 8.8 HIGH |
| Bypass of GACS Policy Configuration settings in Citrix Workspace app for HTML5 | |||||
| CVE-2024-6122 | 1 Ni | 2 Flexlogger, Systemlink | 2026-06-17 | N/A | 5.5 MEDIUM |
| An incorrect permission in the installation directory for the shared NI SystemLink Server KeyValueDatabase service may result in information disclosure via local access. This affects NI SystemLink Server 2024 Q1 and prior versions. It also affects NI FlexLogger 2023 Q2 and prior versions which installed this shared service. | |||||
| CVE-2024-5967 | 2026-06-17 | N/A | 2.7 LOW | ||
| A vulnerability was found in Keycloak. The LDAP testing endpoint allows changing the Connection URL independently without re-entering the currently configured LDAP bind credentials. This flaw allows an attacker with admin access (permission manage-realm) to change the LDAP host URL ("Connection URL") to a machine they control. The Keycloak server will connect to the attacker's host and try to authenticate with the configured credentials, thus leaking them to the attacker. As a consequence, an attacker who has compromised the admin console or compromised a user with sufficient privileges can leak domain credentials and attack the domain. | |||||