Total
109 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-46740 | 2026-06-17 | N/A | 7.5 HIGH | ||
| An authenticated user without user administrative permissions could change the administrator Account Name. | |||||
| CVE-2025-46708 | 3 Google, Imaginationtech, Linux | 3 Android, Ddk, Linux Kernel | 2026-06-17 | N/A | 4.3 MEDIUM |
| Software installed and running inside a Guest VM may conduct improper GPU system calls to prevent other Guests from running work on the GPU. | |||||
| CVE-2025-46584 | 1 Huawei | 1 Harmonyos | 2026-06-17 | N/A | 7.8 HIGH |
| Vulnerability of improper authentication logic implementation in the file system module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | |||||
| CVE-2025-46066 | 1 Automai | 1 Director | 2026-06-17 | N/A | 9.9 CRITICAL |
| An issue in Automai Director v.25.2.0 allows a remote attacker to escalate privileges | |||||
| CVE-2025-45376 | 1 Dell | 1 Repository Manager | 2026-06-17 | N/A | 7.5 HIGH |
| Dell Repository Manager (DRM), versions 3.4.7 and 3.4.8, contains an Improper Handling of Insufficient Permissions or Privileges vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges. | |||||
| CVE-2025-43527 | 1 Apple | 1 Macos | 2026-06-17 | N/A | 7.8 HIGH |
| A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.7.3, macOS Tahoe 26.2. An app may be able to gain root privileges. | |||||
| CVE-2025-3931 | 2026-06-17 | N/A | 7.8 HIGH | ||
| A flaw was found in Yggdrasil, which acts as a system broker, allowing the processes to communicate to other children's "worker" processes through the DBus component. Yggdrasil creates a DBus method to dispatch messages to workers. However, it misses authentication and authorization checks, allowing every system user to call it. One available Yggdrasil worker acts as a package manager with capabilities to create and enable new repositories and install or remove packages. This flaw allows an attacker with access to the system to leverage the lack of authentication on the dispatch message to force the Yggdrasil worker to install arbitrary RPM packages. This issue results in local privilege escalation, enabling the attacker to access and modify sensitive system data. | |||||
| CVE-2025-31173 | 1 Huawei | 1 Harmonyos | 2026-06-17 | N/A | 8.8 HIGH |
| Memory write permission bypass vulnerability in the kernel futex module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | |||||
| CVE-2025-31172 | 1 Huawei | 1 Harmonyos | 2026-06-17 | N/A | 7.8 HIGH |
| Memory write permission bypass vulnerability in the kernel futex module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | |||||
| CVE-2025-30453 | 1 Apple | 1 Macos | 2026-06-17 | N/A | 7.8 HIGH |
| The issue was addressed with additional permissions checks. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.6, macOS Ventura 13.7.6. A malicious app may be able to gain root privileges. | |||||
| CVE-2025-29826 | 1 Microsoft | 1 Dataverse | 2026-06-17 | N/A | 7.3 HIGH |
| Improper handling of insufficient permissions or privileges in Microsoft Dataverse allows an authorized attacker to elevate privileges over a network. | |||||
| CVE-2025-27521 | 1 Huawei | 1 Harmonyos | 2026-06-17 | N/A | 6.8 MEDIUM |
| Vulnerability of improper access permission in the process management module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | |||||
| CVE-2025-27025 | 2026-06-17 | N/A | 8.8 HIGH | ||
| The target device exposes a service on a specific TCP port with a configured endpoint. The access to that endpoint is granted using a Basic Authentication method. The endpoint accepts also the PUT method and it is possible to write files on the target device file system. Files are written as root. Using Postman it is possible to perform a Directory Traversal attack and write files into any location of the device file system. Similarly to the PUT method, it is possible to leverage the same mechanism to read any file from the file system by using the GET method. | |||||
| CVE-2025-27024 | 1 Nokia | 2 G42, G42 Firmware | 2026-06-17 | N/A | 6.5 MEDIUM |
| Unrestricted access to OS file system in SFTP service in Infinera G42 version R6.1.3 allows remote authenticated users to read/write OS files via SFTP connections. Details: Account members of the Network Administrator profile can access the target machine via SFTP with the same credentials used for SSH CLI access and are able to read all files according to the OS permission instead of remaining inside the chrooted directory position. | |||||
| CVE-2025-25179 | 1 Imaginationtech | 1 Ddk | 2026-06-17 | N/A | 7.8 HIGH |
| Software installed and run as a non-privileged user may conduct improper GPU system calls to subvert GPU HW to write to arbitrary physical memory pages. | |||||
| CVE-2025-24029 | 1 Enalean | 1 Tuleap | 2026-06-17 | N/A | 5.3 MEDIUM |
| Tuleap is an Open Source Suite to improve management of software developments and collaboration. Users (possibly anonymous ones if the widget is used in the dashboard of a public project) might get access to artifacts they should not see. This issue has been addressed in Tuleap Community Edition 16.3.99.1737562605 as well as Tuleap Enterprise Edition 16.3-5 and Tuleap Enterprise Edition 16.2-7. Users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2025-22395 | 1 Dell | 1 Update Package Framework | 2026-06-17 | N/A | 8.2 HIGH |
| Dell Update Package Framework, versions prior to 22.01.02, contain(s) a Local Privilege Escalation Vulnerability. A local low privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary remote scripts on the server. Exploitation may lead to a denial of service by an attacker. | |||||
| CVE-2025-22256 | 1 Fortinet | 2 Fortipam, Fortisra | 2026-06-17 | N/A | 6.3 MEDIUM |
| A improper handling of insufficient permissions or privileges in Fortinet FortiPAM 1.4.0 through 1.4.1, 1.3.0, 1.2.0, 1.1.0 through 1.1.2, 1.0.0 through 1.0.3, FortiSRA 1.4.0 through 1.4.1 allows attacker to improper access control via specially crafted HTTP requests | |||||
| CVE-2025-22129 | 1 Enalean | 1 Tuleap | 2026-06-17 | N/A | 4.3 MEDIUM |
| Tuleap is an Open Source Suite to improve management of software developments and collaboration. In affected versions an unauthorized user might get access to restricted information. This issue has been addressed in Tuleap Community Edition 16.3.99.1736242932, Tuleap Enterprise Edition 16.2-5, and Tuleap Enterprise Edition 16.3-2. Users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2025-20649 | 2 Mediatek, Openwrt | 11 Mt6880, Mt6890, Mt6980 and 8 more | 2026-06-17 | N/A | 6.5 MEDIUM |
| In Bluetooth Stack SW, there is a possible information disclosure due to a missing permission check. This could lead to remote (proximal/adjacent) information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00396437; Issue ID: MSV-2184. | |||||