Total
4361 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-47161 | 1 Microsoft | 1 Defender For Endpoint | 2026-06-17 | N/A | 7.8 HIGH |
| Improper access control in Microsoft Defender for Endpoint allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2025-46889 | 1 Adobe | 1 Experience Manager | 2026-06-17 | N/A | 5.4 MEDIUM |
| Adobe Experience Manager versions 6.5.22 and earlier are affected by an Improper Access Control vulnerability that could result in privilege escalation. A low privileged attacker could leverage this vulnerability to bypass security measures and gain limited unauthorized elevated access. Exploitation of this issue does not require user interaction. | |||||
| CVE-2025-46816 | 2026-06-17 | N/A | 9.4 CRITICAL | ||
| goshs is a SimpleHTTPServer written in Go. Starting in version 0.3.4 and prior to version 1.0.5, running goshs without arguments makes it possible for anyone to execute commands on the server. The function `dispatchReadPump` does not checks the option cli `-c`, thus allowing anyone to execute arbitrary command through the use of websockets. Version 1.0.5 fixes the issue. | |||||
| CVE-2025-46691 | 1 Dell | 1 Premiercolor | 2026-06-17 | N/A | 7.8 HIGH |
| Dell PremierColor Panel Driver, versions prior to 1.0.0.1 A01, contains an Improper Access Control vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of Privileges. | |||||
| CVE-2025-46635 | 1 Tenda | 2 Rx2 Pro, Rx2 Pro Firmware | 2026-06-17 | N/A | 7.1 HIGH |
| An issue was discovered on Tenda RX2 Pro 16.03.30.14 devices. Improper network isolation between the guest Wi-Fi network and other network interfaces on the router allows an attacker (who is authenticated to the guest Wi-Fi) to access resources on the router and/or resources and devices on other networks hosted by the router by configuring a static IP address (within the non-guest subnet) on their host. | |||||
| CVE-2025-46629 | 1 Tenda | 2 Rx2 Pro, Rx2 Pro Firmware | 2026-06-17 | N/A | 6.5 MEDIUM |
| Lack of access controls in the 'ate' management binary of the Tenda RX2 Pro 16.03.30.14 allows an unauthenticated remote attacker to perform unauthorized configuration changes for any router where 'ate' has been enabled by sending a crafted UDP packet | |||||
| CVE-2025-46628 | 1 Tenda | 2 Rx2 Pro, Rx2 Pro Firmware | 2026-06-17 | N/A | 7.3 HIGH |
| Lack of input validation/sanitization in the 'ate' management service in the Tenda RX2 Pro 16.03.30.14 allows an unauthorized remote attacker to gain root shell access to the device by sending a crafted UDP packet to the 'ate' service when it is enabled. Authentication is not needed. | |||||
| CVE-2025-46619 | 2 Couchbase, Microsoft | 2 Couchbase Server, Windows | 2026-06-17 | N/A | 7.6 HIGH |
| A security issue has been discovered in Couchbase Server before 7.6.4 and fixed in v.7.6.4 and v.7.2.7 for Windows that could allow unauthorized access to sensitive files. Depending on the level of privileges, this vulnerability may grant access to files such as /etc/passwd or /etc/shadow. | |||||
| CVE-2025-46608 | 1 Dell | 1 Data Lakehouse | 2026-06-17 | N/A | 9.1 CRITICAL |
| Dell Data Lakehouse, versions prior to 1.6.0.0, contain(s) an Improper Access Control vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Elevation of privileges. This vulnerability is considered Critical, as it may result in unauthorized access with elevated privileges, compromising system integrity and customer data. Dell recommends customers upgrade to the latest version at the earliest opportunity. | |||||
| CVE-2025-46589 | 1 Huawei | 1 Harmonyos | 2026-06-17 | N/A | 4.4 MEDIUM |
| Vulnerability of unauthorized access in the app lock module Impact: Successful exploitation of this vulnerability will affect integrity and confidentiality. | |||||
| CVE-2025-46588 | 1 Huawei | 1 Harmonyos | 2026-06-17 | N/A | 4.4 MEDIUM |
| Vulnerability of unauthorized access in the app lock module Impact: Successful exploitation of this vulnerability will affect integrity and confidentiality. | |||||
| CVE-2025-46566 | 1 Dataease | 1 Dataease | 2026-06-17 | N/A | 9.8 CRITICAL |
| DataEase is an open-source BI tool alternative to Tableau. Prior to version 2.10.9, authenticated users can complete RCE through the backend JDBC link. This issue has been patched in version 2.10.9. | |||||
| CVE-2025-46552 | 2026-06-17 | N/A | N/A | ||
| KHC-INVITATION-AUTOMATION is a GitHub automation script that automatically invites followers of a bot account to join your organization. In some commits on version 1.2, a vulnerability was identified where user data, including email addresses and Discord usernames, were exposed in API responses without proper access controls. This allowed unauthorized users to access sensitive user information by directly calling specific endpoints. This issue has been patched in a later commit on version 1.2. | |||||
| CVE-2025-46391 | 2026-06-17 | N/A | 6.5 MEDIUM | ||
| CWE-284: Improper Access Control | |||||
| CVE-2025-46362 | 1 Dell | 1 Alienware Command Center | 2026-06-17 | N/A | 6.6 MEDIUM |
| Dell Alienware Command Center 6.x (AWCC), versions prior to 6.10.15.0, contain an Improper Access Control vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information Tampering. | |||||
| CVE-2025-46331 | 1 Openfga | 2 Helm Charts, Openfga | 2026-06-17 | N/A | 9.8 CRITICAL |
| OpenFGA is a high-performance and flexible authorization/permission engine built for developers and inspired by Google Zanzibar. OpenFGA v1.8.10 to v1.3.6 (Helm chart <= openfga-0.2.28, docker <= v.1.8.10) are vulnerable to authorization bypass when certain Check and ListObject calls are executed. This issue has been patched in version 1.8.11. | |||||
| CVE-2025-46315 | 1 Apple | 1 Macos | 2026-06-17 | N/A | 7.5 HIGH |
| A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Tahoe 26.1. An app may be able to access protected user data. | |||||
| CVE-2025-46308 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2026-06-17 | N/A | 5.3 MEDIUM |
| An authorization issue was addressed with improved state management. This issue is fixed in iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4. An app may be able to leak sensitive user information. | |||||
| CVE-2025-46307 | 1 Apple | 1 Macos | 2026-06-17 | N/A | 5.5 MEDIUM |
| A logic issue was addressed with improved restrictions. This issue is fixed in macOS Tahoe 26. An app may be able to access sensitive user data. | |||||
| CVE-2025-46299 | 1 Apple | 7 Ipados, Iphone Os, Macos and 4 more | 2026-06-17 | N/A | 4.3 MEDIUM |
| A memory initialization issue was addressed with improved memory handling. This issue is fixed in Safari 26.2, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, tvOS 26.2, visionOS 26.2, watchOS 26.2. Processing maliciously crafted web content may disclose internal states of the app. | |||||