Total
4436 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-36505 | 1 Fortinet | 1 Fortios | 2026-06-17 | N/A | 5.1 MEDIUM |
| An improper access control vulnerability [CWE-284] in FortiOS 7.4.0 through 7.4.3, 7.2.5 through 7.2.7, 7.0.12 through 7.0.14 and 6.4.x may allow an attacker who has already successfully obtained write access to the underlying system (via another hypothetical exploit) to bypass the file integrity checking system. | |||||
| CVE-2024-36492 | 1 Mattermost | 1 Mattermost | 2026-06-17 | N/A | 7.4 HIGH |
| Mattermost versions 9.9.x <= 9.9.0, 9.5.x <= 9.5.6, 9.7.x <= 9.7.5, 9.8.x <= 9.8.1 fail to disallow the modification of local users when syncing users in shared channels. which allows a malicious remote to overwrite an existing local user. | |||||
| CVE-2024-36488 | 1 Intel | 1 Driver \& Support Assistant | 2026-06-17 | N/A | 7.3 HIGH |
| Improper Access Control in some Intel(R) DSA before version 24.3.26.8 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2024-36443 | 2026-06-17 | N/A | 7.6 HIGH | ||
| Swissphone DiCal-RED 4009 devices allow a remote attacker to gain read access to almost the whole file system via anonymous FTP. | |||||
| CVE-2024-36441 | 2026-06-17 | N/A | 5.4 MEDIUM | ||
| Swissphone DiCal-RED 4009 devices allow an unauthenticated attacker use a port-2101 TCP connection to gain access to operation messages that are received by the device. | |||||
| CVE-2024-36438 | 2026-06-17 | N/A | 7.3 HIGH | ||
| eLinkSmart Hidden Smart Cabinet Lock 2024-05-22 has Incorrect Access Control and fails to perform an authorization check which can lead to card duplication and other attacks. | |||||
| CVE-2024-36399 | 1 Kanboard | 1 Kanboard | 2026-06-17 | N/A | 8.2 HIGH |
| Kanboard is project management software that focuses on the Kanban methodology. The vuln is in app/Controller/ProjectPermissionController.php function addUser(). The users permission to add users to a project only get checked on the URL parameter project_id. If the user is authorized to add users to this project the request gets processed. The users permission for the POST BODY parameter project_id does not get checked again while processing. An attacker with the 'Project Manager' on a single project may take over any other project. The vulnerability is fixed in 1.2.37. | |||||
| CVE-2024-36323 | 2026-06-17 | N/A | N/A | ||
| Improper isolation of VCN-JPEG HW register space could allow a malicious Guest Virtual Machine (VM) or a process to perform unauthorized access to the register space of the JPEG cores assigned a victim VM/process, potentially gaining arbitrary read/write access to the victim VM/process data. | |||||
| CVE-2024-36293 | 2026-06-17 | N/A | 6.5 MEDIUM | ||
| Improper access control in the EDECCSSA user leaf function for some Intel(R) Processors with Intel(R) SGX may allow an authenticated user to potentially enable denial of service via local access. | |||||
| CVE-2024-36261 | 1 Intel | 1 Raid Web Console | 2026-06-17 | N/A | 3.5 LOW |
| Improper access control in Intel(R) RAID Web Console software all versions may allow an authenticated user to potentially enable denial of service via adjacent access. | |||||
| CVE-2024-36259 | 1 Odoo | 1 Odoo | 2026-06-17 | N/A | 7.5 HIGH |
| Improper access control in mail module of Odoo Community 17.0 and Odoo Enterprise 17.0 allows remote authenticated attackers to extract sensitive information via an oracle-based (yes/no response) crafted attack. | |||||
| CVE-2024-36257 | 1 Mattermost | 1 Mattermost | 2026-06-17 | N/A | 2.7 LOW |
