Total
4403 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-50353 | 1 Iowacomputergurus | 1 Aspnetcore.utilities.cloudstorage | 2026-06-17 | N/A | 5.3 MEDIUM |
| ICG.AspNetCore.Utilities.CloudStorage is a collection of cloud storage utilities to assist with the management of files for cloud upload. Users of this library that set a duration for a SAS Uri with a value other than 1 hour may have generated a URL with a duration that is longer, or shorter than desired. Users not implemented SAS Uri's are unaffected. This issue was resolved in version 8.0.0 of the library. | |||||
| CVE-2024-4988 | 2026-06-17 | N/A | 7.5 HIGH | ||
| The mobile application (com.transsion.videocallenhancer) interface has improper permission control, which can lead to the risk of private file leakage. | |||||
| CVE-2024-4263 | 1 Lfprojects | 1 Mlflow | 2026-06-17 | N/A | 5.4 MEDIUM |
| A broken access control vulnerability exists in mlflow/mlflow versions before 2.10.1, where low privilege users with only EDIT permissions on an experiment can delete any artifacts. This issue arises due to the lack of proper validation for DELETE requests by users with EDIT permissions, allowing them to perform unauthorized deletions of artifacts. The vulnerability specifically affects the handling of artifact deletions within the application, as demonstrated by the ability of a low privilege user to delete a directory inside an artifact using a DELETE request, despite the official documentation stating that users with EDIT permission can only read and update artifacts, not delete them. | |||||
| CVE-2024-4225 | 2026-06-17 | N/A | 7.6 HIGH | ||
| Multiple security vulnerabilities has been discovered in web interface of NetGuardian DIN Remote Telemetry Unit (RTU), by DPS Telecom. Attackers can exploit those security vulnerabilities to perform critical actions such as escalate user's privilege, steal user's credential, Cross Site Scripting (XSS) and Cross-Site Request Forgery (CSRF). | |||||
| CVE-2024-4198 | 1 Mattermost | 1 Mattermost Server | 2026-06-17 | N/A | 2.7 LOW |
| Mattermost versions 9.6.0, 9.5.x before 9.5.3, and 8.1.x before 8.1.12 fail to fully validate role changes which allows an attacker authenticated as team admin to demote users to guest via crafted HTTP requests. | |||||
| CVE-2024-4195 | 1 Mattermost | 1 Mattermost Server | 2026-06-17 | N/A | 2.7 LOW |
| Mattermost versions 9.6.0, 9.5.x before 9.5.3, and 8.1.x before 8.1.12 fail to fully validate role changes, which allows an attacker authenticated as a team admin to promote guests to team admins via crafted HTTP requests. | |||||
| CVE-2024-49842 | 1 Qualcomm | 358 Aqt1000, Aqt1000 Firmware, Ar8035 and 355 more | 2026-06-17 | N/A | 7.8 HIGH |
| Memory corruption during memory mapping into protected VM address space due to incorrect API restrictions. | |||||
| CVE-2024-49600 | 1 Dell | 1 Power Manager | 2026-06-17 | N/A | 7.8 HIGH |
| Dell Power Manager (DPM), versions prior to 3.17, contain an improper access control vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution and Elevation of Privileges. | |||||
| CVE-2024-49107 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2026-06-17 | N/A | 7.3 HIGH |
| WmsRepair Service Elevation of Privilege Vulnerability | |||||
| CVE-2024-49105 | 1 Microsoft | 17 Remote Desktop Client, Windows 10 1507, Windows 10 1607 and 14 more | 2026-06-17 | N/A | 8.4 HIGH |
| Remote Desktop Client Remote Code Execution Vulnerability | |||||
| CVE-2024-49068 | 1 Microsoft | 1 Sharepoint Server | 2026-06-17 | N/A | 8.2 HIGH |
| Microsoft SharePoint Elevation of Privilege Vulnerability | |||||
| CVE-2024-49049 | 1 Microsoft | 1 Remote Ssh | 2026-06-17 | N/A | 7.1 HIGH |
| Visual Studio Code Remote Extension Elevation of Privilege Vulnerability | |||||
| CVE-2024-49044 | 1 Microsoft | 1 Visual Studio 2022 | 2026-06-17 | N/A | 6.7 MEDIUM |
| Visual Studio Elevation of Privilege Vulnerability | |||||
| CVE-2024-48955 | 2026-06-17 | N/A | 8.1 HIGH | ||
| Broken access control in NetAdmin 4.030319 returns data with functionalities on the endpoint that "assembles" the functionalities menus, the return of this call is not encrypted and as the system does not validate the session authorization, an attacker can copy the content of the browser of a user with greater privileges having access to the functionalities of the user that the code was copied. | |||||
| CVE-2024-48932 | 1 Zimaspace | 1 Zimaos | 2026-06-17 | N/A | 5.3 MEDIUM |
| ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. In versions below 1.5.0, the API endpoint `http://<Server-ip>/v1/users/name` allows unauthenticated users to access sensitive information, such as usernames, without any authorization. This vulnerability could be exploited by an attacker to enumerate usernames and leverage them for further attacks, such as brute-force or phishing campaigns. As of time of publication, no known patched versions are available. | |||||
| CVE-2024-48925 | 1 Umbraco | 1 Umbraco Cms | 2026-06-17 | N/A | N/A |
| Umbraco, a free and open source .NET content management system, has an improper access control issue starting in version 14.0.0 and prior to version 14.3.0. The issue allows low-privilege users to access the webhook API and retrieve information that should be restricted to users with access to the settings section. Version 14.3.0 contains a patch. | |||||
| CVE-2024-48912 | 1 Glpi-project | 1 Glpi | 2026-06-17 | N/A | 8.1 HIGH |
| GLPI is a free asset and IT management software package. Starting in version 10.0.0 and prior to version 10.0.17, an authenticated user can use an application endpoint to delete any user account. Version 10.0.17 contains a patch for this issue. | |||||
| CVE-2024-48905 | 1 Sematell | 1 Replyone | 2026-06-17 | N/A | 9.1 CRITICAL |
| Sematell ReplyOne 7.4.3.0 has Insecure Permissions for the /rest/sessions endpoint. | |||||
| CVE-2024-48899 | 1 Moodle | 1 Moodle | 2026-06-17 | N/A | 4.3 MEDIUM |
| A vulnerability was found in Moodle. Additional checks are required to ensure users can only fetch the list of course badges for courses that they are intended to have access to. | |||||
| CVE-2024-48010 | 1 Dell | 1 Data Domain Operating System | 2026-06-17 | N/A | 6.5 MEDIUM |
| Dell PowerProtect DD, versions prior to 8.1.0.0, 7.13.1.10, 7.10.1.40, and 7.7.5.50, contains an access control vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to escalation of privilege on the application. | |||||
