Total
53 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-51448 | 1 Ibm | 1 Robotic Process Automation | 2026-06-17 | N/A | 6.7 MEDIUM |
| IBM Robotic Process Automation 21.0.0 through 21.0.7.17 and 23.0.0 through 23.0.18 could allow a local user to escalate their privileges. All files in the install inherit the file permissions of the parent directory and therefore a non-privileged user can substitute any executable for the nssm.exe service. A subsequent service or server restart will then run that binary with administrator privilege. | |||||
| CVE-2024-45599 | 2026-06-17 | N/A | 3.8 LOW | ||
| Cursor is an artificial intelligence code editor. Prior to version 0.41.0, if a user on macOS has granted Cursor access to the camera or microphone, any program that is run on the machine is able to access the camera or the microphone without explicitly being granted access, through a DyLib Injection using DYLD_INSERT_LIBRARIES environment variable. The usage of `com.apple.security.cs.allow-dyld-environment-variables` and `com.apple.security.cs.disable-library-validation` allows an external dynamic library to be injected into the application using DYLD_INSERT_LIBRARIES environment variable. Moreover, the entitlement `com.apple.security.device.camera` allows the application to use the host camera and `com.apple.security.device.audio-input` allows the application to use the microphone. This means that untrusted code that is executed on the user's machine can access the camera or the microphone, if the user has already given permission for Cursor to do so. In version 0.41.0, the entitlements have been split by process: the main process gets the camera and microphone entitlements, but not the DyLib entitlements, whereas the extension host process gets the DyLib entitlements but not the camera or microphone entitlements. As a workaround, do not explicitly give Cursor the permission to access the camera or microphone if untrusted users can run arbitrary commands on the affected machine. | |||||
| CVE-2024-42681 | 1 Xuxueli | 1 Xxl-job | 2026-06-17 | N/A | 8.8 HIGH |
| Insecure Permissions vulnerability in xxl-job v.2.4.1 allows a remote attacker to execute arbitrary code via the Sub-Task ID component. | |||||
| CVE-2024-41601 | 2026-06-17 | N/A | 7.5 HIGH | ||
| Insecure Permissions vulnerability in lin-CMS v.0.2.0 and before allows a remote attacker to obtain sensitive information via the login method in the UserController.java component. | |||||
| CVE-2024-39877 | 1 Apache | 1 Airflow | 2026-06-17 | N/A | 8.8 HIGH |
| Apache Airflow 2.4.0, and versions before 2.9.3, has a vulnerability that allows authenticated DAG authors to craft a doc_md parameter in a way that could execute arbitrary code in the scheduler context, which should be forbidden according to the Airflow Security model. Users should upgrade to version 2.9.3 or later which has removed the vulnerability. | |||||
| CVE-2024-36691 | 2026-06-17 | N/A | 6.3 MEDIUM | ||
| Insecure permissions in the AdminController.AjaxSave() method of PPGo_Jobs v2.8.0 allows authenticated attackers to arbitrarily modify users' account information. | |||||
| CVE-2024-36542 | 2026-06-17 | N/A | 8.8 HIGH | ||
| Insecure permissions in kuma v2.7.0 allows attackers to access sensitive data and escalate privileges by obtaining the service account's token. | |||||
| CVE-2024-36540 | 1 External-secrets | 1 External Secrets Operator | 2026-06-17 | N/A | 9.8 CRITICAL |
| Insecure permissions in external-secrets v0.9.16 allows attackers to access sensitive data and escalate privileges by obtaining the service account's token. | |||||
| CVE-2024-36539 | 1 Projectcontour | 1 Contour | 2026-06-17 | N/A | 9.8 CRITICAL |
| Insecure permissions in contour v1.28.3 allows attackers to access sensitive data and escalate privileges by obtaining the service account's token. | |||||
| CVE-2024-36294 | 1 Intel | 1 Driver \& Support Assistant | 2026-06-17 | N/A | 6.7 MEDIUM |
| Insecure inherited permissions for some Intel(R) DSA software before version 24.3.26.8 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2024-36276 | 1 Intel | 1 Computing Improvement Program | 2026-06-17 | N/A | 6.7 MEDIUM |
| Insecure inherited permissions for some Intel(R) CIP software before version 2.4.10852 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2024-34329 | 2026-06-17 | N/A | 8.4 HIGH | ||
| Insecure permissions in Entrust Datacard XPS Card Printer Driver 8.5 and earlier without the dxp1-patch-E24-004 patch allows unauthenticated attackers to execute arbitrary code as SYSTEM via a crafted DLL payload. | |||||
| CVE-2024-29417 | 2026-06-17 | N/A | 8.4 HIGH | ||
| Insecure Permissions vulnerability in e-trust Horacius 1.0, 1.1, and 1.2 allows a local attacker to escalate privileges via the password reset function. | |||||
| CVE-2024-27848 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2026-06-17 | N/A | 7.8 HIGH |
| This issue was addressed with improved permissions checking. This issue is fixed in iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5. A malicious app may be able to gain root privileges. | |||||
| CVE-2024-27847 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2026-06-17 | N/A | 5.5 MEDIUM |
| This issue was addressed with improved checks. This issue is fixed in iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and iPadOS 17.5, macOS Monterey 12.7.5, macOS Sonoma 14.5, macOS Ventura 13.6.7. An app may be able to bypass Privacy preferences. | |||||
| CVE-2024-27834 | 4 Apple, Fedoraproject, Webkitgtk and 1 more | 9 Ipados, Iphone Os, Macos and 6 more | 2026-06-17 | N/A | 5.5 MEDIUM |
| The issue was addressed with improved checks. This issue is fixed in Safari 17.5, iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5, tvOS 17.5, watchOS 10.5. An attacker with arbitrary read and write capability may be able to bypass Pointer Authentication. | |||||
| CVE-2024-27825 | 1 Apple | 1 Macos | 2026-06-17 | N/A | 7.1 HIGH |
| A downgrade issue affecting Intel-based Mac computers was addressed with additional code-signing restrictions. This issue is fixed in macOS Sonoma 14.5. An app may be able to bypass certain Privacy preferences. | |||||
| CVE-2024-27822 | 1 Apple | 1 Macos | 2026-06-17 | N/A | 7.8 HIGH |
| A logic issue was addressed with improved restrictions. This issue is fixed in macOS Sonoma 14.5. An app may be able to gain root privileges. | |||||
| CVE-2024-25561 | 1 Intel | 19 Hid Event Filter Driver, Nuc M15 Laptop Kit Lapbc510, Nuc M15 Laptop Kit Lapbc510 Firmware and 16 more | 2026-06-17 | N/A | 6.7 MEDIUM |
| Insecure inherited permissions in some Intel(R) HID Event Filter software installers before version 2.2.2.1 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2024-23908 | 1 Intel | 1 Flexlm License Daemons For Intel Fpga | 2026-06-17 | N/A | 6.7 MEDIUM |
| Insecure inherited permissions in some Flexlm License Daemons for Intel(R) FPGA software before version v11.19.5.0 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||