Total
4417 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-28877 | 1 Vtex | 1 Apps-graphql | 2026-06-17 | N/A | 7.5 HIGH |
| The VTEX apps-graphql@2.x GraphQL API module does not properly restrict unauthorized access to private configuration data. (apps-graphql@3.x is unaffected by this issue.) | |||||
| CVE-2023-28844 | 1 Nextcloud | 1 Nextcloud Server | 2026-06-17 | N/A | 5.7 MEDIUM |
| Nextcloud server is an open source home cloud implementation. In affected versions users that should not be able to download a file can still download an older version and use that for uncontrolled distribution. This issue has been addressed in versions 24.0.10 and 25.0.4. Users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2023-28715 | 1 Intel | 1 Oneapi | 2026-06-17 | N/A | 5.0 MEDIUM |
| Improper access control in some Intel(R) oneAPI Toolkit and component software installers before version 4.3.2 may allow an authenticated user to potentially enable denial of service via local access. | |||||
| CVE-2023-28714 | 2 Intel, Microsoft | 2 Proset\/wireless Wifi, Windows | 2026-06-17 | N/A | 8.2 HIGH |
| Improper access control in firmware for some Intel(R) PROSet/Wireless WiFi software for Windows before version 22.220 HF (Hot Fix) may allow a privileged user to potentially enable escalation of privilege via local access. | |||||
| CVE-2023-28645 | 1 Nextcloud | 1 Richdocuments | 2026-06-17 | N/A | 5.7 MEDIUM |
| Nextcloud richdocuments is a Nextcloud app integrating the office suit Collabora Online. In affected versions the secure view feature of the rich documents app can be bypassed by using unprotected internal API endpoint of the rich documents app. It is recommended that the Nextcloud Office app (richdocuments) is upgraded to 8.0.0-beta.1, 7.0.2 or 6.3.2. Users unable to upgrade may mitigate the issue by taking steps to restrict the ability to download documents. This includes ensuring that the `WOPI configuration` is configured to only serve documents between Nextcloud and Collabora. It is highly recommended to define the list of Collabora server IPs as the allow list within the Office admin settings of Nextcloud. | |||||
| CVE-2023-28531 | 2 Netapp, Openbsd | 4 Brocade Fabric Operating System, Hci Bootstrap Os, Solidfire Element Os and 1 more | 2026-06-17 | N/A | 9.8 CRITICAL |
| ssh-add in OpenSSH before 9.3 adds smartcard keys to ssh-agent without the intended per-hop destination constraints. The earliest affected version is 8.9. | |||||
| CVE-2023-28443 | 1 Monospace | 1 Directus | 2026-06-17 | N/A | 4.2 MEDIUM |
| Directus is a real-time API and App dashboard for managing SQL database content. Prior to version 9.23.3, the `directus_refresh_token` is not redacted properly from the log outputs and can be used to impersonate users without their permission. This issue is patched in version 9.23.3. | |||||
| CVE-2023-28372 | 1 Purestorage | 1 Purity | 2026-06-17 | N/A | 6.5 MEDIUM |
| A flaw exists in FlashBlade Purity (OE) Version 4.1.0 whereby a user with privileges to extend an object’s retention period can affect the availability of the object lock. | |||||
| CVE-2023-28312 | 1 Microsoft | 1 Azure Machine Learning | 2026-06-17 | N/A | 6.5 MEDIUM |
| Azure Machine Learning Information Disclosure Vulnerability | |||||
| CVE-2023-28300 | 1 Microsoft | 1 Azure Service Connector | 2026-06-17 | N/A | 7.5 HIGH |
| Azure Service Connector Security Feature Bypass Vulnerability | |||||
| CVE-2023-28246 | 1 Microsoft | 3 Windows 11 21h2, Windows 11 22h2, Windows Server 2022 | 2026-06-17 | N/A | 7.8 HIGH |
| Windows Registry Elevation of Privilege Vulnerability | |||||
| CVE-2023-28197 | 1 Apple | 1 Macos | 2026-06-17 | N/A | 3.3 LOW |
| An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Ventura 13.3, macOS Big Sur 11.7.5, macOS Monterey 12.6.4. An app may be able to access user-sensitive data. | |||||
| CVE-2023-28070 | 1 Dell | 1 Alienware Command Center | 2026-06-17 | N/A | 6.7 MEDIUM |
| Alienware Command Center Application, versions 5.5.43.0 and prior, contain an improper access control vulnerability. A local malicious user could potentially exploit this vulnerability during installation or update process leading to privilege escalation. | |||||
| CVE-2023-28066 | 1 Dell | 1 Os Recovery Tool | 2026-06-17 | N/A | 7.3 HIGH |
| Dell OS Recovery Tool, versions 2.2.4013 and 2.3.7012.0, contain an Improper Access Control Vulnerability. A local authenticated non-administrator user could potentially exploit this vulnerability in order to elevate privileges on the system. | |||||
| CVE-2023-27875 | 3 Ibm, Linux, Microsoft | 3 Aspera Faspex, Linux Kernel, Windows | 2026-06-17 | N/A | 7.5 HIGH |
| IBM Aspera Faspex 5.0.4 could allow a user to change other user's credentials due to improper access controls. IBM X-Force ID: 249847. | |||||
| CVE-2023-27517 | 1 Intel | 16 Nma1xxd128gpsu4, Nma1xxd128gpsuf, Nma1xxd256gpsu4 and 13 more | 2026-06-17 | N/A | 6.6 MEDIUM |
| Improper access control in some Intel(R) Optane(TM) PMem software before versions 01.00.00.3547, 02.00.00.3915, 03.00.00.0483 may allow an athenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2023-27350 | 1 Papercut | 2 Papercut Mf, Papercut Ng | 2026-06-17 | N/A | 9.8 CRITICAL |
| This vulnerability allows remote attackers to bypass authentication on affected installations of PaperCut NG 22.0.5 (Build 63914). Authentication is not required to exploit this vulnerability. The specific flaw exists within the SetupCompleted class. The issue results from improper access control. An attacker can leverage this vulnerability to bypass authentication and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-18987. | |||||
| CVE-2023-27303 | 1 Intel | 1 Thunderbolt Dch Driver | 2026-06-17 | N/A | 3.8 LOW |
| Improper access control in some Intel(R) Thunderbolt(TM) DCH drivers for Windows before version 88 may allow an authenticated user to potentially enable information disclosure via local access. | |||||
| CVE-2023-27301 | 1 Intel | 1 Thunderbolt Dch Driver | 2026-06-17 | N/A | 4.2 MEDIUM |
| Improper access control in some Intel(R) Thunderbolt(TM) DCH drivers for Windows before version 88 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2023-27268 | 1 Sap | 1 Netweaver Application Server For Java | 2026-06-17 | N/A | 5.3 MEDIUM |
| SAP NetWeaver AS Java (Object Analyzing Service) - version 7.50, does not perform necessary authorization checks, allowing an unauthenticated attacker to attach to an open interface and make use of an open naming and directory API to access a service which will enable them to access but not modify server settings and data with no effect on availability., resulting in escalation of privileges. | |||||
