Total
2287 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-40404 | 1 Cybelesoft | 1 Thinfinity Workspace | 2026-06-17 | N/A | 9.8 CRITICAL |
| Cybele Software Thinfinity Workspace before v7.0.2.113 was discovered to contain an access control issue in the API endpoint where Web Sockets connections are established. | |||||
| CVE-2024-40091 | 1 Viloliving | 2 Vilo 5, Vilo 5 Firmware | 2026-06-17 | N/A | 5.3 MEDIUM |
| Vilo 5 Mesh WiFi System <= 5.16.1.33 lacks authentication in the Boa webserver, which allows remote, unauthenticated attackers to retrieve logs with sensitive system. | |||||
| CVE-2024-40087 | 1 Viloliving | 2 Vilo 5, Vilo 5 Firmware | 2026-06-17 | N/A | 9.6 CRITICAL |
| Vilo 5 Mesh WiFi System <= 5.16.1.33 is vulnerable to Insecure Permissions. Lack of authentication in the custom TCP service on port 5432 allows remote, unauthenticated attackers to gain administrative access over the router. | |||||
| CVE-2024-3777 | 1 Ai3 | 1 Qbibot | 2026-06-17 | N/A | 9.8 CRITICAL |
| The password reset feature of Ai3 QbiBot lacks proper access control, allowing unauthenticated remote attackers to reset any user's password. | |||||
| CVE-2024-3774 | 1 Aenrich | 1 A\+hrd | 2026-06-17 | N/A | 5.3 MEDIUM |
| aEnrich Technology a+HRD's functionality for front-end retrieval of system configuration values lacks proper restrictions on a specific parameter, allowing attackers to modify this parameter to access certain sensitive system configuration values. | |||||
| CVE-2024-3701 | 1 Tecno | 1 Hios | 2026-06-17 | N/A | 9.8 CRITICAL |
| The system application (com.transsion.kolun.aiservice) component does not perform an authentication check, which allows attackers to perform malicious exploitations and affect system services. | |||||
| CVE-2024-3661 | 9 Apple, Cisco, Citrix and 6 more | 12 Iphone Os, Macos, Anyconnect Vpn Client and 9 more | 2026-06-17 | N/A | 7.6 HIGH |
| DHCP can add routes to a client’s routing table via the classless static route option (121). VPN-based security solutions that rely on routes to redirect traffic can be forced to leak traffic over the physical interface. An attacker on the same local network can read, disrupt, or possibly modify network traffic that was expected to be protected by the VPN. | |||||
| CVE-2024-3281 | 1 Hp | 6 Poly Ccx 350, Poly Ccx 400, Poly Ccx 500 and 3 more | 2026-06-17 | N/A | 8.8 HIGH |
| A vulnerability was discovered in the firmware builds after 8.0.2.3267 and prior to 8.1.3.1301 in CCX devices. A flaw in the firmware build process did not properly restrict access to a resource from an unauthorized actor. | |||||
| CVE-2024-3279 | 1 Mintplexlabs | 1 Anythingllm | 2026-06-17 | N/A | 9.1 CRITICAL |
| An improper access control vulnerability exists in the mintplex-labs/anything-llm application, specifically within the import endpoint. This vulnerability allows an anonymous attacker, without an account in the application, to import their own database file, leading to the deletion or spoofing of the existing `anythingllm.db` file. By exploiting this vulnerability, attackers can serve malicious data to users or collect information about them. The vulnerability stems from the application's failure to properly restrict access to the data-import functionality, allowing unauthorized database manipulation. | |||||
| CVE-2024-3219 | 2026-06-17 | N/A | N/A | ||
| The “socket” module provides a pure-Python fallback to the socket.socketpair() function for platforms that don’t support AF_UNIX, such as Windows. This pure-Python implementation uses AF_INET or AF_INET6 to create a local connected pair of sockets. The connection between the two sockets was not verified before passing the two sockets back to the user, which leaves the server socket vulnerable to a connection race from a malicious local peer. Platforms that support AF_UNIX such as Linux and macOS are not affected by this vulnerability. Versions prior to CPython 3.5 are not affected due to the vulnerable API not being included. | |||||
