Total
4403 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-47976 | 2026-06-17 | N/A | 6.7 MEDIUM | ||
| Improper access removal handling in firmware of some Solidigm DC Products may allow an attacker with physical access to gain unauthorized access. | |||||
| CVE-2024-47975 | 2026-06-17 | N/A | 7.0 HIGH | ||
| Improper access control validation in firmware of some Solidigm DC Products may allow an attacker with physical access to gain unauthorized access or an attacker with local access to potentially enable denial of service. | |||||
| CVE-2024-47910 | 2026-06-17 | N/A | 7.2 HIGH | ||
| An issue was discovered in SonarSource SonarQube before 9.9.5 LTA and 10.x before 10.5. A SonarQube user with the Administrator role can modify an existing configuration of a GitHub integration to exfiltrate a pre-signed JWT. | |||||
| CVE-2024-47760 | 1 Glpi-project | 1 Glpi | 2026-06-17 | N/A | 8.8 HIGH |
| GLPI is a free asset and IT management software package. Starting in version 9.1.0 and prior to version 10.0.17, a technician with an access to the API can take control of an account with higher privileges. Version 10.0.17 contains a patch for this issue. | |||||
| CVE-2024-47758 | 1 Glpi-project | 1 Glpi | 2026-06-17 | N/A | 8.8 HIGH |
| GLPI is a free asset and IT management software package. Starting in version 9.3.0 and prior to version 10.0.17, an authenticated user can use the API to take control of any user that have the same or a lower level of privileges. Version 10.0.17 contains a patch for this issue. | |||||
| CVE-2024-47481 | 1 Dell | 1 Data Lakehouse | 2026-06-17 | N/A | 6.5 MEDIUM |
| Dell Data Lakehouse, version(s) 1.0.0.0, 1.1.0., contain(s) an Improper Access Control vulnerability. An unauthenticated attacker with adjacent network access could potentially exploit this vulnerability, leading to Denial of service. | |||||
| CVE-2024-47145 | 1 Mattermost | 1 Mattermost Server | 2026-06-17 | N/A | 3.1 LOW |
| Mattermost versions 9.5.x <= 9.5.8 fail to properly authorize access to archived channels when viewing archived channels is disabled, which allows an attacker to view posts and files of archived channels via file links. | |||||
| CVE-2024-46990 | 1 Monospace | 1 Directus | 2026-06-17 | N/A | 5.0 MEDIUM |
| Directus is a real-time API and App dashboard for managing SQL database content. When relying on blocking access to localhost using the default `0.0.0.0` filter a user may bypass this block by using other registered loopback devices (like `127.0.0.2` - `127.127.127.127`). This issue has been addressed in release versions 10.13.3 and 11.1.0. Users are advised to upgrade. Users unable to upgrade may block this bypass by manually adding the `127.0.0.0/8` CIDR range which will block access to any `127.X.X.X` ip instead of just `127.0.0.1`. | |||||
| CVE-2024-46948 | 1 Northern.tech | 1 Mender | 2026-06-17 | N/A | 4.3 MEDIUM |
| Northern.tech Mender before 3.6.5 and 3.7.x before 3.7.5 has Incorrect Access Control. | |||||
| CVE-2024-46916 | 1 Dieboldnixdorf | 1 Vynamic Security Suite | 2026-06-17 | N/A | 8.1 HIGH |
| Diebold Nixdorf Vynamic Security Suite through 4.3.0 SR06 contains functionality that allows the removal of critical system files before the filesystem is properly mounted (e.g., leveraging a delete call in /etc/rc.d/init.d/mountfs to remove the /etc/fstab file). This can allow code execution and, in some versions, enable recovery of TPM Disk Encryption keys and decryption of the Windows system partition. | |||||
| CVE-2024-46627 | 2026-06-17 | N/A | 9.1 CRITICAL | ||
| Incorrect access control in BECN DATAGERRY v2.2 allows attackers to execute arbitrary commands via crafted web requests. | |||||
| CVE-2024-46610 | 1 Thecosy | 1 Icecms | 2026-06-17 | N/A | 7.5 HIGH |
| An access control issue in IceCMS v3.4.7 and before allows attackers to arbitrarily modify users' information, including username and password, via a crafted POST request sent to the endpoint /User/ChangeUser/s in the ChangeUser function in UserController.java | |||||
| CVE-2024-46609 | 1 Thecosy | 1 Icecms | 2026-06-17 | N/A | 7.5 HIGH |
| An access control issue in the CheckVip function in UserController.java of IceCMS v3.4.7 and before allows unauthenticated attackers to access and returns all user information, including passwords | |||||
| CVE-2024-46607 | 1 Thecosy | 1 Icecms | 2026-06-17 | N/A | 7.6 HIGH |
| Incorrect access control in IceCMS v3.4.7 and before allows attackers to authenticate by entering any arbitrary values as the username and password via the loginAdmin method in the UserController.java file. | |||||
| CVE-2024-46539 | 2026-06-17 | N/A | 8.2 HIGH | ||
| Insecure permissions in the Bluetooth Low Energy (BLE) component of Fire-Boltt Artillery Smart Watch NJ-R6E-10.3 allow attackers to cause a Denial of Service (DoS). | |||||
| CVE-2024-46432 | 1 Tenda | 2 W18e, W18e Firmware | 2026-06-17 | N/A | 8.8 HIGH |
| Tenda W18E V16.01.0.8(1625) is vulnerable to Incorrect Access Control. An attacker can send a specially crafted HTTP POST request to the setQuickCfgWifiAndLogin function, which allows unauthorized changes to WiFi configuration settings and administrative credentials. | |||||
| CVE-2024-46430 | 1 Tenda | 2 W18e, W18e Firmware | 2026-06-17 | N/A | 6.5 MEDIUM |
| Tenda W18E V16.01.0.8(1625) is vulnerable to Incorrect Access Control. Unauthorized password change via the web management portal allows an unauthenticated remote attacker to change the administrator password by sending a specially crafted HTTP POST request to the setLoginPassword function, bypassing the authentication mechanism. | |||||
| CVE-2024-46412 | 2026-06-17 | N/A | 6.5 MEDIUM | ||
| Incorrect access control in the prehandle function of Rebuild v3.7.7 allows attackers to bypass authentication via a crafted GET request sent to /commons/ip-location. | |||||
| CVE-2024-46280 | 2026-06-17 | N/A | 8.8 HIGH | ||
| PIX-LINK LV-WR22 RE3002-P1-01_V117.0 is vulnerable to Improper Access Control. The TELNET service is enabled with weak credentials for a root-level account, without the possibility of changing them. | |||||
| CVE-2024-46097 | 1 Testlink | 1 Testlink | 2026-06-17 | N/A | 8.1 HIGH |
| TestLink 1.9.20 is vulnerable to Incorrect Access Control in the TestPlan editing section. When a new TestPlan is created, an ID with an incremental value is automatically generated. Using the edit function you can change the tplan_id parameter to another ID. The application does not carry out a check on the user's permissions maing it possible to recover the IDs of all the TestPlans (even the administrative ones) and modify them even with minimal privileges. | |||||
