Total
1479 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-5321 | 2026-06-17 | N/A | 6.1 MEDIUM | ||
| A security issue was discovered in Kubernetes clusters with Windows nodes where BUILTIN\Users may be able to read container logs and NT AUTHORITY\Authenticated Users may be able to modify container logs. | |||||
| CVE-2024-58050 | 1 Huawei | 1 Harmonyos | 2026-06-17 | N/A | 6.2 MEDIUM |
| Vulnerability of improper access permission in the HDC module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | |||||
| CVE-2024-58049 | 1 Huawei | 1 Harmonyos | 2026-06-17 | N/A | 5.0 MEDIUM |
| Permission verification vulnerability in the media library module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | |||||
| CVE-2024-58047 | 1 Huawei | 1 Harmonyos | 2026-06-17 | N/A | 5.0 MEDIUM |
| Permission verification vulnerability in the media library module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | |||||
| CVE-2024-58046 | 1 Huawei | 1 Harmonyos | 2026-06-17 | N/A | 6.2 MEDIUM |
| Permission management vulnerability in the lock screen module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | |||||
| CVE-2024-58044 | 1 Huawei | 2 Emui, Harmonyos | 2026-06-17 | N/A | 8.4 HIGH |
| Permission verification bypass vulnerability in the notification module Impact: Successful exploitation of this vulnerability may affect availability. | |||||
| CVE-2024-57684 | 1 Dlink | 2 Dir-816, Dir-816 Firmware | 2026-06-17 | N/A | 9.8 CRITICAL |
| An access control issue in the component formDMZ.cgi of D-Link 816A2_FWv1.10CNB05_R1B011D88210 allows unauthenticated attackers to set the DMZ service of the device via a crafted POST request. | |||||
| CVE-2024-57604 | 1 Mayswind | 1 Ezbookkeeping | 2026-06-17 | N/A | 9.8 CRITICAL |
| An issue in MaysWind ezBookkeeping 0.7.0 allows a remote attacker to escalate privileges via the token component. | |||||
| CVE-2024-57548 | 1 Cmsimple | 1 Cmsimple | 2026-06-17 | N/A | 9.1 CRITICAL |
| CMSimple 5.16 allows the user to edit log.php file via print page. | |||||
| CVE-2024-56525 | 2026-06-17 | N/A | 9.8 CRITICAL | ||
| In Public Knowledge Project (PKP) OJS, OMP, and OPS before 3.3.0.21 and 3.4.x before 3.4.0.8, an XXE attack by the Journal Editor Role can create a new role as super admin in the journal context, and insert a backdoor plugin, by uploading a crafted XML document as a User XML Plugin. | |||||
| CVE-2024-56447 | 1 Huawei | 2 Emui, Harmonyos | 2026-06-17 | N/A | 7.8 HIGH |
| Vulnerability of improper permission control in the window management module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | |||||
| CVE-2024-56440 | 1 Huawei | 2 Emui, Harmonyos | 2026-06-17 | N/A | 6.2 MEDIUM |
| Permission control vulnerability in the Connectivity module Impact: Successful exploitation of this vulnerability may cause features to perform abnormally. | |||||
| CVE-2024-55959 | 2026-06-17 | N/A | 9.1 CRITICAL | ||
| Northern.tech Mender Client 4.x before 4.0.5 has Insecure Permissions. | |||||
| CVE-2024-55957 | 2026-06-17 | N/A | 7.8 HIGH | ||
| In Thermo Fisher Scientific Xcalibur before 4.7 SP1 and Thermo Foundation Instrument Control Software (ICSW) before 3.1 SP10, the driver packages have a local privilege escalation vulnerability due to improper access control permissions on Windows systems. | |||||
| CVE-2024-55950 | 2026-06-17 | N/A | N/A | ||
| Tabby (formerly Terminus) is a highly configurable terminal emulator. Prior to 1.0.216, Tabby terminal emulator contains overly permissive entitlements that are unnecessary for its core functionality and plugin system, creating potential security vulnerabilities. The application currently holds powerful permissions including camera, microphone access, and the ability to access personal folders (Downloads, Documents, etc.) through Apple Events, while also maintaining dangerous entitlements that enable code injection. The concerning entitlements are com.apple.security.cs.allow-dyld-environment-variables and com.apple.security.cs.disable-library-validation. Since Tabby's plugins and themes are NodeJS-based without native libraries or frameworks, and no environment variables are used in the codebase, it is recommended to review and remove at least one of the entitlements (com.apple.security.cs.disable-library-validation or com.apple.security.cs.allow-dyld-environment-variables) to prevent DYLD_INSERT_LIBRARIES injection while maintaining full application functionality. This vulnerability is fixed in 1.0.216. | |||||
| CVE-2024-55930 | 1 Xerox | 1 Workplace Suite | 2026-06-17 | N/A | 6.7 MEDIUM |
| Xerox Workplace Suite has weak default folder permissions that allow unauthorized users to access, modify, or delete files | |||||
| CVE-2024-55398 | 1 4cstrategies | 1 Exonaut | 2026-06-17 | N/A | 6.5 MEDIUM |
| 4C Strategies Exonaut before v22.4 was discovered to contain insecure permissions. | |||||
| CVE-2024-55225 | 1 Dani-garcia | 1 Vaultwarden | 2026-06-17 | N/A | 9.8 CRITICAL |
| An issue in the component src/api/identity.rs of Vaultwarden prior to v1.32.5 allows attackers to impersonate users, including Administrators, via a crafted authorization request. | |||||
| CVE-2024-55215 | 1 Jrohy | 1 Trojan | 2026-06-17 | N/A | 9.8 CRITICAL |
| An issue in trojan v.2.0.0 through v.2.15.3 allows a remote attacker to escalate privileges via the initialization interface /auth/register. | |||||
| CVE-2024-54751 | 2026-06-17 | N/A | 9.8 CRITICAL | ||
| COMFAST CF-WR630AX v2.7.0.2 was discovered to contain a hardcoded password vulnerability in /etc/shadow, which allows attackers to log in as root. | |||||