Total
1480 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-46462 | 2026-06-17 | N/A | 7.8 HIGH | ||
| By default, dedicated folders of ZEDMAIL for Windows up to 2024.3 can be accessed by other users to misuse technical files and make them perform tasks with higher privileges. Configuration of ZEDMAIL has to be modified to prevent this vulnerability. | |||||
| CVE-2024-46054 | 1 Davidguva | 1 Openvidreview | 2026-06-17 | N/A | 9.8 CRITICAL |
| OpenVidReview 1.0 is vulnerable to Incorrect Access Control. The /upload route is accessible without authentication, allowing any user to upload files. | |||||
| CVE-2024-45819 | 1 Xen | 1 Xen | 2026-06-17 | N/A | 5.5 MEDIUM |
| PVH guests have their ACPI tables constructed by the toolstack. The construction involves building the tables in local memory, which are then copied into guest memory. While actually used parts of the local memory are filled in correctly, excess space that is being allocated is left with its prior contents. | |||||
| CVE-2024-45690 | 1 Moodle | 1 Moodle | 2026-06-17 | N/A | 7.5 HIGH |
| A flaw was found in Moodle. Additional checks were required to ensure users can only delete their OAuth2-linked accounts. | |||||
| CVE-2024-45494 | 2026-06-17 | N/A | 9.8 CRITICAL | ||
| An issue was discovered in MSA FieldServer Gateway 5.0.0 through 6.5.2 (Fixed in 7.0.0). The FieldServer Gateway has an internally used shared administrative user account on all devices. The authentication for this user is implemented through an unsafe shared secret that is static in all affected firmware versions. | |||||
| CVE-2024-45067 | 2026-06-17 | N/A | 8.2 HIGH | ||
| Incorrect default permissions in some Intel(R) Gaudi(R) software installers before version 1.18 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2024-44786 | 2026-06-17 | N/A | 7.5 HIGH | ||
| Incorrect access control in Meabilis CMS 1.0 allows attackers to access other users' address books via unspecified vectors. | |||||
| CVE-2024-44760 | 1 Sunmochina | 1 Enterprise Management System | 2026-06-17 | N/A | 7.5 HIGH |
| Incorrect access control in the component /servlet/SnoopServlet of Shenzhou News Union Enterprise Management System v5.0 through v18.8 allows attackers to access sensitive information regarding the server. | |||||
| CVE-2024-44228 | 1 Apple | 1 Xcode | 2026-06-17 | N/A | 7.5 HIGH |
| This issue was addressed with improved permissions checking. This issue is fixed in Xcode 16. An app may be able to inherit Xcode permissions and access user data. | |||||
| CVE-2024-44224 | 1 Apple | 1 Macos | 2026-06-17 | N/A | 7.8 HIGH |
| A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.2, macOS Sonoma 14.7.2, macOS Ventura 13.7.2. A malicious app may be able to gain root privileges. | |||||
| CVE-2024-44151 | 1 Apple | 1 Macos | 2026-06-17 | N/A | 5.5 MEDIUM |
| A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15, macOS Sonoma 14.7, macOS Ventura 13.7. An app may be able to modify protected parts of the file system. | |||||
| CVE-2024-44135 | 1 Apple | 1 Macos | 2026-06-17 | N/A | 5.5 MEDIUM |
| A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15, macOS Sonoma 14.7. An app may be able to access protected files within an App Sandbox container. | |||||
| CVE-2024-44100 | 1 Google | 32 Android, Pixel, Pixel 2 and 29 more | 2026-06-17 | N/A | 7.5 HIGH |
| Android before 2024-10-05 on Google Pixel devices allows information disclosure in the modem component, A-299774545. | |||||
| CVE-2024-43791 | 1 Steveklabnik | 1 Request Store | 2026-06-17 | N/A | 7.8 HIGH |
| RequestStore provides per-request global storage for Rack. The files published as part of request_store 1.3.2 have 0666 permissions, meaning that they are world-writable, which allows local users to execute arbitrary code. This version was published in 2017, and most production environments do not allow access for local users, so the chances of this being exploited are very low, given that the vast majority of users will have upgraded, and those that have not, if any, are not likely to be exposed. | |||||
| CVE-2024-43769 | 1 Google | 1 Android | 2026-06-17 | N/A | 7.8 HIGH |
| In isPackageDeviceAdmin of PackageManagerService.java, there is a possible edge case which could prevent the uninstallation of CloudDpc due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2024-43765 | 1 Google | 1 Android | 2026-06-17 | N/A | 7.8 HIGH |
| In multiple locations, there is a possible way to obtain access to a folder due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation. | |||||
| CVE-2024-43430 | 1 Moodle | 1 Moodle | 2026-06-17 | N/A | 5.3 MEDIUM |
| A flaw was found in moodle. External API access to Quiz can override contained insufficient access control. | |||||
| CVE-2024-43166 | 1 Apache | 1 Dolphinscheduler | 2026-06-17 | N/A | 9.8 CRITICAL |
| Incorrect Default Permissions vulnerability in Apache DolphinScheduler. This issue affects Apache DolphinScheduler: before 3.2.2. Users are recommended to upgrade to version 3.3.1, which fixes the issue. | |||||
| CVE-2024-43114 | 1 Jetbrains | 1 Teamcity | 2026-06-17 | N/A | 7.5 HIGH |
| In JetBrains TeamCity before 2024.07.1 possible privilege escalation due to incorrect directory permissions | |||||
| CVE-2024-43089 | 1 Google | 1 Android | 2026-06-17 | N/A | 7.8 HIGH |
| In updateInternal of MediaProvider.java , there is a possible access of another app's files due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||