Total
4438 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-31846 | 1 Italtel | 1 Embrace | 2026-06-17 | N/A | 7.5 HIGH |
| An issue was discovered in Italtel Embrace 1.6.4. The web application does not restrict or incorrectly restricts access to a resource from an unauthorized actor. | |||||
| CVE-2024-31805 | 1 Totolink | 2 Ex200, Ex200 Firmware | 2026-06-17 | N/A | 6.5 MEDIUM |
| TOTOLINK EX200 V4.0.3c.7646_B20201211 allows attackers to start the Telnet service without authorization via the telnet_enabled parameter in the setTelnetCfg function. | |||||
| CVE-2024-31759 | 1 Publiccms | 1 Publiccms | 2026-06-17 | N/A | 8.8 HIGH |
| An issue in sanluan PublicCMS v.4.0.202302.e allows an attacker to escalate privileges via the change password function. | |||||
| CVE-2024-31503 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2026-06-17 | N/A | 7.5 HIGH |
| Incorrect access control in Dolibarr ERP CRM versions 19.0.0 and before, allows authenticated attackers to steal victim users' session cookies and CSRF protection tokens via user interaction with a crafted web page, leading to account takeover. | |||||
| CVE-2024-31320 | 1 Google | 1 Android | 2026-06-17 | N/A | 7.8 HIGH |
| In setSkipPrompt of AssociationRequest.java , there is a possible way to establish a companion device association without any confirmation due to CDM. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2024-30481 | 1 Jch Optimize Project | 1 Jch Optimize | 2026-06-17 | N/A | 6.5 MEDIUM |
| Broken Access Control vulnerability in Samuel Marshall JCH Optimize.This issue affects JCH Optimize: from n/a through 4.0.0. | |||||
| CVE-2024-30418 | 1 Huawei | 2 Emui, Harmonyos | 2026-06-17 | N/A | 7.5 HIGH |
| Vulnerability of insufficient permission verification in the app management module. Impact: Successful exploitation of this vulnerability will affect availability. | |||||
| CVE-2024-30261 | 2 Fedoraproject, Nodejs | 2 Fedora, Undici | 2026-06-17 | N/A | 2.6 LOW |
| Undici is an HTTP/1.1 client, written from scratch for Node.js. An attacker can alter the `integrity` option passed to `fetch()`, allowing `fetch()` to accept requests as valid even if they have been tampered. This vulnerability was patched in version(s) 5.28.4 and 6.11.1. | |||||
| CVE-2024-30211 | 2026-06-17 | N/A | 6.0 MEDIUM | ||
| Improper access control in some Intel(R) ME driver pack installer engines before version 2422.6.2.0 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2024-30148 | 1 Hcltech | 1 Hcl Leap | 2026-06-17 | N/A | 4.1 MEDIUM |
| Improper access control of endpoint in HCL Leap allows certain admin users to import applications from the server's filesystem. | |||||
| CVE-2024-30146 | 1 Hcltech | 1 Domino Leap | 2026-06-17 | N/A | 4.1 MEDIUM |
| Improper access control of endpoint in HCL Domino Leap allows certain admin users to import applications from the server's filesystem. | |||||
| CVE-2024-30107 | 1 Hcltech | 1 Connections | 2026-06-17 | N/A | 3.5 LOW |
| HCL Connections contains a broken access control vulnerability that may expose sensitive information to unauthorized users in certain scenarios. | |||||
| CVE-2024-30059 | 1 Microsoft | 1 Intune Mobile Application Management | 2026-06-17 | N/A | 6.1 MEDIUM |
| Microsoft Intune for Android Mobile Application Management Tampering Vulnerability | |||||
| CVE-2024-2880 | 1 Gitlab | 1 Gitlab | 2026-06-17 | N/A | 2.7 LOW |
| An issue was discovered in GitLab CE/EE affecting all versions starting from 16.5 prior to 16.11.6, starting from 17.0 prior to 17.0.4, and starting from 17.1 prior to 17.1.2 in which a user with `admin_group_member` custom role permission could ban group members. | |||||
| CVE-2024-2749 | 1 Vikwp | 1 Vikbooking Hotel Booking Engine \& Pms | 2026-06-17 | N/A | 5.9 MEDIUM |
| The VikBooking Hotel Booking Engine & PMS WordPress plugin before 1.6.8's access control mechanism fails to properly restrict access to its settings, permitting any users that can access a menu to manipulate requests and perform unauthorized actions such as editing, renaming or deleting (categories for example) despite initial settings prohibiting such access. This vulnerability resembles broken access control, enabling unauthorized users to modify critical VikBooking Hotel Booking Engine & PMS WordPress plugin before 1.6.8 configurations. | |||||
| CVE-2024-2481 | 1 Surya2developer | 1 Hostel Management System | 2026-06-17 | 6.4 MEDIUM | 6.5 MEDIUM |
| A vulnerability, which was classified as critical, was found in Surya2Developer Hostel Management System 1.0. Affected is an unknown function of the file /admin/manage-students.php. The manipulation of the argument del leads to improper access controls. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-256890 is the identifier assigned to this vulnerability. | |||||
| CVE-2024-2447 | 1 Mattermost | 1 Mattermost Server | 2026-06-17 | N/A | 6.5 MEDIUM |
| Mattermost versions 8.1.x before 8.1.11, 9.3.x before 9.3.3, 9.4.x before 9.4.4, and 9.5.x before 9.5.2 fail to authenticate the source of certain types of post actions, allowing an authenticated attacker to create posts as other users via a crafted post action. | |||||
| CVE-2024-2315 | 1 Ami | 1 Aptio V | 2026-06-17 | N/A | 7.1 HIGH |
| APTIOV contains a vulnerability in BIOS where may cause Improper Access Control by a local attacker. Successful exploitation of this vulnerability may lead to unexpected SPI flash modifications and BIOS boot kit launches, also impacting the availability. | |||||
| CVE-2024-2281 | 1 Boyiddha | 1 Automated-mess-management-system | 2026-06-17 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability was found in boyiddha Automated-Mess-Management-System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/index.php of the component Setting Handler. The manipulation leads to improper access controls. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-256048. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-2217 | 1 Gaizhenbiao | 1 Chuanhuchatgpt | 2026-06-17 | N/A | 7.5 HIGH |
| gaizhenbiao/chuanhuchatgpt is vulnerable to improper access control, allowing unauthorized access to the `config.json` file. This vulnerability is present in both authenticated and unauthenticated versions of the application, enabling attackers to obtain sensitive information such as API keys (`openai_api_key`, `google_palm_api_key`, `xmchat_api_key`, etc.), configuration details, and user credentials. The issue stems from the application's handling of HTTP requests for the `config.json` file, which does not properly restrict access based on user authentication. | |||||
