Total
4418 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-43594 | 1 Microsoft | 3 System Center 2019, System Center 2022, System Center 2025 | 2026-06-17 | N/A | 7.3 HIGH |
| Microsoft System Center Elevation of Privilege Vulnerability | |||||
| CVE-2024-43590 | 1 Microsoft | 3 Visual Studio 2017, Visual Studio 2019, Visual Studio 2022 | 2026-06-17 | N/A | 7.8 HIGH |
| Visual C++ Redistributable Installer Elevation of Privilege Vulnerability | |||||
| CVE-2024-43530 | 1 Microsoft | 5 Windows 10 21h2, Windows 10 22h2, Windows 11 22h2 and 2 more | 2026-06-17 | N/A | 7.8 HIGH |
| Windows Update Stack Elevation of Privilege Vulnerability | |||||
| CVE-2024-43503 | 1 Microsoft | 1 Sharepoint Server | 2026-06-17 | N/A | 7.8 HIGH |
| Microsoft SharePoint Elevation of Privilege Vulnerability | |||||
| CVE-2024-43492 | 1 Microsoft | 1 Autoupdate | 2026-06-17 | N/A | 7.8 HIGH |
| Microsoft AutoUpdate (MAU) Elevation of Privilege Vulnerability | |||||
| CVE-2024-43479 | 1 Microsoft | 1 Power Automate | 2026-06-17 | N/A | 8.5 HIGH |
| Microsoft Power Automate Desktop Remote Code Execution Vulnerability | |||||
| CVE-2024-43477 | 1 Microsoft | 1 Entra Id | 2026-06-17 | N/A | 7.5 HIGH |
| Improper access control in Decentralized Identity Services resulted in a vulnerability that allows an unauthenticated attacker to disable Verifiable ID's on another tenant. | |||||
| CVE-2024-43456 | 1 Microsoft | 6 Windows Server 2008, Windows Server 2012, Windows Server 2016 and 3 more | 2026-06-17 | N/A | 4.8 MEDIUM |
| Windows Remote Desktop Services Tampering Vulnerability | |||||
| CVE-2024-43409 | 1 Ghost | 1 Ghost | 2026-06-17 | N/A | 6.5 MEDIUM |
| Ghost is a Node.js content management system. Improper authentication on some endpoints used for member actions would allow an attacker to perform member-only actions, and read member information. This security vulnerability is present in Ghost v4.46.0-v5.89.4. v5.89.5 contains a fix for this issue. | |||||
| CVE-2024-43397 | 1 Apolloconfig | 1 Apollo | 2026-06-17 | N/A | 4.3 MEDIUM |
| Apollo is a configuration management system. A vulnerability exists in the synchronization configuration feature that allows users to craft specific requests to bypass permission checks. This exploit enables them to modify a namespace without the necessary permissions. The issue was addressed with an input parameter check which was released in version 2.3.0. | |||||
| CVE-2024-43377 | 1 Umbraco | 1 Umbraco Cms | 2026-06-17 | N/A | 5.4 MEDIUM |
| Umbraco CMS is an ASP.NET CMS. An authenticated user can access a few unintended endpoints. This issue is fixed in 14.1.2. | |||||
| CVE-2024-43101 | 2026-06-17 | N/A | 5.3 MEDIUM | ||
| Improper access control for some Intel(R) Data Center GPU Flex Series for Windows driver software before version 31.0.101.4255 may allow an authenticated user to potentially enable denial of service via local access. | |||||
| CVE-2024-43031 | 1 Autman | 1 Autman | 2026-06-17 | N/A | 4.3 MEDIUM |
| autMan v2.9.6 was discovered to contain an access control issue. | |||||
| CVE-2024-42988 | 2026-06-17 | N/A | 4.3 MEDIUM | ||
| Lack of access control in ChallengeSolves (/api/v1/challenges/<challenge id>/solves) of CTFd v2.0.0 - v3.7.2 allows authenticated users to retrieve a list of users who have solved the challenge, regardless of the Account Visibility settings. The issue is fixed in v3.7.3+. | |||||
| CVE-2024-42967 | 1 Totolink | 2 Lr350, Lr350 Firmware | 2026-06-17 | N/A | 9.8 CRITICAL |
| Incorrect access control in TOTOLINK LR350 V9.3.5u.6369_B20220309 allows attackers to obtain the apmib configuration file, which contains the username and the password, via a crafted request to /cgi-bin/ExportSettings.sh. | |||||
| CVE-2024-42919 | 1 Escanav | 1 Escan Management Console | 2026-06-17 | N/A | 9.8 CRITICAL |
| eScan Management Console 14.0.1400.2281 is vulnerable to Incorrect Access Control via acteScanAVReport. | |||||
| CVE-2024-42797 | 1 Lopalopa | 1 Music Management System | 2026-06-17 | N/A | 9.8 CRITICAL |
| An Incorrect Access Control vulnerability was found in /music/ajax.php?action=delete_playlist in Kashipara Music Management System v1.0. This vulnerability allows an unauthenticated attacker to delete the valid music playlist entries. | |||||
| CVE-2024-42796 | 1 Lopalopa | 1 Music Management System | 2026-06-17 | N/A | 5.9 MEDIUM |
| An Incorrect Access Control vulnerability was found in /music/ajax.php?action=delete_genre in Kashipara Music Management System v1.0. This vulnerability allows an unauthenticated attacker to delete the valid music genre entries. | |||||
| CVE-2024-42795 | 1 Lopalopa | 1 Music Management System | 2026-06-17 | N/A | 4.2 MEDIUM |
| An Incorrect Access Control vulnerability was found in /music/view_user.php?id=3 and /music/controller.php?page=edit_user&id=3 in Kashipara Music Management System v1.0. This vulnerability allows an unauthenticated attacker to view valid user details. | |||||
| CVE-2024-42794 | 1 Lopalopa | 1 Music Management System | 2026-06-17 | N/A | 4.7 MEDIUM |
| Kashipara Music Management System v1.0 is vulnerable to Incorrect Access Control via /music/ajax.php?action=save_user. | |||||
