Total
4417 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-36820 | 1 Objectcomputing | 1 Micronaut Security | 2026-06-17 | N/A | 4.8 MEDIUM |
| Micronaut Security is a security solution for applications. Prior to versions 3.1.2, 3.2.4, 3.3.2, 3.4.3, 3.5.3, 3.6.6, 3.7.4, 3.8.4, 3.9.6, 3.10.2, and 3.11.1, IdTokenClaimsValidator skips `aud` claim validation if token is issued by same identity issuer/provider. Any OIDC setup using Micronaut where multiple OIDC applications exists for the same issuer but token auth are not meant to be shared. This issue has been patched in versions 3.1.2, 3.2.4, 3.3.2, 3.4.3, 3.5.3, 3.6.6, 3.7.4, 3.8.4, 3.9.6, 3.10.2, and 3.11.1. | |||||
| CVE-2023-36790 | 1 Microsoft | 1 Windows Server 2008 | 2026-06-17 | N/A | 7.8 HIGH |
| Windows RDP Encoder Mirror Driver Elevation of Privilege Vulnerability | |||||
| CVE-2023-36725 | 1 Microsoft | 7 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 4 more | 2026-06-17 | N/A | 7.8 HIGH |
| Windows Kernel Elevation of Privilege Vulnerability | |||||
| CVE-2023-36722 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more | 2026-06-17 | N/A | 4.4 MEDIUM |
| Active Directory Domain Services Information Disclosure Vulnerability | |||||
| CVE-2023-36644 | 1 Itb-pim | 1 Tradepro | 2026-06-17 | N/A | 7.5 HIGH |
| Incorrect Access Control in ITB-GmbH TradePro v9.5, allows remote attackers to receive all order confirmations from the online shop via the printmail plugin. | |||||
| CVE-2023-36643 | 1 Itb-pim | 1 Tradepro | 2026-06-17 | N/A | 7.5 HIGH |
| Incorrect Access Control in ITB-GmbH TradePro v9.5, allows remote attackers to receive all orders from the online shop via oordershow component in customer function. | |||||
| CVE-2023-36620 | 1 Nationaledtech | 1 Boomerang | 2026-06-17 | N/A | 4.6 MEDIUM |
| An issue was discovered in the Boomerang Parental Control application before 13.83 for Android. The app is missing the android:allowBackup="false" attribute in the manifest. This allows the user to backup the internal memory of the app to a PC. This gives the user access to the API token that is used to authenticate requests to the API. | |||||
| CVE-2023-36561 | 1 Microsoft | 1 Azure Devops Server | 2026-06-17 | N/A | 7.3 HIGH |
| Azure DevOps Server Elevation of Privilege Vulnerability | |||||
| CVE-2023-36554 | 1 Fortinet | 1 Fortimanager | 2026-06-17 | N/A | 8.1 HIGH |
| A improper access control in Fortinet FortiManager version 7.4.0, version 7.2.0 through 7.2.3, version 7.0.0 through 7.0.10, version 6.4.0 through 6.4.13, 6.2 all versions allows attacker to execute unauthorized code or commands via specially crafted HTTP requests. | |||||
| CVE-2023-36404 | 1 Microsoft | 11 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 8 more | 2026-06-17 | N/A | 5.5 MEDIUM |
| Windows Kernel Information Disclosure Vulnerability | |||||
| CVE-2023-36106 | 1 Powerjob | 1 Powerjob | 2026-06-17 | N/A | 7.5 HIGH |
| An incorrect access control vulnerability in powerjob 4.3.2 and earlier allows remote attackers to obtain sensitive information via the interface for querying via appId parameter to /container/list. | |||||
| CVE-2023-35939 | 1 Glpi-project | 1 Glpi | 2026-06-17 | N/A | 8.1 HIGH |
| GLPI is a free asset and IT management software package. Starting in version 9.5.0 and prior to version 10.0.8, an incorrect rights check on a on a file accessible by an authenticated user (or not for certain actions), allows a threat actor to interact, modify, or see Dashboard data. Version 10.0.8 contains a patch for this issue. | |||||
| CVE-2023-35179 | 1 Solarwinds | 1 Serv-u | 2026-06-17 | N/A | 7.2 HIGH |
| A vulnerability has been identified within Serv-U 15.4 that, if exploited, allows an actor to bypass multi-factor/two-factor authentication. The actor must have administrator-level access to Serv-U to perform this action. | |||||
| CVE-2023-35167 | 1 Remult | 1 Remult | 2026-06-17 | N/A | 5.0 MEDIUM |
| Remult is a CRUD framework for full-stack TypeScript. If you used the apiPrefilter option of the `@Entity` decorator, by setting it to a function that returns a filter that prevents unauthorized access to data, an attacker who knows the `id` of an entity instance is not authorized to access, can gain read, update and delete access to it. The issue is fixed in version 0.20.6. As a workaround, set the `apiPrefilter` option to a filter object instead of a function. | |||||
| CVE-2023-35121 | 1 Intel | 16 Advisor, Cluster Checker, Distribution For Python and 13 more | 2026-06-17 | N/A | 7.8 HIGH |
| Improper access control in the Intel(R) oneAPI DPC++/C++ Compiler before version 2022.2.1 for some Intel(R) oneAPI Toolkits before version 2022.3.1 may allow authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2023-35062 | 1 Intel | 1 Driver \& Support Assistant | 2026-06-17 | N/A | 6.3 MEDIUM |
| Improper access control in some Intel(R) DSA software before version 23.4.33 may allow a privileged user to potentially enable escalation of privilege via local access. | |||||
| CVE-2023-34404 | 1 Mercedes-benz | 1 Headunit Ntg6 Mercedes-benz User Experience | 2026-06-17 | N/A | 4.9 MEDIUM |
| Mercedes-Benz head-unit NTG6 has Ethernet pins on Base Board to connect module CSB. Attacker can connect to these pins and get access to internal network. As a result, by accessing a specific port an attacker can send call request to all registered services in router and achieve command injection vulnerability. | |||||
| CVE-2023-34403 | 1 Mercedes-benz | 1 Headunit Ntg6 Mercedes-benz User Experience | 2026-06-17 | N/A | 4.9 MEDIUM |
| Mercedes-Benz head-unit NTG6 has Ethernet pins on Base Board to connect module CSB. Attacker can connect to this pins and get access to internal network. A race condition can be acquired and attacker can spoof “UserData” with desirable file path and access it though backup on USB. | |||||
| CVE-2023-34107 | 1 Glpi-project | 1 Glpi | 2026-06-17 | N/A | 6.5 MEDIUM |
| GLPI is a free asset and IT management software package. Versions of the software starting with 9.2.0 and prior to 10.0.8 have an incorrect rights check on a on a file accessible by an authenticated user, allows access to the view all KnowbaseItems. Version 10.0.8 has a patch for this issue. | |||||
| CVE-2023-34106 | 1 Glpi-project | 1 Glpi | 2026-06-17 | N/A | 6.5 MEDIUM |
| GLPI is a free asset and IT management software package. Versions of the software starting with 0.68 and prior to 10.0.8 have an incorrect rights check on a on a file accessible by an authenticated user. This allows access to the list of all users and their personal information. Users should upgrade to version 10.0.8 to receive a patch. | |||||
