Total
4416 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-49600 | 1 Dell | 1 Power Manager | 2026-06-17 | N/A | 7.8 HIGH |
| Dell Power Manager (DPM), versions prior to 3.17, contain an improper access control vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution and Elevation of Privileges. | |||||
| CVE-2024-49107 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2026-06-17 | N/A | 7.3 HIGH |
| WmsRepair Service Elevation of Privilege Vulnerability | |||||
| CVE-2024-49105 | 1 Microsoft | 17 Remote Desktop Client, Windows 10 1507, Windows 10 1607 and 14 more | 2026-06-17 | N/A | 8.4 HIGH |
| Remote Desktop Client Remote Code Execution Vulnerability | |||||
| CVE-2024-49068 | 1 Microsoft | 1 Sharepoint Server | 2026-06-17 | N/A | 8.2 HIGH |
| Microsoft SharePoint Elevation of Privilege Vulnerability | |||||
| CVE-2024-49049 | 1 Microsoft | 1 Remote Ssh | 2026-06-17 | N/A | 7.1 HIGH |
| Visual Studio Code Remote Extension Elevation of Privilege Vulnerability | |||||
| CVE-2024-49044 | 1 Microsoft | 1 Visual Studio 2022 | 2026-06-17 | N/A | 6.7 MEDIUM |
| Visual Studio Elevation of Privilege Vulnerability | |||||
| CVE-2024-48955 | 2026-06-17 | N/A | 8.1 HIGH | ||
| Broken access control in NetAdmin 4.030319 returns data with functionalities on the endpoint that "assembles" the functionalities menus, the return of this call is not encrypted and as the system does not validate the session authorization, an attacker can copy the content of the browser of a user with greater privileges having access to the functionalities of the user that the code was copied. | |||||
| CVE-2024-48932 | 1 Zimaspace | 1 Zimaos | 2026-06-17 | N/A | 5.3 MEDIUM |
| ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. In versions below 1.5.0, the API endpoint `http://<Server-ip>/v1/users/name` allows unauthenticated users to access sensitive information, such as usernames, without any authorization. This vulnerability could be exploited by an attacker to enumerate usernames and leverage them for further attacks, such as brute-force or phishing campaigns. As of time of publication, no known patched versions are available. | |||||
| CVE-2024-48925 | 1 Umbraco | 1 Umbraco Cms | 2026-06-17 | N/A | N/A |
| Umbraco, a free and open source .NET content management system, has an improper access control issue starting in version 14.0.0 and prior to version 14.3.0. The issue allows low-privilege users to access the webhook API and retrieve information that should be restricted to users with access to the settings section. Version 14.3.0 contains a patch. | |||||
| CVE-2024-48912 | 1 Glpi-project | 1 Glpi | 2026-06-17 | N/A | 8.1 HIGH |
| GLPI is a free asset and IT management software package. Starting in version 10.0.0 and prior to version 10.0.17, an authenticated user can use an application endpoint to delete any user account. Version 10.0.17 contains a patch for this issue. | |||||
| CVE-2024-48905 | 1 Sematell | 1 Replyone | 2026-06-17 | N/A | 9.1 CRITICAL |
| Sematell ReplyOne 7.4.3.0 has Insecure Permissions for the /rest/sessions endpoint. | |||||
| CVE-2024-48899 | 1 Moodle | 1 Moodle | 2026-06-17 | N/A | 4.3 MEDIUM |
| A vulnerability was found in Moodle. Additional checks are required to ensure users can only fetch the list of course badges for courses that they are intended to have access to. | |||||
| CVE-2024-48010 | 1 Dell | 1 Data Domain Operating System | 2026-06-17 | N/A | 6.5 MEDIUM |
| Dell PowerProtect DD, versions prior to 8.1.0.0, 7.13.1.10, 7.10.1.40, and 7.7.5.50, contains an access control vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to escalation of privilege on the application. | |||||
| CVE-2024-47976 | 2026-06-17 | N/A | 6.7 MEDIUM | ||
| Improper access removal handling in firmware of some Solidigm DC Products may allow an attacker with physical access to gain unauthorized access. | |||||
| CVE-2024-47975 | 2026-06-17 | N/A | 7.0 HIGH | ||
| Improper access control validation in firmware of some Solidigm DC Products may allow an attacker with physical access to gain unauthorized access or an attacker with local access to potentially enable denial of service. | |||||
| CVE-2024-47910 | 2026-06-17 | N/A | 7.2 HIGH | ||
| An issue was discovered in SonarSource SonarQube before 9.9.5 LTA and 10.x before 10.5. A SonarQube user with the Administrator role can modify an existing configuration of a GitHub integration to exfiltrate a pre-signed JWT. | |||||
| CVE-2024-47760 | 1 Glpi-project | 1 Glpi | 2026-06-17 | N/A | 8.8 HIGH |
| GLPI is a free asset and IT management software package. Starting in version 9.1.0 and prior to version 10.0.17, a technician with an access to the API can take control of an account with higher privileges. Version 10.0.17 contains a patch for this issue. | |||||
| CVE-2024-47758 | 1 Glpi-project | 1 Glpi | 2026-06-17 | N/A | 8.8 HIGH |
| GLPI is a free asset and IT management software package. Starting in version 9.3.0 and prior to version 10.0.17, an authenticated user can use the API to take control of any user that have the same or a lower level of privileges. Version 10.0.17 contains a patch for this issue. | |||||
| CVE-2024-47481 | 1 Dell | 1 Data Lakehouse | 2026-06-17 | N/A | 6.5 MEDIUM |
| Dell Data Lakehouse, version(s) 1.0.0.0, 1.1.0., contain(s) an Improper Access Control vulnerability. An unauthenticated attacker with adjacent network access could potentially exploit this vulnerability, leading to Denial of service. | |||||
| CVE-2024-47145 | 1 Mattermost | 1 Mattermost Server | 2026-06-17 | N/A | 3.1 LOW |
| Mattermost versions 9.5.x <= 9.5.8 fail to properly authorize access to archived channels when viewing archived channels is disabled, which allows an attacker to view posts and files of archived channels via file links. | |||||
