Total
2371 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-42462 | 1 Upkeeper | 1 Upkeeper Manager | 2026-06-17 | N/A | 9.8 CRITICAL |
| Improper Authentication vulnerability in upKeeper Solutions product upKeeper Manager allows Authentication Bypass.This issue affects upKeeper Manager: through 5.1.9. | |||||
| CVE-2024-42456 | 1 Veeam | 1 Veeam Backup \& Replication | 2026-06-17 | N/A | 8.8 HIGH |
| A vulnerability in Veeam Backup & Replication platform allows a low-privileged user with a specific role to exploit a method that updates critical configuration settings, such as modifying the trusted client certificate used for authentication on a specific port. This can result in unauthorized access, enabling the user to call privileged methods and initiate critical services. The issue arises due to insufficient permission requirements on the method, allowing users with low privileges to perform actions that should require higher-level permissions. | |||||
| CVE-2024-42455 | 1 Veeam | 1 Veeam Backup \& Replication | 2026-06-17 | N/A | 8.1 HIGH |
| A vulnerability in Veeam Backup & Replication allows a low-privileged user to connect to remoting services and exploit insecure deserialization by sending a serialized temporary file collection. This exploit allows the attacker to delete any file on the system with service account privileges. The vulnerability is caused by an insufficient blacklist during the deserialization process. | |||||
| CVE-2024-42178 | 1 Hcltech | 1 Dryice Myxalytics | 2026-06-17 | N/A | 2.5 LOW |
| HCL MyXalytics is affected by a failure to restrict URL access vulnerability. Unauthenticated users might gain unauthorized access to potentially confidential information, creating a risk of misuse, manipulation, or unauthorized distribution. | |||||
| CVE-2024-42017 | 2026-06-17 | N/A | 10.0 CRITICAL | ||
| An issue was discovered in Atos Eviden iCare 2.7.1 through 2.7.11. The application exposes a web interface locally. In the worst-case scenario, if the application is remotely accessible, it allows an attacker to execute arbitrary commands with system privilege on the endpoint hosting the application, without any authentication. | |||||
| CVE-2024-41988 | 2026-06-17 | N/A | N/A | ||
| TEM Opera Plus FM Family Transmitter allows access to an unprotected endpoint that allows MPFS File System binary image upload without authentication. This file system serves as the basis for the HTTP2 web server module but is also used by the SNMP module and is available to other applications that require basic read-only storage capabilities. This can be exploited to overwrite the flash program memory that holds the web server's main interfaces and execute arbitrary code. | |||||
| CVE-2024-41969 | 2026-06-17 | N/A | 8.8 HIGH | ||
| A low privileged remote attacker may modify the configuration of the CODESYS V3 service through a missing authentication vulnerability which could lead to full system access and/or DoS. | |||||
| CVE-2024-41968 | 2026-06-17 | N/A | 5.4 MEDIUM | ||
| A low privileged remote attacker may modify the docker settings setup of the device, leading to a limited DoS. | |||||
| CVE-2024-41967 | 2026-06-17 | N/A | 8.1 HIGH | ||
| A low privileged remote attacker may modify the boot mode configuration setup of the device, leading to modification of the firmware upgrade process or a denial-of-service attack. | |||||
| CVE-2024-41793 | 1 Siemens | 2 7kt Pac1260 Data Manager, 7kt Pac1260 Data Manager Firmware | 2026-06-17 | N/A | 8.6 HIGH |
| A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manager (All versions). The web interface of affected devices provides an endpoint that allows to enable the ssh service without authentication. This could allow an unauthenticated remote attacker to enable remote access to the device via ssh. | |||||
| CVE-2024-41791 | 1 Siemens | 2 7kt Pac1260 Data Manager, 7kt Pac1260 Data Manager Firmware | 2026-06-17 | N/A | 7.3 HIGH |
| A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manager (All versions). The web interface of affected devices does not authenticate report creation requests. This could allow an unauthenticated remote attacker to read or clear the log files on the device, reset the device or set the date and time. | |||||
| CVE-2024-40717 | 1 Veeam | 1 Veeam Backup \& Replication | 2026-06-17 | N/A | 8.8 HIGH |
| A vulnerability in Veeam Backup & Replication allows a low-privileged user with certain roles to perform remote code execution (RCE) by updating existing jobs. These jobs can be configured to run pre- and post-scripts, which can be located on a network share and are executed with elevated privileges by default. The user can update a job and schedule it to run almost immediately, allowing arbitrary code execution on the server. | |||||
| CVE-2024-40408 | 1 Cybelesoft | 1 Thinfinity Workspace | 2026-06-17 | N/A | 7.3 HIGH |
| Cybele Software Thinfinity Workspace before v7.0.2.113 was discovered to contain an access control issue in the Create Profile section. This vulnerability allows attackers to create arbitrary user profiles with elevated privileges. | |||||
| CVE-2024-40405 | 1 Cybelesoft | 1 Thinfinity Workspace | 2026-06-17 | N/A | 8.1 HIGH |
| Incorrect access control in Cybele Software Thinfinity Workspace before v7.0.3.109 allows attackers to gain access to a secondary broker via a crafted request. | |||||
| CVE-2024-40404 | 1 Cybelesoft | 1 Thinfinity Workspace | 2026-06-17 | N/A | 9.8 CRITICAL |
| Cybele Software Thinfinity Workspace before v7.0.2.113 was discovered to contain an access control issue in the API endpoint where Web Sockets connections are established. | |||||
| CVE-2024-40091 | 1 Viloliving | 2 Vilo 5, Vilo 5 Firmware | 2026-06-17 | N/A | 5.3 MEDIUM |
| Vilo 5 Mesh WiFi System <= 5.16.1.33 lacks authentication in the Boa webserver, which allows remote, unauthenticated attackers to retrieve logs with sensitive system. | |||||
| CVE-2024-40087 | 1 Viloliving | 2 Vilo 5, Vilo 5 Firmware | 2026-06-17 | N/A | 9.6 CRITICAL |
| Vilo 5 Mesh WiFi System <= 5.16.1.33 is vulnerable to Insecure Permissions. Lack of authentication in the custom TCP service on port 5432 allows remote, unauthenticated attackers to gain administrative access over the router. | |||||
| CVE-2024-3777 | 1 Ai3 | 1 Qbibot | 2026-06-17 | N/A | 9.8 CRITICAL |
| The password reset feature of Ai3 QbiBot lacks proper access control, allowing unauthenticated remote attackers to reset any user's password. | |||||
| CVE-2024-3774 | 1 Aenrich | 1 A\+hrd | 2026-06-17 | N/A | 5.3 MEDIUM |
| aEnrich Technology a+HRD's functionality for front-end retrieval of system configuration values lacks proper restrictions on a specific parameter, allowing attackers to modify this parameter to access certain sensitive system configuration values. | |||||
| CVE-2024-3701 | 1 Tecno | 1 Hios | 2026-06-17 | N/A | 9.8 CRITICAL |
| The system application (com.transsion.kolun.aiservice) component does not perform an authentication check, which allows attackers to perform malicious exploitations and affect system services. | |||||