Total
4201 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-35775 | 2026-06-17 | N/A | 5.9 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting'), Improper Authentication vulnerability in Soliloquy Team Slider by Soliloquy allows Cross-Site Scripting (XSS).This issue affects Slider by Soliloquy: from n/a through 2.7.6. | |||||
| CVE-2024-35670 | 1 Softlabbd | 1 Integrate Google Drive | 2026-06-17 | N/A | 5.3 MEDIUM |
| Broken Authentication vulnerability in SoftLab Integrate Google Drive.This issue affects Integrate Google Drive: from n/a through 1.3.93. | |||||
| CVE-2024-35248 | 1 Microsoft | 1 Dynamics 365 Business Central | 2026-06-17 | N/A | 7.3 HIGH |
| Microsoft Dynamics 365 Business Central Elevation of Privilege Vulnerability | |||||
| CVE-2024-35184 | 2026-06-17 | N/A | 5.5 MEDIUM | ||
| Paperless-ngx is a document management system that transforms physical documents into a searchable online archive. Starting in version 2.5.0 and prior to version 2.8.6, remote user authentication allows API access even if API access is explicitly disabled. Version 2.8.6 contains a patchc for the issue. | |||||
| CVE-2024-34788 | 1 Ivanti | 1 Endpoint Manager Mobile | 2026-06-17 | N/A | 6.5 MEDIUM |
| An improper authentication vulnerability in web component of EPMM prior to 12.1.0.1 allows a remote malicious user to access potentially sensitive information | |||||
| CVE-2024-34596 | 1 Samsung | 1 Smartthings | 2026-06-17 | N/A | 5.9 MEDIUM |
| Improper authentication in SmartThings prior to version 1.8.17 allows remote attackers to bypass the expiration date for members set by the owner. | |||||
| CVE-2024-34399 | 1 Bmc | 1 Remedy Mid-tier | 2026-06-17 | N/A | 9.8 CRITICAL |
| **UNSUPPORTED WHEN ASSIGNED** An issue was discovered in BMC Remedy Mid Tier 7.6.04. An unauthenticated remote attacker is able to access any user account without using any password. NOTE: This vulnerability only affects products that are no longer supported by the maintainer and the impacted version for this vulnerability is 7.6.04 only. | |||||
| CVE-2024-34340 | 2 Cacti, Fedoraproject | 2 Cacti, Fedora | 2026-06-17 | N/A | 9.1 CRITICAL |
| Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, Cacti calls `compat_password_hash` when users set their password. `compat_password_hash` use `password_hash` if there is it, else use `md5`. When verifying password, it calls `compat_password_verify`. In `compat_password_verify`, `password_verify` is called if there is it, else use `md5`. `password_verify` and `password_hash` are supported on PHP < 5.5.0, following PHP manual. The vulnerability is in `compat_password_verify`. Md5-hashed user input is compared with correct password in database by `$md5 == $hash`. It is a loose comparison, not `===`. It is a type juggling vulnerability. Version 1.2.27 contains a patch for the issue. | |||||
| CVE-2024-34103 | 1 Adobe | 3 Commerce, Commerce Webhooks, Magento | 2026-06-17 | N/A | 8.1 HIGH |
| Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Authentication vulnerability that could result in privilege escalation. An attacker could exploit this vulnerability to gain unauthorized access or elevated privileges within the application. Exploitation of this issue does not require user interaction, but attack complexity is high. | |||||
| CVE-2024-34093 | 1 Archerirm | 1 Archer | 2026-06-17 | N/A | 5.3 MEDIUM |
| An issue was discovered in Archer Platform 6 before 2024.03. There is an X-Forwarded-For Header Bypass vulnerability. An unauthenticated attacker could potentially bypass intended whitelisting when X-Forwarded-For header is enabled. | |||||
| CVE-2024-33110 | 1 Dlink | 2 Dir-845l, Dir-845l Firmware | 2026-06-17 | N/A | 9.1 CRITICAL |
| D-Link DIR-845L router v1.01KRb03 and before is vulnerable to Permission Bypass via the getcfg.php component. | |||||
| CVE-2024-31800 | 1 Gncchome | 2 Gncc C2, Gncc C2 Firmware | 2026-06-17 | N/A | 6.8 MEDIUM |
| Authentication Bypass in GNCC's GC2 Indoor Security Camera 1080P allows an attacker with physical access to gain a privileged command shell via the UART Debugging Port. | |||||
| CVE-2024-30939 | 1 Yealink | 1 Vp59 Firmware | 2026-06-17 | N/A | 6.8 MEDIUM |
| An issue discovered in Yealink VP59 Teams Editions with firmware version 91.15.0.118 allows a physically proximate attacker to gain control of an account via a flaw in the factory reset procedure. | |||||
| CVE-2024-30299 | 1 Adobe | 1 Framemaker Publishing Server | 2026-06-17 | N/A | 10.0 CRITICAL |
| Adobe Framemaker Publishing Server versions 2020.3, 2022.2 and earlier are affected by an Improper Authentication vulnerability that could result in privilege escalation. An attacker could exploit this vulnerability to gain unauthorized access or elevated privileges within the application. Exploitation of this issue does not require user interaction. | |||||
| CVE-2024-2862 | 1 Lg | 1 Lg Led Assistant | 2026-06-17 | N/A | 9.1 CRITICAL |
| This vulnerability allows remote attackers to reset the password of anonymous users without authorization on the affected LG LED Assistant. | |||||
| CVE-2024-2450 | 1 Mattermost | 1 Mattermost Server | 2026-06-17 | N/A | 8.8 HIGH |
| Mattermost versions 8.1.x before 8.1.10, 9.2.x before 9.2.6, 9.3.x before 9.3.2, and 9.4.x before 9.4.3 fail to correctly verify account ownership when switching from email to SAML authentication, allowing an authenticated attacker to take over other user accounts via a crafted switch request under specific conditions. | |||||
| CVE-2024-2112 | 1 10web | 1 Form Maker | 2026-06-17 | N/A | 5.9 MEDIUM |
| The Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.15.22 via the signature functionality. This makes it possible for unauthenticated attackers to extract sensitive data including user signatures. | |||||
| CVE-2024-29849 | 1 Veeam | 1 Veeam Backup \& Replication | 2026-06-17 | N/A | 9.8 CRITICAL |
| Veeam Backup Enterprise Manager allows unauthenticated users to log in as any user to enterprise manager web interface. | |||||
| CVE-2024-29837 | 1 Cs-technologies | 1 Evolution | 2026-06-17 | N/A | 8.8 HIGH |
| The Web interface of Evolution Controller Versions 2.04.560.31.03.2024 and below uses poor session management, allowing for an unauthenticated attacker to access administrator functionality if any other user is already signed in. | |||||
| CVE-2024-29757 | 1 Google | 1 Android | 2026-06-17 | N/A | 7.3 HIGH |
| there is a possible permission bypass due to Debug certs being allowlisted. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
