Total
1480 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-54751 | 2026-06-17 | N/A | 9.8 CRITICAL | ||
| COMFAST CF-WR630AX v2.7.0.2 was discovered to contain a hardcoded password vulnerability in /etc/shadow, which allows attackers to log in as root. | |||||
| CVE-2024-54747 | 1 Wavlink | 2 Wn531p3, Wn531p3 Firmware | 2026-06-17 | N/A | 9.8 CRITICAL |
| WAVLINK WN531P3 202383 was discovered to contain a hardcoded password vulnerability in /etc/shadow, which allows attackers to log in as root. | |||||
| CVE-2024-54745 | 1 Wavlink | 2 Wn701ae, Wn701ae Firmware | 2026-06-17 | N/A | 9.8 CRITICAL |
| WAVLINK WN701AE M01AE_V240305 was discovered to contain a hardcoded password vulnerability in /etc/shadow, which allows attackers to log in as root. | |||||
| CVE-2024-54564 | 1 Apple | 4 Ipados, Iphone Os, Macos and 1 more | 2026-06-17 | N/A | 6.5 MEDIUM |
| This issue was addressed through improved state management. This issue is fixed in iOS 17.6 and iPadOS 17.6, macOS Sonoma 14.6, visionOS 1.3. A file received from AirDrop may not have the quarantine flag applied. | |||||
| CVE-2024-54131 | 2026-06-17 | N/A | N/A | ||
| The Kolide Agent (aka: Launcher) is the lightweight agent designed to work with Kolide's service. An implementation bug in the Kolide Agent (known as `launcher`) allows for local privilege escalation to the SYSTEM user on Windows 10 and 11. The bug was introduced in version 1.5.3 when launcher started storing upgraded binaries in the ProgramData directory. This move to the new directory meant the launcher root directory inherited default permissions that are not as strict as the previous location. These incorrect default permissions in conjunction with an omitted SystemDrive environmental variable (when launcher starts osqueryd), allows a malicious actor with access to the local Windows device to successfully place an arbitrary DLL into the osqueryd process's search path. Under some circumstances, this DLL will be executed when osqueryd performs a WMI query. This combination of events could then allow the attacker to escalate their privileges to SYSTEM. Impacted versions include versions >= 1.5.3 and the fix has been released in 1.12.3. | |||||
| CVE-2024-53921 | 2 Microsoft, Samsung | 2 Windows, Magician | 2026-06-17 | N/A | 2.8 LOW |
| An issue was discovered in the installer in Samsung Magician 8.1.0 on Windows. An attacker can create arbitrary folders in the system permission directory via a symbolic link during the installation process. | |||||
| CVE-2024-53841 | 1 Google | 1 Android | 2026-06-17 | N/A | 7.8 HIGH |
| In startListeningForDeviceStateChanges, there is a possible Permission Bypass due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2024-53840 | 1 Google | 1 Android | 2026-06-17 | N/A | 7.8 HIGH |
| there is a possible biometric bypass due to an unusual root cause. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2024-53835 | 1 Google | 1 Android | 2026-06-17 | N/A | 7.8 HIGH |
| there is a possible biometric bypass due to an unusual root cause. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2024-53351 | 1 Linuxfoundation | 1 Pipecd | 2026-06-17 | N/A | 9.8 CRITICAL |
| Insecure permissions in pipecd v0.49 allow attackers to gain access to the service account's token, leading to escalation of privileges. | |||||
| CVE-2024-52946 | 2026-06-17 | N/A | 8.8 HIGH | ||
| An issue was discovered in LemonLDAP::NG before 2.20.1. An Improper Check during session refresh allows an authenticated user to raise their authentication level if the admin configured an "Adaptative authentication rule" with an increment instead of an absolute value. | |||||
| CVE-2024-52926 | 2026-06-17 | N/A | 6.5 MEDIUM | ||
| Delinea Privilege Manager before 12.0.2 mishandles the security of the Windows agent. | |||||
| CVE-2024-52867 | 2026-06-17 | N/A | 8.1 HIGH | ||
| guix-daemon in GNU Guix before 5ab3c4c allows privilege escalation because build outputs are accessible by local users before file metadata concerns (e.g., for setuid and setgid programs) are properly addressed. The vulnerability can be remediated within the product via certain pull, reconfigure, and restart actions. Both 5ab3c4c and 5582241 are needed to resolve the vulnerability. | |||||
| CVE-2024-52783 | 2026-06-17 | N/A | 5.1 MEDIUM | ||
| Insecure permissions in the XNetSocketClient component of XINJE XDPPro.exe v3.2.2 to v3.7.17c allows attackers to execute arbitrary code via modification of the configuration file. | |||||
| CVE-2024-52551 | 1 Jenkins | 1 Pipeline\ | 2026-06-17 | N/A | 8.0 HIGH |
| Jenkins Pipeline: Declarative Plugin 2.2214.vb_b_34b_2ea_9b_83 and earlier does not check whether the main (Jenkinsfile) script used to restart a build from a specific stage is approved, allowing attackers with Item/Build permission to restart a previous build whose (Jenkinsfile) script is no longer approved. | |||||
| CVE-2024-51765 | 2026-06-17 | N/A | 5.5 MEDIUM | ||
| A security vulnerability has been identified in HPE Cray Data Virtualization Service (DVS). Depending on configuration, this vulnerability may lead to local/cluster unauthorized access. | |||||
| CVE-2024-51764 | 2026-06-17 | N/A | 5.5 MEDIUM | ||
| A security vulnerability has been identified in HPE Data Management Framework (DMF) Suite (CXFS). Depending on configuration, this vulnerability may lead to local/cluster unauthorized access. | |||||
| CVE-2024-51440 | 2026-06-17 | N/A | 7.8 HIGH | ||
| An issue in Nothing Tech Nothing OS v.2.6 allows a local attacker to escalate privileges via the NtBpfService component. | |||||
| CVE-2024-51162 | 2026-06-17 | N/A | 8.8 HIGH | ||
| An issue in Audimex EE versions 15.1.20 and earlier allowing a remote attacker to escalate privileges. Analyzing the offline client code, it was identified that it is possible for any user (with any privilege) of Audimex to dump the whole Audimex database. This gives visibility upon password hashes of any user, ongoing audit data and more. | |||||
| CVE-2024-51051 | 2026-06-17 | N/A | 9.8 CRITICAL | ||
| AVSCMS v8.2.0 was discovered to contain weak default credentials for the Administrator account. | |||||