Total
4417 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-41732 | 1 Sap | 1 Netweaver Application Server Abap | 2026-06-17 | N/A | 4.7 MEDIUM |
| SAP NetWeaver Application Server ABAP allows an unauthenticated attacker to craft a URL link that could bypass allowlist controls. Depending on the web applications provided by this server, the attacker might inject CSS code or links into the web application that could allow the attacker to read or modify information. There is no impact on availability of application. | |||||
| CVE-2024-41703 | 1 Librechat | 1 Librechat | 2026-06-17 | N/A | 9.8 CRITICAL |
| LibreChat through 0.7.4-rc1 has incorrect access control for message updates. | |||||
| CVE-2024-41605 | 2026-06-17 | N/A | 8.4 HIGH | ||
| In Foxit PDF Reader before 2024.3, and PDF Editor before 2024.3 and 13.x before 13.1.4, an attacker can replace an update file with a Trojan horse via side loading, because the update service lacks integrity validation for the updater. Attacker-controlled code may thus be executed. | |||||
| CVE-2024-41600 | 1 Talelin | 1 Lin-cms-spring-boot | 2026-06-17 | N/A | 7.5 HIGH |
| Insecure Permissions vulnerability in lin-CMS Springboot v.0.2.1 and before allows a remote attacker to obtain sensitive information via the login method in the UserController.java component. | |||||
| CVE-2024-41518 | 1 Mecodia | 1 Feripro | 2026-06-17 | N/A | 7.5 HIGH |
| An Incorrect Access Control vulnerability in "/admin/programm/<program_id>/export/statistics" in Feripro <= v2.2.3 allows remote attackers to export an XLSX file with information about registrations and participants. | |||||
| CVE-2024-41332 | 1 Oretnom23 | 1 Computer Laboratory Management System | 2026-06-17 | N/A | 6.5 MEDIUM |
| Incorrect access control in the delete_category function of Sourcecodester Computer Laboratory Management System v1.0 allows authenticated attackers with low-level privileges to arbitrarily delete categories. | |||||
| CVE-2024-41309 | 1 Enjayworld | 1 Enjay Crm | 2026-06-17 | N/A | 7.8 HIGH |
| An issue in the Hardware info module of IT Solutions Enjay CRM OS v1.0 allows attackers to escape the restricted terminal environment and gain root-level privileges on the underlying system. | |||||
| CVE-2024-41308 | 1 Enjayworld | 1 Enjay Crm | 2026-06-17 | N/A | 7.8 HIGH |
| An issue in the Ping feature of IT Solutions Enjay CRM OS v1.0 allows attackers to escape the restricted terminal environment and gain root-level privileges on the underlying system. | |||||
| CVE-2024-41252 | 1 Lopalopa | 1 Responsive School Management System | 2026-06-17 | N/A | 6.5 MEDIUM |
| An Incorrect Access Control vulnerability was found in /smsa/admin_student_register_approval.php and /smsa/admin_student_register_approval_submit.php in Kashipara Responsive School Management System v3.2.0, which allows remote unauthenticated attackers to view and approve student registration. | |||||
| CVE-2024-41251 | 1 Lopalopa | 1 Responsive School Management System | 2026-06-17 | N/A | 6.5 MEDIUM |
| An Incorrect Access Control vulnerability was found in /smsa/admin_teacher_register_approval.php and /smsa/admin_teacher_register_approval_submit.php in Kashipara Responsive School Management System v3.2.0, which allows remote unauthenticated attackers to view and approve Teacher registration. | |||||
| CVE-2024-41250 | 1 Lopalopa | 1 Responsive School Management System | 2026-06-17 | N/A | 5.3 MEDIUM |
| An Incorrect Access Control vulnerability was found in /smsa/view_students.php in Kashipara Responsive School Management System v3.2.0, which allows remote unauthenticated attackers to view STUDENT details. | |||||
| CVE-2024-41249 | 1 Lopalopa | 1 Responsive School Management System | 2026-06-17 | N/A | 5.3 MEDIUM |
| An Incorrect Access Control vulnerability was found in /smsa/view_subject.php in Kashipara Responsive School Management System v3.2.0, which allows remote unauthenticated attackers to view SUBJECT details. | |||||
| CVE-2024-41248 | 1 Lopalopa | 1 Responsive School Management System | 2026-06-17 | N/A | 5.3 MEDIUM |
| An Incorrect Access Control vulnerability was found in /smsa/add_subject.php and /smsa/add_subject_submit.php in Kashipara Responsive School Management System v3.2.0, which allows remote unauthenticated attackers to add a new subject entry. | |||||
| CVE-2024-41247 | 1 Lopalopa | 1 Responsive School Management System | 2026-06-17 | N/A | 5.3 MEDIUM |
| An Incorrect Access Control vulnerability was found in /smsa/add_class.php and /smsa/add_class_submit.php in Kashipara Responsive School Management System v3.2.0, which allows remote unauthenticated attackers to add a new class entry. | |||||
| CVE-2024-41246 | 1 Lopalopa | 1 Responsive School Management System | 2026-06-17 | N/A | 5.3 MEDIUM |
| An Incorrect Access Control vulnerability was found in /smsa/admin_dashboard.php in Kashipara Responsive School Management System v3.2.0, which allows remote unauthenticated attackers to view administrator dashboard. | |||||
| CVE-2024-41245 | 1 Lopalopa | 1 Responsive School Management System | 2026-06-17 | N/A | 5.3 MEDIUM |
| An Incorrect Access Control vulnerability was found in /smsa/view_teachers.php in Kashipara Responsive School Management System v3.2.0, which allows remote unauthenticated attackers to view TEACHER details. | |||||
| CVE-2024-41244 | 1 Lopalopa | 1 Responsive School Management System | 2026-06-17 | N/A | 5.3 MEDIUM |
| An Incorrect Access Control vulnerability was found in /smsa/view_class.php in Kashipara Responsive School Management System v3.2.0, which allows remote unauthenticated attackers to view CLASS details. | |||||
| CVE-2024-41243 | 1 Lopalopa | 1 Responsive School Management System | 2026-06-17 | N/A | 5.3 MEDIUM |
| An Incorrect Access Control vulnerability was found in /smsa/view_marks.php in Kashipara Responsive School Management System v3.2.0, which allows remote unauthenticated attackers to view MARKS details. | |||||
| CVE-2024-41162 | 1 Mattermost | 1 Mattermost Server | 2026-06-17 | N/A | 4.1 MEDIUM |
| Mattermost versions 9.9.x <= 9.9.0, 9.5.x <= 9.5.6, 9.7.x <= 9.7.5 and 9.8.x <= 9.8.1 fail to disallow the modification of local channels by a remote, when shared channels are enabled, which allows a malicious remote to make an arbitrary local channel read-only. | |||||
| CVE-2024-41144 | 1 Mattermost | 1 Mattermost Server | 2026-06-17 | N/A | 5.5 MEDIUM |
| Mattermost versions 9.9.x <= 9.9.0, 9.5.x <= 9.5.6, 9.7.x <= 9.7.5, 9.8.x <= 9.8.1 fail to properly validate synced posts, when shared channels are enabled, which allows a malicious remote to create/update/delete arbitrary posts in arbitrary channels | |||||
