Total
4417 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-27088 | 1 Feiqu-opensource Project | 1 Feiqu-opensource | 2026-06-17 | N/A | 8.8 HIGH |
| feiqu-opensource Background Vertical authorization vulnerability exists in IndexController.java. demo users with low permission can perform operations within the permission of the admin super administrator and can use this vulnerability to change the blacklist IP address in the system at will. | |||||
| CVE-2023-26770 | 1 Taskcafe Project | 1 Taskcafe | 2026-06-17 | N/A | 9.8 CRITICAL |
| TaskCafe 0.3.2 lacks validation in the Cookie value. Any unauthenticated attacker who knows a registered UserID can change the password of that user. | |||||
| CVE-2023-26596 | 1 Intel | 1 Thunderbolt Dch Driver | 2026-06-17 | N/A | 2.5 LOW |
| Improper access control in some Intel(R) Thunderbolt(TM) DCH drivers for Windows before version 88 may allow an authenticated user to potentially enable denial of service via local access. | |||||
| CVE-2023-26585 | 1 Intel | 1 Thunderbolt Dch Driver | 2026-06-17 | N/A | 5.0 MEDIUM |
| Improper access control in some Intel(R) Thunderbolt(TM) DCH drivers for Windows before version 88 may allow an authenticated user to potentially enable denial of service via local access. | |||||
| CVE-2023-26460 | 1 Sap | 1 Netweaver Application Server For Java | 2026-06-17 | N/A | 5.3 MEDIUM |
| Cache Management Service in SAP NetWeaver Application Server for Java - version 7.50, does not perform any authentication checks for functionalities that require user identity | |||||
| CVE-2023-26360 | 1 Adobe | 1 Coldfusion | 2026-06-17 | N/A | 8.6 HIGH |
| Adobe ColdFusion versions 2018 Update 15 (and earlier) and 2021 Update 5 (and earlier) are affected by an Improper Access Control vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. | |||||
| CVE-2023-25777 | 1 Intel | 1 Thunderbolt Dch Driver | 2026-06-17 | N/A | 7.9 HIGH |
| Improper access control in some Intel(R) Thunderbolt(TM) DCH drivers for Windows before version 88 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2023-25595 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2026-06-17 | N/A | 5.5 MEDIUM |
| A vulnerability exists in the ClearPass OnGuard Ubuntu agent that allows for an attacker with local Ubuntu instance access to potentially obtain sensitive information. Successful Exploitation of this vulnerability allows an attacker to retrieve information that is of a sensitive nature to the ClearPass/OnGuard environment. | |||||
| CVE-2023-25174 | 1 Intel | 1 Chipset Device Software | 2026-06-17 | N/A | 6.7 MEDIUM |
| Improper access control in some Intel(R) Chipset Driver Software before version 10.1.19444.8378 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2023-25073 | 1 Intel | 1 Driver \& Support Assistant | 2026-06-17 | N/A | 5.5 MEDIUM |
| Improper access control in some Intel(R) DSA software before version 23.4.33 may allow an authenticated user to potentially enable denial of service via local access. | |||||
| CVE-2023-24905 | 1 Microsoft | 5 Windows 10 20h2, Windows 10 21h2, Windows 10 22h2 and 2 more | 2026-06-17 | N/A | 7.8 HIGH |
| Remote Desktop Client Remote Code Execution Vulnerability | |||||
| CVE-2023-24688 | 1 Mojoportal | 1 Mojoportal | 2026-06-17 | N/A | 5.3 MEDIUM |
| An issue in Mojoportal v2.7.0.0 allows an unauthenticated attacker to register a new user even if the Allow User Registrations feature is disabled. | |||||
| CVE-2023-24544 | 1 Buffalo | 24 Bs-gs2008, Bs-gs2008 Firmware, Bs-gs2008p and 21 more | 2026-06-17 | N/A | 8.1 HIGH |
| Improper access control vulnerability in Buffalo network devices allows a network-adjacent attacker to obtain specific files of the product. As a result, the product settings may be altered. The affected products and versions are as follows: BS-GSL2024 firmware Ver. 1.10-0.03 and earlier, BS-GSL2016P firmware Ver. 1.10-0.03 and earlier, BS-GSL2016 firmware Ver. 1.10-0.03 and earlier, BS-GS2008 firmware Ver. 1.0.10.01 and earlier, BS-GS2016 firmware Ver. 1.0.10.01 and earlier, BS-GS2024 firmware Ver. 1.0.10.01 and earlier, BS-GS2048 firmware Ver. 1.0.10.01 and earlier, BS-GS2008P firmware Ver. 1.0.10.01 and earlier, BS-GS2016P firmware Ver. 1.0.10.01 and earlier, and BS-GS2024P firmware Ver. 1.0.10.01 and earlier | |||||
| CVE-2023-24481 | 1 Intel | 1 Thunderbolt Dch Driver | 2026-06-17 | N/A | 6.3 MEDIUM |
| Improper access control in some Intel(R) Thunderbolt(TM) DCH drivers for Windows before version 88 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2023-24468 | 1 Microfocus | 1 Netiq Advanced Authentication | 2026-06-17 | N/A | 9.8 CRITICAL |
| Broken access control in Advanced Authentication versions prior to 6.4.1.1 and 6.3.7.2 | |||||
| CVE-2023-24425 | 1 Jenkins | 1 Kubernetes Credentials Provider | 2026-06-17 | N/A | 6.5 MEDIUM |
| Jenkins Kubernetes Credentials Provider Plugin 1.208.v128ee9800c04 and earlier does not set the appropriate context for Kubernetes credentials lookup, allowing attackers with Item/Configure permission to access and potentially capture Kubernetes credentials they are not entitled to. | |||||
| CVE-2023-24320 | 1 Axcora | 1 Axcora | 2026-06-17 | N/A | 9.8 CRITICAL |
| An access control issue in Axcora POS #0~gitf77ec09 allows unauthenticated attackers to execute arbitrary commands via unspecified vectors. | |||||
| CVE-2023-24215 | 2026-06-17 | N/A | 9.1 CRITICAL | ||
| Incorrect access control in the /uci/get/ endpoint of NOVUS AirGate 4G firmware v1.1.16 allows unauthenticated attackers to obtain administrator credentials via a crafted POST request. | |||||
| CVE-2023-24058 | 1 Twinkletoessoftware | 1 Booked | 2026-06-17 | N/A | 4.3 MEDIUM |
| Booked Scheduler 2.5.5 allows authenticated users to create and schedule events for any other user via a modified userId value to reservation_save.php. NOTE: 2.5.5 is a version from 2014; the latest version of Booked Scheduler is not affected. However, LabArchives Scheduler (Sep 6, 2022 Feature Release) is affected. | |||||
| CVE-2023-24028 | 1 Misp-project | 1 Misp | 2026-06-17 | N/A | 9.8 CRITICAL |
| In MISP 2.4.167, app/Controller/Component/ACLComponent.php has incorrect access control for the decaying import function. | |||||
