Total
4381 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-14867 | 1 Odoo | 1 Odoo | 2026-06-17 | 5.0 MEDIUM | 5.3 MEDIUM |
| Incorrect access control in the portal messaging system in Odoo Community 9.0 and 10.0 and Odoo Enterprise 9.0 and 10.0 allows remote attackers to post messages on behalf of customers, and to guess document attribute values, via crafted parameters. | |||||
| CVE-2018-14864 | 1 Odoo | 1 Odoo | 2026-06-17 | 4.0 MEDIUM | 6.5 MEDIUM |
| Incorrect access control in asset bundles in Odoo Community 9.0 through 11.0 and earlier and Odoo Enterprise 9.0 through 11.0 and earlier allows remote authenticated users to inject arbitrary web script via a crafted attachment. | |||||
| CVE-2018-14863 | 1 Odoo | 1 Odoo | 2026-06-17 | 5.5 MEDIUM | 8.1 HIGH |
| Incorrect access control in the RPC framework in Odoo Community 8.0 through 11.0 and Odoo Enterprise 9.0 through 11.0 allows authenticated users to call private functions via RPC. | |||||
| CVE-2018-14859 | 1 Odoo | 1 Odoo | 2026-06-17 | 5.5 MEDIUM | 8.1 HIGH |
| Incorrect access control in the password reset component in Odoo Community 11.0 and earlier and Odoo Enterprise 11.0 and earlier allows authenticated users to reset the password of other users by being the first party to use the secure token. | |||||
| CVE-2018-14833 | 1 Intuit | 1 Lacerte | 2026-06-17 | 4.3 MEDIUM | 5.9 MEDIUM |
| Intuit Lacerte 2017 has Incorrect Access Control. | |||||
| CVE-2018-13896 | 1 Qualcomm | 72 Mdm9206, Mdm9206 Firmware, Mdm9607 and 69 more | 2026-06-17 | 7.2 HIGH | 7.8 HIGH |
| XBL_SEC image authentication and other crypto related validations are accessible to a compromised OEM XBL Loader due to missing lock at XBL_SEC stage.. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in MDM9206, MDM9607, MDM9650, MDM9655, MSM8996AU, QCS404, QCS605, Qualcomm 215, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM439, SDM630, SDM660, Snapdragon_High_Med_2016, SXR1130 | |||||
| CVE-2018-13895 | 1 Qualcomm | 74 Mdm9150, Mdm9150 Firmware, Mdm9206 and 71 more | 2026-06-17 | 7.2 HIGH | 7.8 HIGH |
| Due to the missing permissions on several content providers of the RCS app in its android manifest file will lead to an unprivileged access to phone in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 650/52, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20 | |||||
| CVE-2018-11744 | 1 Cloudera | 1 Cloudera Manager | 2026-06-17 | 6.8 MEDIUM | 8.1 HIGH |
| Cloudera Manager through 5.15 has Incorrect Access Control. | |||||
| CVE-2018-10691 | 1 Moxa | 2 Awk-3121, Awk-3121 Firmware | 2026-06-17 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered on Moxa AWK-3121 1.14 devices. It is intended that an administrator can download /systemlog.log (the system log). However, the same functionality allows an attacker to download the file without any authentication or authorization. | |||||
| CVE-2017-8340 | 1 Open-xchange | 1 Open-xchange Appsuite | 2026-06-17 | 6.5 MEDIUM | 8.8 HIGH |
| Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected by: Incorrect Access Control. | |||||
| CVE-2017-7497 | 1 Redhat | 1 Cloudforms Management Engine | 2026-06-17 | 4.0 MEDIUM | 4.1 MEDIUM |
| The dialog for creating cloud volumes (cinder provider) in CloudForms does not filter cloud tenants by user. An attacker with the ability to create storage volumes could use this to create storage volumes for any other tenant. | |||||
| CVE-2017-6912 | 1 Open-xchange | 1 Open-xchange Appsuite | 2026-06-17 | 6.5 MEDIUM | 8.8 HIGH |
| Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected by: Incorrect Access Control. | |||||
| CVE-2017-5863 | 1 Open-xchange | 1 Open-xchange Appsuite | 2026-06-17 | 7.5 HIGH | 9.8 CRITICAL |
| Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected by: Incorrect Access Control. | |||||
| CVE-2017-5212 | 1 Open-xchange | 1 Open-xchange Appsuite | 2026-06-17 | 7.5 HIGH | 9.8 CRITICAL |
| Open-Xchange GmbH OX App Suite 7.8.3 is affected by: Incorrect Access Control. | |||||
| CVE-2017-20233 | 2026-06-17 | N/A | 5.4 MEDIUM | ||
| Hirschmann HiLCOS products OpenBAT, BAT450, WLC, BAT867 contains a firewall filtering vulnerability that fails to correctly filter IPv4 multicast and broadcast traffic when management IP address filtering is disabled, allowing configured filter rules to be bypassed. Attackers with network access can inject or observe multicast and broadcast packets that should have been blocked by the firewall. | |||||
| CVE-2017-20199 | 1 Buttercup | 1 Buttercup | 2026-06-17 | 2.6 LOW | 3.1 LOW |
| A vulnerability was found in Buttercup buttercup-browser-extension up to 0.14.2. Affected by this vulnerability is an unknown functionality of the component Vault Handler. The manipulation results in improper access controls. The attack may be performed from a remote location. A high complexity level is associated with this attack. The exploitation appears to be difficult. The exploit has been made public and could be used. Upgrading to version 1.0.1 addresses this issue. The patch is identified as 89. Upgrading the affected component is recommended. This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2017-18543 | 1 Invite Anyone Project | 1 Invite Anyone | 2026-06-17 | 7.5 HIGH | 9.8 CRITICAL |
| The invite-anyone plugin before 1.3.16 for WordPress has incorrect access control for email-based invitations. | |||||
| CVE-2017-18457 | 1 Cpanel | 1 Cpanel | 2026-06-17 | 4.9 MEDIUM | 4.4 MEDIUM |
| cPanel before 62.0.17 allows arbitrary file-read operations via WHM /styled/ URLs (SEC-218). | |||||
| CVE-2017-18421 | 1 Cpanel | 1 Cpanel | 2026-06-17 | 2.1 LOW | 3.3 LOW |
| cPanel before 66.0.2 allows demo accounts to create databases and users (SEC-271). | |||||
| CVE-2017-18416 | 1 Cpanel | 1 Cpanel | 2026-06-17 | 3.6 LOW | 5.5 MEDIUM |
| cPanel before 67.9999.103 allows arbitrary file-overwrite operations during a Roundcube SQLite schema update (SEC-303). | |||||