| CVE-2024-39773 | 1 Wavlink | 2 Wl-wn533a8, Wl-wn533a8 Firmware | 2026-06-17 | N/A | 5.3 MEDIUM |
| An information disclosure vulnerability exists in the testsave.sh functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to a disclosure of sensitive information. An attacker can send an HTTP request to trigger this vulnerability. | |||||
| CVE-2024-39707 | 2026-06-17 | N/A | 5.3 MEDIUM | ||
| Insyde IHISI function 0x49 can restore factory defaults for certain UEFI variables without further authentication by default, which could lead to a possible roll-back attack in certain platforms. This is fixed in: kernel 5.2, version 05.29.19; kernel 5.3, version 05.38.19; kernel 5.4, version 05.46.19; kernel 5.5, version 05.54.19; kernel 5.6, version 05.61.19. | |||||
| CVE-2024-39608 | 1 Wavlink | 2 Wl-wn533a8, Wl-wn533a8 Firmware | 2026-06-17 | N/A | 10.0 CRITICAL |
| A firmware update vulnerability exists in the login.cgi functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary firmware update. An attacker can send an unauthenticated message to trigger this vulnerability. | |||||
| CVE-2024-39601 | 2026-06-17 | N/A | 6.5 MEDIUM | ||
| A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions < V5.40), SICORE Base system (All versions < V1.4.0). Affected devices allow a remote authenticated user or an unauthenticated user with physical access to downgrade the firmware of the device. This could allow an attacker to downgrade the device to older versions with known vulnerabilities. | |||||
| CVE-2024-39364 | 2026-06-17 | N/A | 6.3 MEDIUM | ||
| Advantech ADAM-5630 has built-in commands that can be executed without authenticating the user. These commands allow for restarting the operating system, rebooting the hardware, and stopping the execution. The commands can be sent to a simple HTTP request and are executed by the device automatically, without discrimination of origin or level of privileges of the user sending the commands. | |||||
| CVE-2024-39300 | 1 Elecom | 2 Wab-i1750-ps, Wab-i1750-ps Firmware | 2026-06-17 | N/A | 3.7 LOW |
| Missing authentication vulnerability exists in Telnet function of WAB-I1750-PS v1.5.10 and earlier. When Telnet function of the product is enabled, a remote attacker may login to the product without authentication and alter the product's settings. | |||||
| CVE-2024-39273 | 1 Wavlink | 2 Wl-wn533a8, Wl-wn533a8 Firmware | 2026-06-17 | N/A | 9.0 CRITICAL |
| A firmware update vulnerability exists in the fw_check.sh functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary firmware update. An attacker can perform a man-in-the-middle attack to trigger this vulnerability. | |||||
| CVE-2024-38643 | 1 Qnap | 1 Notes Station 3 | 2026-06-17 | N/A | 9.8 CRITICAL |
| A missing authentication for critical function vulnerability has been reported to affect Notes Station 3. If exploited, the vulnerability could allow remote attackers to gain access to and execute certain functions. We have already fixed the vulnerability in the following version: Notes Station 3 3.9.7 and later | |||||
| CVE-2024-38437 | 1 Dlink | 2 Dsl-225, Dsl-225 Firmware | 2026-06-17 | N/A | 9.8 CRITICAL |
| D-Link - CWE-288:Authentication Bypass Using an Alternate Path or Channel | |||||
| CVE-2024-38279 | 1 Motorola | 2 Vigilant Fixed Lpr Coms Box, Vigilant Fixed Lpr Coms Box Firmware | 2026-06-17 | N/A | 4.6 MEDIUM |
| The affected product is vulnerable to an attacker modifying the bootloader by using custom arguments to bypass authentication and gain access to the file system and obtain password hashes. | |||||