Total
4404 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-44210 | 1 Apple | 1 Macos | 2026-06-17 | N/A | 3.3 LOW |
| This issue was addressed with improved permissions checking. This issue is fixed in macOS Sequoia 15.1. An app may be able to access user-sensitive data. | |||||
| CVE-2024-43813 | 1 Mattermost | 1 Mattermost | 2026-06-17 | N/A | 4.3 MEDIUM |
| Mattermost versions 9.5.x <= 9.5.7, 9.10.x <= 9.10.0 fail to enforce proper access controls which allows any authenticated user, including guests, to mark any channel inside any team as read for any user. | |||||
| CVE-2024-43780 | 1 Mattermost | 1 Mattermost Server | 2026-06-17 | N/A | 4.3 MEDIUM |
| Mattermost versions 9.9.x <= 9.9.1, 9.5.x <= 9.5.7, 9.10.0, 9.8.x <= 9.8.2 fail to enforce permissions which allows a guest user with read access to upload files to a channel. | |||||
| CVE-2024-43717 | 1 Adobe | 1 Experience Manager | 2026-06-17 | N/A | 4.3 MEDIUM |
| Adobe Experience Manager versions 6.5.21 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and have a low impact on confidentiality. Exploitation of this issue does not require user interaction. | |||||
| CVE-2024-43716 | 1 Adobe | 1 Experience Manager | 2026-06-17 | N/A | 4.3 MEDIUM |
| Adobe Experience Manager versions 6.5.21 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and have a low impact on confidentiality. Exploitation of this issue does not require user interaction. | |||||
| CVE-2024-43600 | 1 Microsoft | 1 Office | 2026-06-17 | N/A | 7.8 HIGH |
| Microsoft Office Elevation of Privilege Vulnerability | |||||
| CVE-2024-43594 | 1 Microsoft | 3 System Center 2019, System Center 2022, System Center 2025 | 2026-06-17 | N/A | 7.3 HIGH |
| Microsoft System Center Elevation of Privilege Vulnerability | |||||
| CVE-2024-43590 | 1 Microsoft | 3 Visual Studio 2017, Visual Studio 2019, Visual Studio 2022 | 2026-06-17 | N/A | 7.8 HIGH |
| Visual C++ Redistributable Installer Elevation of Privilege Vulnerability | |||||
| CVE-2024-43530 | 1 Microsoft | 5 Windows 10 21h2, Windows 10 22h2, Windows 11 22h2 and 2 more | 2026-06-17 | N/A | 7.8 HIGH |
| Windows Update Stack Elevation of Privilege Vulnerability | |||||
| CVE-2024-43503 | 1 Microsoft | 1 Sharepoint Server | 2026-06-17 | N/A | 7.8 HIGH |
| Microsoft SharePoint Elevation of Privilege Vulnerability | |||||
| CVE-2024-43492 | 1 Microsoft | 1 Autoupdate | 2026-06-17 | N/A | 7.8 HIGH |
| Microsoft AutoUpdate (MAU) Elevation of Privilege Vulnerability | |||||
| CVE-2024-43479 | 1 Microsoft | 1 Power Automate | 2026-06-17 | N/A | 8.5 HIGH |
| Microsoft Power Automate Desktop Remote Code Execution Vulnerability | |||||
| CVE-2024-43477 | 1 Microsoft | 1 Entra Id | 2026-06-17 | N/A | 7.5 HIGH |
| Improper access control in Decentralized Identity Services resulted in a vulnerability that allows an unauthenticated attacker to disable Verifiable ID's on another tenant. | |||||
| CVE-2024-43456 | 1 Microsoft | 6 Windows Server 2008, Windows Server 2012, Windows Server 2016 and 3 more | 2026-06-17 | N/A | 4.8 MEDIUM |
| Windows Remote Desktop Services Tampering Vulnerability | |||||
| CVE-2024-43409 | 1 Ghost | 1 Ghost | 2026-06-17 | N/A | 6.5 MEDIUM |
| Ghost is a Node.js content management system. Improper authentication on some endpoints used for member actions would allow an attacker to perform member-only actions, and read member information. This security vulnerability is present in Ghost v4.46.0-v5.89.4. v5.89.5 contains a fix for this issue. | |||||
| CVE-2024-43397 | 1 Apolloconfig | 1 Apollo | 2026-06-17 | N/A | 4.3 MEDIUM |
| Apollo is a configuration management system. A vulnerability exists in the synchronization configuration feature that allows users to craft specific requests to bypass permission checks. This exploit enables them to modify a namespace without the necessary permissions. The issue was addressed with an input parameter check which was released in version 2.3.0. | |||||
| CVE-2024-43377 | 1 Umbraco | 1 Umbraco Cms | 2026-06-17 | N/A | 5.4 MEDIUM |
| Umbraco CMS is an ASP.NET CMS. An authenticated user can access a few unintended endpoints. This issue is fixed in 14.1.2. | |||||
| CVE-2024-43101 | 2026-06-17 | N/A | 5.3 MEDIUM | ||
| Improper access control for some Intel(R) Data Center GPU Flex Series for Windows driver software before version 31.0.101.4255 may allow an authenticated user to potentially enable denial of service via local access. | |||||
| CVE-2024-43031 | 1 Autman | 1 Autman | 2026-06-17 | N/A | 4.3 MEDIUM |
| autMan v2.9.6 was discovered to contain an access control issue. | |||||
| CVE-2024-42988 | 2026-06-17 | N/A | 4.3 MEDIUM | ||
| Lack of access control in ChallengeSolves (/api/v1/challenges/<challenge id>/solves) of CTFd v2.0.0 - v3.7.2 allows authenticated users to retrieve a list of users who have solved the challenge, regardless of the Account Visibility settings. The issue is fixed in v3.7.3+. | |||||
