Vulnerabilities (CVE)

Filtered by CWE-284
Total 4440 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2024-23351 1 Qualcomm 188 Fastconnect 6200, Fastconnect 6200 Firmware, Fastconnect 6700 and 185 more 2026-06-17 N/A 8.4 HIGH
Memory corruption as GPU registers beyond the last protected range can be accessed through LPAC submissions.
CVE-2024-23331 2 Microsoft, Vitejs 2 Windows, Vite 2026-06-17 N/A 7.5 HIGH
Vite is a frontend tooling framework for javascript. The Vite dev server option `server.fs.deny` can be bypassed on case-insensitive file systems using case-augmented versions of filenames. Notably this affects servers hosted on Windows. This bypass is similar to CVE-2023-34092 -- with surface area reduced to hosts having case-insensitive filesystems. Since `picomatch` defaults to case-sensitive glob matching, but the file server doesn't discriminate; a blacklist bypass is possible. By requesting raw filesystem paths using augmented casing, the matcher derived from `config.server.fs.deny` fails to block access to sensitive files. This issue has been addressed in vite@5.0.12, vite@4.5.2, vite@3.2.8, and vite@2.9.17. Users are advised to upgrade. Users unable to upgrade should restrict access to dev servers.
CVE-2024-23315 1 Automationdirect 12 P1-540, P1-540 Firmware, P1-550 and 9 more 2026-06-17 N/A 7.5 HIGH
A read-what-where vulnerability exists in the Programming Software Connection IMM 01A1 Memory Read functionality of AutomationDirect P3-550E 1.2.10.9. A specially crafted network packet can lead to a disclosure of sensitive information. An attacker can send an unauthenticated packet to trigger this vulnerability.
CVE-2024-23271 1 Apple 6 Ipados, Iphone Os, Macos and 3 more 2026-06-17 N/A 6.5 MEDIUM
A logic issue was addressed with improved checks. This issue is fixed in Safari 17.3, iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, tvOS 17.3, watchOS 10.3. A malicious website may cause unexpected cross-origin behavior.
CVE-2024-23267 1 Apple 1 Macos 2026-06-17 N/A 5.5 MEDIUM
The issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.7.4, macOS Sonoma 14.4, macOS Ventura 13.6.5. An app may be able to bypass certain Privacy preferences.
CVE-2024-23266 1 Apple 1 Macos 2026-06-17 N/A 5.5 MEDIUM
The issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.7.4, macOS Sonoma 14.4, macOS Ventura 13.6.5. An app may be able to modify protected parts of the file system.
CVE-2024-23238 1 Apple 1 Macos 2026-06-17 N/A 3.3 LOW
An access issue was addressed with improved access restrictions. This issue is fixed in macOS Sonoma 14.4. An app may be able to edit NVRAM variables.
CVE-2024-22811 1 Tormach 2 Pathpilot Controller, Xstech Cnc Router 2026-06-17 N/A 8.2 HIGH
An issue in Tormach xsTECH CNC Router, PathPilot Controller v2.9.6 allows attackers to cause a Denial of Service (DoS) by disrupting the communication between the PathPilot controller and the CNC router via overwriting the Hostmot2 configuration cookie in the device memory.
CVE-2024-22807 1 Tormach 2 Pathpilot Controller, Xstech Cnc Router 2026-06-17 N/A 6.5 MEDIUM
An issue in Tormach xsTECH CNC Router, PathPilot Controller v2.9.6 allows attackers to erase a critical sector of the flash memory, causing the machine to lose network connectivity and suffer from firmware corruption.
CVE-2024-22459 1 Dell 1 Elastic Cloud Storage 2026-06-17 N/A 6.8 MEDIUM
Dell ECS, versions 3.6 through 3.6.2.5, and 3.7 through 3.7.0.6, and 3.8 through 3.8.0.4 versions, contain an improper access control vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to unauthorized access to all buckets and their data within a namespace
CVE-2024-22407 1 Shopware 1 Shopware 2026-06-17 N/A 4.9 MEDIUM
Shopware is an open headless commerce platform. In the Shopware CMS, the state handler for orders fails to sufficiently verify user authorizations for actions that modify the payment, delivery, and/or order status. Due to this inadequate implementation, users lacking 'write' permissions for orders are still able to change the order state. This issue has been addressed and users are advised to update to Shopware 6.5.7.4. For older versions of 6.1, 6.2, 6.3 and 6.4 corresponding security measures are also available via a plugin. For the full range of functions, we recommend updating to the latest Shopware version.
