Total
1480 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-43086 | 1 Google | 1 Android | 2026-06-17 | N/A | 5.5 MEDIUM |
| In validateAccountsInternal of AccountManagerService.java, there is a possible way to leak account credentials to a third party app due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2024-43085 | 1 Google | 1 Android | 2026-06-17 | N/A | 7.8 HIGH |
| In handleMessage of UsbDeviceManager.java, there is a possible method to access device contents over USB without unlocking the device due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2024-43081 | 1 Google | 1 Android | 2026-06-17 | N/A | 7.8 HIGH |
| In installExistingPackageAsUser of InstallPackageHelper.java, there is a possible carrier restriction bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2024-42681 | 1 Xuxueli | 1 Xxl-job | 2026-06-17 | N/A | 8.8 HIGH |
| Insecure Permissions vulnerability in xxl-job v.2.4.1 allows a remote attacker to execute arbitrary code via the Sub-Task ID component. | |||||
| CVE-2024-42419 | 2026-06-17 | N/A | 6.7 MEDIUM | ||
| Incorrect default permissions for some Intel(R) GPA and Intel(R) GPA Framework software installers may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2024-42188 | 1 Hcltech | 1 Connections | 2026-06-17 | N/A | 3.7 LOW |
| HCL Connections is vulnerable to a broken access control vulnerability that may allow an unauthorized user to update data in certain scenarios. | |||||
| CVE-2024-42053 | 1 Splashtop | 1 Streamer | 2026-06-17 | N/A | 7.8 HIGH |
| The MSI installer for Splashtop Streamer for Windows before 3.6.0.0 uses a temporary folder with weak permissions during installation. A local user can exploit this to escalate privileges to SYSTEM by placing a version.dll file in the folder. | |||||
| CVE-2024-42028 | 2026-06-17 | N/A | 8.8 HIGH | ||
| A Local privilege escalation vulnerability found in a Self-Hosted UniFi Network Server with UniFi Network Application (Version 8.4.62 and earlier) allows a malicious actor with a local operational system user to execute high privilege actions on UniFi Network Server. | |||||
| CVE-2024-40805 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2026-06-17 | N/A | 7.1 HIGH |
| A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 17.6 and iPadOS 17.6, macOS Sonoma 14.6, tvOS 17.6, watchOS 10.6. An app may be able to bypass Privacy preferences. | |||||
| CVE-2024-40792 | 1 Apple | 1 Macos | 2026-06-17 | N/A | 3.3 LOW |
| A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15. A malicious app may be able to change network settings. | |||||
| CVE-2024-40661 | 1 Google | 1 Android | 2026-06-17 | N/A | 7.8 HIGH |
| In mayAdminGrantPermission of AdminRestrictedPermissionsUtils.java, there is a possible way to access the microphone due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2024-40660 | 1 Google | 1 Android | 2026-06-17 | N/A | 7.8 HIGH |
| In setTransactionState of SurfaceFlinger.cpp, there is a possible way to change protected display attributes due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2024-40655 | 1 Google | 1 Android | 2026-06-17 | N/A | 7.8 HIGH |
| In bindAndGetCallIdentification of CallScreeningServiceHelper.java, there is a possible way to maintain a while-in-use permission in the background due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. | |||||
| CVE-2024-40654 | 1 Google | 1 Android | 2026-06-17 | N/A | 7.8 HIGH |
| In multiple locations, there is a possible permission bypass due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. | |||||
| CVE-2024-40514 | 1 Themesbrand | 1 Chatvia | 2026-06-17 | N/A | 4.6 MEDIUM |
| Insecure Permissions vulnerability in themesebrand Chatvia v.5.3.2 allows a remote attacker to escalate privileges via the User profile name and image upload functions. | |||||
| CVE-2024-3904 | 2026-06-17 | N/A | 8.8 HIGH | ||
| Incorrect Default Permissions vulnerability in Smart Device Communication Gateway preinstalled on MELIPC Series MI5122-VW firmware versions "05" to "07" allows a local attacker to execute arbitrary code by saving a malicious file to a specific folder. As a result, the attacker may disclose, tamper with, destroy or delete information in the product, or cause a denial-of-service (DoS) condition on the product. | |||||
| CVE-2024-3779 | 1 Eset | 8 Endpoint Antivirus, Endpoint Security, Internet Security and 5 more | 2026-06-17 | N/A | 6.1 MEDIUM |
| Denial of service vulnerability present shortly after product installation or upgrade, potentially allowed an attacker to render ESET’s security product inoperable, provided non-default preconditions were met. | |||||
| CVE-2024-39924 | 1 Dani-garcia | 1 Vaultwarden | 2026-06-17 | N/A | 8.8 HIGH |
| An issue was discovered in Vaultwarden (formerly Bitwarden_RS) 1.30.3. A vulnerability has been identified in the authentication and authorization process of the endpoint responsible for altering the metadata of an emergency access. It permits an attacker with granted emergency access to escalate their privileges by changing the access level and modifying the wait time. Consequently, the attacker can gain full control over the vault (when only intended to have read access) while bypassing the necessary wait period. | |||||
| CVE-2024-39544 | 1 Juniper | 1 Junos Os Evolved | 2026-06-17 | N/A | 5.0 MEDIUM |
| An Incorrect Default Permissions vulnerability in the command line interface (CLI) of Juniper Networks Junos OS Evolved allows a low privileged local attacker to view NETCONF traceoptions files, representing an exposure of sensitive information. On all Junos OS Evolved platforms, when NETCONF traceoptions are configured, NETCONF traceoptions files get created with an incorrect group permission, which allows a low-privileged user can access sensitive information compromising the confidentiality of the system. Junos OS Evolved: * All versions before 20.4R3-S9-EVO, * 21.2-EVO before 21.2R3-S7-EVO, * 21.4-EVO before 21.4R3-S5-EVO, * 22.1-EVO before 22.1R3-S5-EVO, * 22.2-EVO before 22.2R3-S3-EVO, * 22.3-EVO before 22.3R3-EVO, 22.3R3-S2-EVO, * 22.4-EVO before 22.4R3-EVO, * 23.2-EVO before 23.2R1-S2-EVO, 23.2R2-EVO. | |||||
| CVE-2024-39347 | 1 Synology | 1 Router Manager | 2026-06-17 | N/A | 5.9 MEDIUM |
| Incorrect default permissions vulnerability in firewall functionality in Synology Router Manager (SRM) before 1.2.5-8227-11 and 1.3.1-9346-8 allows man-in-the-middle attackers to access highly sensitive intranet resources via unspecified vectors. | |||||