Total
1481 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-39347 | 1 Synology | 1 Router Manager | 2026-06-17 | N/A | 5.9 MEDIUM |
| Incorrect default permissions vulnerability in firewall functionality in Synology Router Manager (SRM) before 1.2.5-8227-11 and 1.3.1-9346-8 allows man-in-the-middle attackers to access highly sensitive intranet resources via unspecified vectors. | |||||
| CVE-2024-38499 | 2026-06-17 | N/A | 8.8 HIGH | ||
| CA Client Automation (ITCM) allows non-admin/non-root users to encrypt a string using CAF CLI and SD_ACMD CLI. This would allow the non admin user to access the critical encryption keys which further causes the exploitation of stored credentials. This fix doesn't allow a non-admin/non-root user to execute "caf encrypt"/"sd_acmd encrypt" commands. | |||||
| CVE-2024-38459 | 1 Langchain | 1 Langchain-experimental | 2026-06-17 | N/A | 7.8 HIGH |
| langchain_experimental (aka LangChain Experimental) before 0.0.61 for LangChain provides Python REPL access without an opt-in step. NOTE; this issue exists because of an incomplete fix for CVE-2024-27444. | |||||
| CVE-2024-38222 | 1 Microsoft | 1 Edge | 2026-06-17 | N/A | 6.5 MEDIUM |
| Microsoft Edge (Chromium-based) Information Disclosure Vulnerability | |||||
| CVE-2024-37038 | 1 Schneider-electric | 7 Sage 1410, Sage 1430, Sage 1450 and 4 more | 2026-06-17 | N/A | 7.5 HIGH |
| CWE-276: Incorrect Default Permissions vulnerability exists that could allow an authenticated user with access to the device’s web interface to perform unauthorized file and firmware uploads when crafting custom web requests. | |||||
| CVE-2024-36541 | 1 Kube-logging | 1 Logging-operator | 2026-06-17 | N/A | 8.8 HIGH |
| Insecure permissions in logging-operator v4.6.0 allows attackers to access sensitive data and escalate privileges by obtaining the service account's token. | |||||
| CVE-2024-36495 | 2026-06-17 | N/A | 7.7 HIGH | ||
| The application Faronics WINSelect (Standard + Enterprise) saves its configuration in an encrypted file on the file system which "Everyone" has read and write access to, path to file: C:\ProgramData\WINSelect\WINSelect.wsd The path for the affected WINSelect Enterprise configuration file is: C:\ProgramData\Faronics\StorageSpace\WS\WINSelect.wsd | |||||
| CVE-2024-36339 | 2026-06-17 | N/A | 7.3 HIGH | ||
| A DLL hijacking vulnerability in the AMD Optimizing CPU Libraries could allow an attacker to achieve privilege escalation, potentially resulting in arbitrary code execution. | |||||
| CVE-2024-36063 | 2026-06-17 | N/A | 7.5 HIGH | ||
| The Goodwy com.goodwy.dialer (aka Right Dialer) application through 5.1.0 for Android enables any application (with no permissions) to place phone calls without user interaction by sending a crafted intent via the com.goodwy.dialer.activities.DialerActivity component. | |||||
| CVE-2024-35287 | 1 Mitel | 1 Micollab | 2026-06-17 | N/A | 6.7 MEDIUM |
| A vulnerability in the NuPoint Messenger (NPM) component of Mitel MiCollab through version 9.8 SP1 (9.8.1.5) could allow an authenticated attacker with administrative privilege to conduct a privilege escalation attack due to the execution of a resource with unnecessary privileges. A successful exploit could allow an attacker to execute arbitrary commands with elevated privileges. | |||||
| CVE-2024-35201 | 2 Intel, Microsoft | 2 Server Debug And Provisioning Tool, Windows | 2026-06-17 | N/A | 6.7 MEDIUM |
| Incorrect default permissions in the Intel(R) SDP Tool for Windows software all versions may allow an authenticated user to enable escalation of privilege via local access. | |||||
| CVE-2024-35139 | 1 Ibm | 1 Security Access Manager | 2026-06-17 | N/A | 6.2 MEDIUM |
| IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1 could allow a local user to obtain sensitive information from the container due to incorrect default permissions. IBM X-Force ID: 292415. | |||||
| CVE-2024-34730 | 1 Google | 1 Android | 2026-06-17 | N/A | 7.8 HIGH |
| In multiple locations, there is a possible bypass of user consent to enabling new Bluetooth HIDs due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2024-34679 | 1 Samsung | 1 Android | 2026-06-17 | N/A | 4.0 MEDIUM |
| Incorrect default permissions in Crane prior to SMR Nov-2024 Release 1 allows local attackers to access files with phone privilege. | |||||
| CVE-2024-34661 | 1 Samsung | 1 Assistant | 2026-06-17 | N/A | 4.3 MEDIUM |
| Improper handling of insufficient permissions in Samsung Assistant prior to version 9.1.00.7 allows remote attackers to access location data. User interaction is required for triggering this vulnerability. | |||||
| CVE-2024-34648 | 1 Samsung | 1 Android | 2026-06-17 | N/A | 5.1 MEDIUM |
| Improper Handling of Insufficient Permissions in KnoxMiscPolicy prior to SMR Sep-2024 Release 1 allows local attackers to access sensitive data. | |||||
| CVE-2024-34617 | 1 Samsung | 1 Android | 2026-06-17 | N/A | 4.0 MEDIUM |
| Improper handling of insufficient permission in Telephony prior to SMR Aug-2024 Release 1 allows local attackers to configure default Message application. | |||||
| CVE-2024-34616 | 1 Samsung | 1 Android | 2026-06-17 | N/A | 5.1 MEDIUM |
| Improper handling of insufficient permission in KnoxDualDARPolicy prior to SMR Aug-2024 Release 1 allows local attackers to access sensitive data. | |||||
| CVE-2024-34474 | 2026-06-17 | N/A | 7.8 HIGH | ||
| Clario through 2024-04-11 for Desktop has weak permissions for %PROGRAMDATA%\Clario and tries to load DLLs from there as SYSTEM. | |||||
| CVE-2024-34455 | 2026-06-17 | N/A | 7.5 HIGH | ||
| Buildroot before 0b2967e lacks the sticky bit for the /dev/shm directory. A fix was released in 2024.02.2. | |||||