| Mattermost versions 9.5.x <= 9.5.5 and 9.8.0, when using shared channels with multiple remote servers connected, fail to check that the remote server A requesting the server B to update the profile picture of a user is the remote that actually has the user as a local one . This allows a malicious remote A to change the profile images of users that belong to another remote server C that is connected to the server A. | |||||
| CVE-2024-36247 | 1 Intel | 1 Raid Web Console | 2026-06-17 | N/A | 4.6 MEDIUM |
| Improper access control in Intel(R) RAID Web Console all versions may allow an authenticated user to potentially enable denial of service via adjacent access. | |||||
| CVE-2024-36241 | 1 Mattermost | 1 Mattermost Server | 2026-06-17 | N/A | 3.1 LOW |
| Mattermost versions 9.5.x <= 9.5.3, 9.6.x <= 9.6.1 and 8.1.x <= 8.1.12 fail to enforce proper access controls which allows user to view arbitrary post contents via the /playbook add slash command | |||||
| CVE-2024-36080 | 2026-06-17 | N/A | 9.8 CRITICAL | ||
| Westermo EDW-100 devices through 2024-05-03 have a hidden root user account with a hardcoded password that cannot be changed. NOTE: this is a serial-to-Ethernet converter that should not be placed at the edge of the network. | |||||
| CVE-2024-36068 | 1 Rubrik | 1 Cloud Data Management | 2026-06-17 | N/A | 9.8 CRITICAL |
| An incorrect access control vulnerability in Rubrik CDM versions prior to 9.1.2-p1, 9.0.3-p6 and 8.1.3-p12, allows an attacker with network access to execute arbitrary code. | |||||
| CVE-2024-35433 | 1 Zkteco | 1 Zkbio Cvsecurity | 2026-06-17 | N/A | 8.1 HIGH |
| ZKTeco ZKBio CVSecurity 6.1.1 is vulnerable to Incorrect Access Control. An authenticated user, without the permissions of managing users, can create a new admin user. | |||||
| CVE-2024-35396 | 1 Totolink | 2 Cp900l, Cp900l Firmware | 2026-06-17 | N/A | 9.8 CRITICAL |
| TOTOLINK CP900L v4.1.5cu.798_B20221228 was discovered to contain a hardcoded password for telnet in /web_cste/cgi-bin/product.ini, which allows attackers to log in as root. | |||||
| CVE-2024-35222 | 2026-06-17 | N/A | 5.9 MEDIUM | ||
| Tauri is a framework for building binaries for all major desktop platforms. Remote origin iFrames in Tauri applications can access the Tauri IPC endpoints without being explicitly allowed in the `dangerousRemoteDomainIpcAccess` in v1 and in the `capabilities` in v2. Valid commands with potentially unwanted consequences ("delete project", "transfer credits", etc.) could be invoked by an attacker that controls the content of an iframe running inside a Tauri app. This vulnerability has been patched in versions 1.6.7 and 2.0.0-beta.19. | |||||
| CVE-2024-35177 | 1 Wazuh | 1 Wazuh | 2026-06-17 | N/A | 7.8 HIGH |
| Wazuh is a free and open source platform used for threat prevention, detection, and response. It is capable of protecting workloads across on-premises, virtualized, containerized, and cloud-based environments. The wazuh-agent for Windows is vulnerable to a Local Privilege Escalation vulnerability due to improper ACL of the non-default installation directory. A local malicious user could potentially exploit this vulnerability by placing one of the many DLL that are loaded and not present on the system in the installation folder of the agent OR by replacing the service executable binary itself with a malicious one. The root cause is an improper ACL applied on the installation folder when a non-default installation path is specified (e.g,: C:\wazuh). Many DLLs are loaded from the installation folder and by creating a malicious DLLs that exports the functions of a legit one (and that is not found on the system where the agent is installed, such as rsync.dll) it is possible to escalate privileges from a low-privileged user and obtain code execution under the context of NT AUTHORITY\SYSTEM. This issue has been addressed in version 4.9.0 and all users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
