Vulnerabilities (CVE)

Filtered by CWE-284
Total 4417 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-36820 1 Objectcomputing 1 Micronaut Security 2026-06-17 N/A 4.8 MEDIUM
Micronaut Security is a security solution for applications. Prior to versions 3.1.2, 3.2.4, 3.3.2, 3.4.3, 3.5.3, 3.6.6, 3.7.4, 3.8.4, 3.9.6, 3.10.2, and 3.11.1, IdTokenClaimsValidator skips `aud` claim validation if token is issued by same identity issuer/provider. Any OIDC setup using Micronaut where multiple OIDC applications exists for the same issuer but token auth are not meant to be shared. This issue has been patched in versions 3.1.2, 3.2.4, 3.3.2, 3.4.3, 3.5.3, 3.6.6, 3.7.4, 3.8.4, 3.9.6, 3.10.2, and 3.11.1.
CVE-2023-36790 1 Microsoft 1 Windows Server 2008 2026-06-17 N/A 7.8 HIGH
Windows RDP Encoder Mirror Driver Elevation of Privilege Vulnerability
CVE-2023-36725 1 Microsoft 7 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 4 more 2026-06-17 N/A 7.8 HIGH
Windows Kernel Elevation of Privilege Vulnerability
CVE-2023-36722 1 Microsoft 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more 2026-06-17 N/A 4.4 MEDIUM
Active Directory Domain Services Information Disclosure Vulnerability
CVE-2023-36644 1 Itb-pim 1 Tradepro 2026-06-17 N/A 7.5 HIGH
Incorrect Access Control in ITB-GmbH TradePro v9.5, allows remote attackers to receive all order confirmations from the online shop via the printmail plugin.
CVE-2023-36643 1 Itb-pim 1 Tradepro 2026-06-17 N/A 7.5 HIGH
Incorrect Access Control in ITB-GmbH TradePro v9.5, allows remote attackers to receive all orders from the online shop via oordershow component in customer function.
CVE-2023-36620 1 Nationaledtech 1 Boomerang 2026-06-17 N/A 4.6 MEDIUM
An issue was discovered in the Boomerang Parental Control application before 13.83 for Android. The app is missing the android:allowBackup="false" attribute in the manifest. This allows the user to backup the internal memory of the app to a PC. This gives the user access to the API token that is used to authenticate requests to the API.
CVE-2023-36561 1 Microsoft 1 Azure Devops Server 2026-06-17 N/A 7.3 HIGH
Azure DevOps Server Elevation of Privilege Vulnerability
CVE-2023-36554 1 Fortinet 1 Fortimanager 2026-06-17 N/A 8.1 HIGH
A improper access control in Fortinet FortiManager version 7.4.0, version 7.2.0 through 7.2.3, version 7.0.0 through 7.0.10, version 6.4.0 through 6.4.13, 6.2 all versions allows attacker to execute unauthorized code or commands via specially crafted HTTP requests.
CVE-2023-36404 1 Microsoft 11 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 8 more 2026-06-17 N/A 5.5 MEDIUM
Windows Kernel Information Disclosure Vulnerability
CVE-2023-36106 1 Powerjob 1 Powerjob 2026-06-17 N/A 7.5 HIGH
An incorrect access control vulnerability in powerjob 4.3.2 and earlier allows remote attackers to obtain sensitive information via the interface for querying via appId parameter to /container/list.
CVE-2023-35939 1 Glpi-project 1 Glpi 2026-06-17 N/A 8.1 HIGH
GLPI is a free asset and IT management software package. Starting in version 9.5.0 and prior to version 10.0.8, an incorrect rights check on a on a file accessible by an authenticated user (or not for certain actions), allows a threat actor to interact, modify, or see Dashboard data. Version 10.0.8 contains a patch for this issue.
CVE-2023-35179 1 Solarwinds 1 Serv-u 2026-06-17 N/A 7.2 HIGH
A vulnerability has been identified within Serv-U 15.4 that, if exploited, allows an actor to bypass multi-factor/two-factor authentication. The actor must have administrator-level access to Serv-U to perform this action. 
CVE-2023-35167 1 Remult 1 Remult 2026-06-17 N/A 5.0 MEDIUM
Remult is a CRUD framework for full-stack TypeScript. If you used the apiPrefilter option of the `@Entity` decorator, by setting it to a function that returns a filter that prevents unauthorized access to data, an attacker who knows the `id` of an entity instance is not authorized to access, can gain read, update and delete access to it. The issue is fixed in version 0.20.6. As a workaround, set the `apiPrefilter` option to a filter object instead of a function.
CVE-2023-35121 1 Intel 16 Advisor, Cluster Checker, Distribution For Python and 13 more 2026-06-17 N/A 7.8 HIGH
Improper access control in the Intel(R) oneAPI DPC++/C++ Compiler before version 2022.2.1 for some Intel(R) oneAPI Toolkits before version 2022.3.1 may allow authenticated user to potentially enable escalation of privilege via local access.
CVE-2023-35062 1 Intel 1 Driver \& Support Assistant 2026-06-17 N/A 6.3 MEDIUM
Improper access control in some Intel(R) DSA software before version 23.4.33 may allow a privileged user to potentially enable escalation of privilege via local access.
CVE-2023-34404 1 Mercedes-benz 1 Headunit Ntg6 Mercedes-benz User Experience 2026-06-17 N/A 4.9 MEDIUM
Mercedes-Benz head-unit NTG6 has Ethernet pins on Base Board to connect module CSB. Attacker can connect to these pins and get access to internal network. As a result, by accessing a specific port an attacker can send call request to all registered services in router and achieve command injection vulnerability.
CVE-2023-34403 1 Mercedes-benz 1 Headunit Ntg6 Mercedes-benz User Experience 2026-06-17 N/A 4.9 MEDIUM
Mercedes-Benz head-unit NTG6 has Ethernet pins on Base Board to connect module CSB. Attacker can connect to this pins and get access to internal network. A race condition can be acquired and attacker can spoof “UserData” with desirable file path and access it though backup on USB.
CVE-2023-34107 1 Glpi-project 1 Glpi 2026-06-17 N/A 6.5 MEDIUM
GLPI is a free asset and IT management software package. Versions of the software starting with 9.2.0 and prior to 10.0.8 have an incorrect rights check on a on a file accessible by an authenticated user, allows access to the view all KnowbaseItems. Version 10.0.8 has a patch for this issue.
CVE-2023-34106 1 Glpi-project 1 Glpi 2026-06-17 N/A 6.5 MEDIUM
GLPI is a free asset and IT management software package. Versions of the software starting with 0.68 and prior to 10.0.8 have an incorrect rights check on a on a file accessible by an authenticated user. This allows access to the list of all users and their personal information. Users should upgrade to version 10.0.8 to receive a patch.