Total
1482 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-33966 | 1 Deno | 2 Deno, Deno Runtime | 2026-06-17 | N/A | 8.6 HIGH |
| Deno is a runtime for JavaScript and TypeScript. In deno 1.34.0 and deno_runtime 0.114.0, outbound HTTP requests made using the built-in `node:http` or `node:https` modules are incorrectly not checked against the network permission allow list (`--allow-net`). Dependencies relying on these built-in modules are subject to the vulnerability too. Users of Deno versions prior to 1.34.0 are unaffected. Deno Deploy users are unaffected. This problem has been patched in Deno v1.34.1 and deno_runtime 0.114.1 and all users are recommended to update to this version. No workaround is available for this issue. | |||||
| CVE-2023-33745 | 1 Teleadapt | 2 Roomcast Ta-2400, Roomcast Ta-2400 Firmware | 2026-06-17 | N/A | 9.8 CRITICAL |
| TeleAdapt RoomCast TA-2400 1.0 through 3.1 is vulnerable to Improper Privilege Management: from the shell available after an adb connection, simply entering the su command provides root access (without requiring a password). | |||||
| CVE-2023-33291 | 1 Ebankit | 1 Ebankit | 2026-06-17 | N/A | 7.4 HIGH |
| In ebankIT 6, the public endpoints /public/token/Email/generate and /public/token/SMS/generate allow generation of OTP messages to any e-mail address or phone number without validation. (It cannot be exploited with e-mail addresses or phone numbers that are registered in the application.) | |||||
| CVE-2023-33282 | 1 Marvalglobal | 1 Msm | 2026-06-17 | N/A | 9.8 CRITICAL |
| Marval MSM through 14.19.0.12476 and 15.0 has a System account with default credentials. A remote attacker is able to login and create a valid session. This makes it possible to make backend calls to endpoints in the application. | |||||
| CVE-2023-33240 | 2 Foxit, Microsoft | 3 Pdf Editor, Pdf Reader, Windows | 2026-06-17 | N/A | 7.8 HIGH |
| Foxit PDF Reader (12.1.1.15289 and earlier) and Foxit PDF Editor (12.1.1.15289 and all previous 12.x versions, 11.2.5.53785 and all previous 11.x versions, and 10.1.11.37866 and earlier) on Windows allows Local Privilege Escalation when installed to a non-default directory because unprivileged users have access to an executable file of a system service. This is fixed in 12.1.2. | |||||
| CVE-2023-32999 | 1 Jenkins | 1 Appspider | 2026-06-17 | N/A | 4.3 MEDIUM |
| A missing permission check in Jenkins AppSpider Plugin 1.0.15 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL and send an HTTP POST request with a JSON payload consisting of attacker-specified credentials. | |||||
| CVE-2023-32996 | 1 Jenkins | 1 Saml Single Sign-on | 2026-06-17 | N/A | 4.3 MEDIUM |
| A missing permission check in Jenkins SAML Single Sign On(SSO) Plugin 2.0.0 and earlier allows attackers with Overall/Read permission to send an HTTP POST request with JSON body containing attacker-specified content, to miniOrange's API for sending emails. | |||||
| CVE-2023-32698 | 1 Goreleaser | 1 Nfpm | 2026-06-17 | N/A | 7.1 HIGH |
| nFPM is an alternative to fpm. The file permissions on the checked-in files were not maintained. Hence, when nfpm packaged the files (without extra config for enforcing it’s own permissions) files could go out with bad permissions (chmod 666 or 777). Anyone using nfpm for creating packages without checking/setting file permissions before packaging could result in bad permissions for files/folders. | |||||
| CVE-2023-32663 | 1 Intel | 1 Realsense Software Development Kit | 2026-06-17 | N/A | 6.7 MEDIUM |
| Incorrect default permissions in some Intel(R) RealSense(TM) SDKs in version 2.53.1 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2023-32638 | 1 Intel | 1 Arc Rgb Controller | 2026-06-17 | N/A | 6.7 MEDIUM |
| Incorrect default permissions in some Intel Arc RGB Controller software before version 1.06 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2023-32547 | 2 Intel, Topconpositioning | 2 Falcon 8\+, Mavinci Desktop | 2026-06-17 | N/A | 6.7 MEDIUM |
| Incorrect default permissions in the MAVinci Desktop Software for Intel(R) Falcon 8+ before version 6.2 may allow authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2023-32543 | 1 Intel | 1 Intelligent Test System | 2026-06-17 | N/A | 6.7 MEDIUM |
| Incorrect default permissions in the Intel(R) ITS sofware before version 3.1 may allow authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2023-32492 | 1 Dell | 1 Powerscale Onefs | 2026-06-17 | N/A | 5.3 MEDIUM |
| Dell PowerScale OneFS 9.5.0.x contains an incorrect default permissions vulnerability. A low-privileged local attacker could potentially exploit this vulnerability, leading to information disclosure or allowing to modify files. | |||||
| CVE-2023-32407 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2026-06-17 | N/A | 5.5 MEDIUM |
| A logic issue was addressed with improved state management. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.6 and iPadOS 15.7.6, macOS Big Sur 11.7.7, macOS Monterey 12.6.6, iOS 16.5 and iPadOS 16.5. An app may be able to bypass Privacy preferences. | |||||
| CVE-2023-32405 | 1 Apple | 1 Macos | 2026-06-17 | N/A | 7.8 HIGH |
| A logic issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.7.7, macOS Monterey 12.6.6, macOS Ventura 13.4. An app may be able to gain root privileges. | |||||
| CVE-2023-32404 | 1 Apple | 4 Ipados, Iphone Os, Macos and 1 more | 2026-06-17 | N/A | 5.5 MEDIUM |
| This issue was addressed with improved entitlements. This issue is fixed in iOS 16.5 and iPadOS 16.5, watchOS 9.5, macOS Ventura 13.4. An app may be able to bypass Privacy preferences. | |||||
| CVE-2023-32399 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2026-06-17 | N/A | 5.5 MEDIUM |
| The issue was addressed with improved handling of caches. This issue is fixed in iOS 16.5 and iPadOS 16.5, watchOS 9.5, tvOS 16.5, macOS Ventura 13.4. An app may be able to read sensitive location information. | |||||
| CVE-2023-32351 | 1 Apple | 1 Itunes | 2026-06-17 | N/A | 7.8 HIGH |
| A logic issue was addressed with improved checks. This issue is fixed in iTunes 12.12.9 for Windows. An app may be able to gain elevated privileges. | |||||
| CVE-2023-32221 | 1 Easeus | 1 Todo Backup | 2026-06-17 | N/A | 8.8 HIGH |
| EaseUS Todo Backup version 20220111.390 - An omission during installation may allow a local attacker to perform privilege escalation. | |||||
| CVE-2023-32183 | 1 Opensuse | 1 Tumbleweed | 2026-06-17 | N/A | 7.8 HIGH |
| Incorrect Default Permissions vulnerability in the openSUSE Tumbleweed hawk2 package allows users with access to the hacluster to escalate to root This issue affects openSUSE Tumbleweed. | |||||