CVE-2024-22234 1 Vmware 1 Spring Security 2026-06-17 N/A 7.4 HIGH
In Spring Security, versions 6.1.x prior to 6.1.7 and versions 6.2.x prior to 6.2.2, an application is vulnerable to broken access control when it directly uses the AuthenticationTrustResolver.isFullyAuthenticated(Authentication) method. Specifically, an application is vulnerable if: * The application uses AuthenticationTrustResolver.isFullyAuthenticated(Authentication) directly and a null authentication parameter is passed to it resulting in an erroneous true return value. An application is not vulnerable if any of the following is true: * The application does not use AuthenticationTrustResolver.isFullyAuthenticated(Authentication) directly. * The application does not pass null to AuthenticationTrustResolver.isFullyAuthenticated * The application only uses isFullyAuthenticated via Method Security https://docs.spring.io/spring-security/reference/servlet/authorization/method-security.html  or HTTP Request Security https://docs.spring.io/spring-security/reference/servlet/authorization/authorize-http-requests.html
CVE-2024-22216 1 Microchip 1 Maxview Storage Manager 2026-06-17 N/A 10.0 CRITICAL
In default installations of Microchip maxView Storage Manager (for Adaptec Smart Storage Controllers) where Redfish server is configured for remote system management, unauthorized access can occur, with data modification and information disclosure. This affects 3.00.23484 through 4.14.00.26064 (except for the patched versions 3.07.23980 and 4.07.00.25339).
CVE-2024-22209 1 Edx 1 Edx-platform 2026-06-17 N/A 6.4 MEDIUM
Open edX Platform is a service-oriented platform for authoring and delivering online learning. A user with a JWT and more limited scopes could call endpoints exceeding their access. This vulnerability has been patched in commit 019888f.
CVE-2024-22206 1 Clerk 1 Javascript 2026-06-17 N/A 9.0 CRITICAL
Clerk helps developers build user management. Unauthorized access or privilege escalation due to a logic flaw in auth() in the App Router or getAuth() in the Pages Router. This vulnerability was patched in version 4.29.3.
CVE-2024-22202 1 Phpmyfaq 1 Phpmyfaq 2026-06-17 N/A 5.7 MEDIUM
phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. phpMyFAQ's user removal page allows an attacker to spoof another user's detail, and in turn make a compelling phishing case for removing another user's account. The front-end of this page doesn't allow changing the form details, an attacker can utilize a proxy to intercept this request and submit other data. Upon submitting this form, an email is sent to the administrator informing them that this user wants to delete their account. An administrator has no way of telling the difference between the actual user wishing to delete their account or the attacker issuing this for an account they do not control. This issue has been patched in version 3.2.5.
CVE-2024-22187 1 Automationdirect 12 P1-540, P1-540 Firmware, P1-550 and 9 more 2026-06-17 N/A 9.1 CRITICAL
A write-what-where vulnerability exists in the Programming Software Connection Remote Memory Diagnostics functionality of AutomationDirect P3-550E 1.2.10.9. A specially crafted network packet can lead to an arbitrary write. An attacker can send an unauthenticated packet to trigger this vulnerability.
CVE-2024-22074 1 Dynamsoft 1 Dynamsoft Service 2026-06-17 N/A 9.8 CRITICAL
Dynamsoft Service 1.8.1025 through 1.8.2013, 1.7.0330 through 1.7.2531, 1.6.0428 through 1.6.1112, 1.5.0625 through 1.5.3116, 1.4.0618 through 1.4.1230, and 1.0.516 through 1.3.0115 has Incorrect Access Control. This is fixed in 1.8.2014, 1.7.4212, 1.6.3212, 1.5.31212, 1.4.3212, and 1.3.3212.
CVE-2024-22067 1 Zte 2 Nh8091, Nh8091 Firmware 2026-06-17 N/A 6.8 MEDIUM
ZTE NH8091 product has an improper permission control vulnerability. Due to improper permission control of the Web module interface, an authenticated attacker may exploit the vulnerability to execute arbitrary commands.
CVE-2024-22026 1 Ivanti 1 Endpoint Manager Mobile 2026-06-17 N/A 6.7 MEDIUM
A local privilege escalation vulnerability in EPMM before 12.1.0.0 allows an authenticated local user to bypass shell restriction and execute arbitrary commands on the appliance.