Total
1480 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-50657 | 2026-06-17 | N/A | 6.8 MEDIUM | ||
| An issue in Owncloud android apk v.4.3.1 allows a physically proximate attacker to escalate privileges via the PassCodeViewModel class, specifically in the checkPassCodeIsValid method | |||||
| CVE-2024-50590 | 2026-06-17 | N/A | 7.8 HIGH | ||
| Attackers with local access to the medical office computer can escalate their Windows user privileges to "NT AUTHORITY\SYSTEM" by overwriting one of two Elefant service binaries with weak permissions. The default installation directory of Elefant is "C:\Elefant1" which is writable for all users. In addition, the Elefant installer registers two Firebird database services which are running as “NT AUTHORITY\SYSTEM”. Path: C:\Elefant1\Firebird_2\bin\fbserver.exe Path: C:\Elefant1\Firebird_2\bin\fbguard.exe Both service binaries are user writable. This means that a local attacker can rename one of the service binaries, replace the service executable with a new executable, and then restart the system. Once the system has rebooted, the new service binary is executed as "NT AUTHORITY\SYSTEM". | |||||
| CVE-2024-4763 | 2026-06-17 | N/A | 7.8 HIGH | ||
| An insecure driver vulnerability was reported in Lenovo Display Control Center (LDCC) and Lenovo Accessories and Display Manager (LADM) that could allow a local attacker to escalate privileges to kernel. | |||||
| CVE-2024-4679 | 2026-06-17 | N/A | 7.8 HIGH | ||
| Incorrect Default Permissions vulnerability in Hitachi JP1/Extensible SNMP Agent for Windows, Hitachi JP1/Extensible SNMP Agent on Windows, Hitachi Job Management Partner1/Extensible SNMP Agent on Windows allows File Manipulation.This issue affects JP1/Extensible SNMP Agent for Windows: from 12-00 before 12-00-01, from 11-00 through 11-00-*; JP1/Extensible SNMP Agent: from 10-10 through 10-10-01, from 10-00 through 10-00-02, from 09-00 through 09-00-04; Job Management Partner1/Extensible SNMP Agent: from 10-10 through 10-10-01, from 10-00 through 10-00-02, from 09-00 through 09-00-04. | |||||
| CVE-2024-4229 | 2026-06-17 | N/A | 7.8 HIGH | ||
| Incorrect Default Permissions vulnerability in Edgecross Basic Software for Windows versions 1.00 and later and Edgecross Basic Software for Developers versions 1.00 and later allows a malicious local attacker to execute an arbitrary malicious code, resulting in information disclosure, tampering with and deletion, or a denial-of-service (DoS) condition, if the product is installed in a folder other than a folder that only users with administrative privilege have permission to modify. | |||||
| CVE-2024-4226 | 1 Octopus | 1 Octopus Server | 2026-06-17 | N/A | 3.5 LOW |
| It was identified that in certain versions of Octopus Server, that a user created with no permissions could view all users, user roles and permissions. This functionality was removed in versions of Octopus Server after the fixed versions listed. | |||||
| CVE-2024-4030 | 2026-06-17 | N/A | 7.1 HIGH | ||
| On Windows a directory returned by tempfile.mkdtemp() would not always have permissions set to restrict reading and writing to the temporary directory by other users, instead usually inheriting the correct permissions from the default location. Alternate configurations or users without a profile directory may not have the intended permissions. If you’re not using Windows or haven’t changed the temporary directory location then you aren’t affected by this vulnerability. On other platforms the returned directory is consistently readable and writable only by the current user. This issue was caused by Python not supporting Unix permissions on Windows. The fix adds support for Unix “700” for the mkdir function on Windows which is used by mkdtemp() to ensure the newly created directory has the proper permissions. | |||||
| CVE-2024-49744 | 1 Google | 1 Android | 2026-06-17 | N/A | 7.8 HIGH |
| In checkKeyIntentParceledCorrectly of AccountManagerService.java, there is a possible way to bypass parcel mismatch mitigation due to unsafe deserialization. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. | |||||
| CVE-2024-49737 | 1 Google | 1 Android | 2026-06-17 | N/A | 7.8 HIGH |
| In applyTaskFragmentOperation of WindowOrganizerController.java, there is a possible way to launch arbitrary activities as the system UID due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2024-49735 | 1 Google | 1 Android | 2026-06-17 | N/A | 7.8 HIGH |
| In multiple locations, there is a possible failure to persist permissions settings due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2024-49732 | 1 Google | 1 Android | 2026-06-17 | N/A | 7.8 HIGH |
| In multiple functions of CompanionDeviceManagerService.java, there is a possible way to grant permissions without user consent due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2024-49724 | 1 Google | 1 Android | 2026-06-17 | N/A | 7.0 HIGH |
| In multiple functions of AccountManagerService.java, there is a possible way to bypass permissions and launch protected activities due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. | |||||
| CVE-2024-49504 | 2026-06-17 | N/A | N/A | ||
| grub2 allowed attackers with access to the grub shell to access files on the encrypted disks. | |||||
| CVE-2024-49389 | 1 Acronis | 1 Cyber Files | 2026-06-17 | N/A | 7.8 HIGH |
| Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Cyber Files (Windows) before build 9.0.0x24. | |||||
| CVE-2024-49202 | 2026-06-17 | N/A | 7.6 HIGH | ||
| Keyfactor Command before 12.5.0 has Incorrect Access Control: access tokens are over permissioned, aka 64099. The fixed versions are 11.5.1.1, 11.5.2.1, 11.5.3.1, 11.5.4.5, 11.5.6.1, 11.6.0, 12.2.0.1, 12.3.0.1, 12.4.0.1, 12.5.0, and 24.4.0. | |||||
| CVE-2024-48823 | 2026-06-17 | N/A | 9.8 CRITICAL | ||
| Local file inclusion in Automatic Systems Maintenance SlimLane 29565_d74ecce0c1081d50546db573a499941b10799fb7 allows a remote attacker to escalate privileges via the PassageAutoServer.php page. | |||||
| CVE-2024-48822 | 2026-06-17 | N/A | 8.8 HIGH | ||
| Privilege escalation in Automatic Systems Maintenance SlimLane 29565_d74ecce0c1081d50546db573a499941b10799fb7 allows a remote attacker to escalate privileges via the FtpConfig.php page. | |||||
| CVE-2024-48572 | 1 Aquila-cms | 1 Aquilacms | 2026-06-17 | N/A | 5.3 MEDIUM |
| A User enumeration vulnerability in AquilaCMS 1.409.20 and prior allows unauthenticated attackers to obtain email addresses via the "Add a user" feature. The vulnerability occurs due to insufficiently validated user input being processed as a regular expression, which is then matched against email addresses to find duplicate entries. | |||||
| CVE-2024-48533 | 1 Esoftplanner | 1 Esoft Planner | 2026-06-17 | N/A | 5.3 MEDIUM |
| A discrepancy between responses for valid and invalid e-mail accounts in the Forgot your Login? module of eSoft Planner 3.24.08271-USA allows attackers to enumerate valid user e-mail accounts. | |||||
| CVE-2024-48293 | 2026-06-17 | N/A | 6.5 MEDIUM | ||
| Incorrect access control in QuickHeal Antivirus Pro 24.1.0.182 and earlier allows authenticated attackers with low-level privileges to arbitrarily modify antivirus settings. | |||||