Total
676 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-57618 | 1 Monetdb | 1 Monetdb | 2026-06-17 | N/A | 7.5 HIGH |
| An issue in the bind_col_exp component of MonetDB Server v11.47.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | |||||
| CVE-2024-57493 | 1 Redox-os | 1 Redox | 2026-06-17 | N/A | 5.5 MEDIUM |
| An issue in redoxOS relibc before commit 98aa4ea5 allows a local attacker to cause a denial of service via the setsockopt function. | |||||
| CVE-2024-56757 | 1 Linux | 1 Linux Kernel | 2026-06-17 | N/A | 5.5 MEDIUM |
| In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btusb: mediatek: add intf release flow when usb disconnect MediaTek claim an special usb intr interface for ISO data transmission. The interface need to be released before unregistering hci device when usb disconnect. Removing BT usb dongle without properly releasing the interface may cause Kernel panic while unregister hci device. | |||||
| CVE-2024-55553 | 2026-06-17 | N/A | 7.5 HIGH | ||
| In FRRouting (FRR) before 10.3 from 6.0 onward, all routes are re-validated if the total size of an update received via RTR exceeds the internal socket's buffer size, default 4K on most OSes. An attacker can use this to trigger re-parsing of the RIB for FRR routers using RTR by causing more than this number of updates during an update interval (usually 30 minutes). Additionally, this effect regularly occurs organically. Furthermore, an attacker can use this to trigger route validation continuously. Given that routers with large full tables may need more than 30 minutes to fully re-validate the table, continuous issuance/withdrawal of large numbers of ROA may be used to impact the route handling performance of all FRR instances using RPKI globally. Additionally, the re-validation will cause heightened BMP traffic to ingestors. Fixed Versions: 10.0.3, 10.1.2, 10.2.1, >= 10.3. | |||||
| CVE-2024-51179 | 1 Open5gs | 1 Open5gs | 2026-06-17 | N/A | 7.5 HIGH |
| An issue in Open 5GS v.2.7.1 allows a remote attacker to cause a denial of service via the Network Function Virtualizations (NFVs) such as the User Plane Function (UPF) and the Session Management Function (SMF), The Packet Data Unit (PDU) session establishment process. | |||||
| CVE-2024-4791 | 2026-06-17 | 7.8 HIGH | 7.5 HIGH | ||
| A vulnerability classified as critical was found in Contemporary Control System BASrouter BACnet BASRT-B 2.7.2. This vulnerability affects unknown code of the component Application Protocol Data Unit. The manipulation leads to denial of service. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-263890 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-4292 | 2026-06-17 | 6.1 MEDIUM | 6.5 MEDIUM | ||
| A vulnerability classified as critical has been found in Contemporary Controls BASrouter BACnet BASRT-B 2.7.2. Affected is an unknown function of the component Device-Communication-Control Service. The manipulation with the input 55ff0500370015f30104025506110afb7519035d0841e4bece257b6acfc71f leads to denial of service. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-262224. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-4013 | 2026-06-17 | N/A | 5.6 MEDIUM | ||
| A bug exists in the API, mesh_node_power_off(), which fails to copy the contents of the Replay Protection List (RPL) from RAM to NVM before powering down, resulting in the ability to replay unsaved messages. Note that as of June 2024, the Gecko SDK was renamed to the Simplicity SDK, and the versioning scheme was changed from Gecko SDK vX.Y.Z to Simplicity SDK YYYY.MM.Patch#. | |||||
| CVE-2024-47972 | 2026-06-17 | N/A | 4.0 MEDIUM | ||
| Improper resource management in firmware of some Solidigm DC Products may allow an attacker to potentially control the performance of the resource. | |||||
| CVE-2024-47213 | 1 Snowplow | 1 Enrich | 2026-06-17 | N/A | 7.5 HIGH |
| An issue was discovered affecting Enrich 5.1.0 and below. It involves sending a maliciously crafted Snowplow event to the pipeline. Upon receiving this event and trying to validate it, Enrich crashes and attempts to restart indefinitely. As a result, event processing would be halted. | |||||
| CVE-2024-46752 | 1 Linux | 1 Linux Kernel | 2026-06-17 | N/A | 5.5 MEDIUM |
| In the Linux kernel, the following vulnerability has been resolved: btrfs: replace BUG_ON() with error handling at update_ref_for_cow() Instead of a BUG_ON() just return an error, log an error message and abort the transaction in case we find an extent buffer belonging to the relocation tree that doesn't have the full backref flag set. This is unexpected and should never happen (save for bugs or a potential bad memory). | |||||
| CVE-2024-45182 | 2 Microsoft, Wibu | 2 Windows, Wibukey | 2026-06-17 | N/A | 5.5 MEDIUM |
| An issue was discovered in WibuKey64.sys in WIBU-SYSTEMS WibuKey before v6.70 and fixed in v.6.70 An improper bounds check allows specially crafted packets to cause an arbitrary address read, resulting in Denial of Service. | |||||
| CVE-2024-44201 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2026-06-17 | N/A | 5.5 MEDIUM |
| The issue was addressed with improved memory handling. This issue is fixed in iOS 18.1 and iPadOS 18.1, iPadOS 17.7.3, macOS Sequoia 15.1, macOS Sonoma 14.7.2, macOS Ventura 13.7.2. Processing a malicious crafted file may lead to a denial-of-service. | |||||
| CVE-2024-3764 | 2026-06-17 | 3.3 LOW | 2.7 LOW | ||
| ** DISPUTED ** A vulnerability classified as problematic has been found in Tuya SDK up to 5.0.x. Affected is an unknown function of the component MQTT Packet Handler. The manipulation leads to denial of service. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. Upgrading to version 5.1.0 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-260604. NOTE: The vendor explains that a malicious actor would have to crack TLS first or use a legitimate login to initiate the attack. | |||||
| CVE-2024-3652 | 1 Libreswan | 1 Libreswan | 2026-06-17 | N/A | 6.5 MEDIUM |
| The Libreswan Project was notified of an issue causing libreswan to restart when using IKEv1 without specifying an esp= line. When the peer requests AES-GMAC, libreswan's default proposal handler causes an assertion failure and crashes and restarts. IKEv2 connections are not affected. | |||||
| CVE-2024-39721 | 1 Ollama | 1 Ollama | 2026-06-17 | N/A | 7.5 HIGH |
| An issue was discovered in Ollama before 0.1.34. The CreateModelHandler function uses os.Open to read a file until completion. The req.Path parameter is user-controlled and can be set to /dev/random, which is blocking, causing the goroutine to run infinitely (even after the HTTP request is aborted by the client). | |||||
| CVE-2024-38271 | 1 Google | 1 Nearby | 2026-06-17 | N/A | 4.8 MEDIUM |
| There exists a vulnerability in Quick Share/Nearby, where an attacker can force a victim to stay connected to a temporary hotspot created for the sharing. As part of the sequence of packets in a Quick Share connection over Bluetooth, the attacker forces the victim to connect to the attacker’s WiFi network and then sends an OfflineFrame that crashes Quick Share. This makes the Wifi connection to the attacker’s network last, instead of returning to the old network when the Quick Share session completes, allowing the attacker to be a MiTM. We recommend upgrading to version 1.0.1724.0 of Quick Share or above | |||||
| CVE-2024-36856 | 2026-06-17 | N/A | 7.5 HIGH | ||
| RMQTT Broker 0.4.0 is vulnerable to Denial of Service (DoS) due to improper session resource management. An attacker can exhaust system memory and crash the daemon by establishing and maintaining a vast number of long-lived malicious publish/subscribe sessions. | |||||
| CVE-2024-33844 | 1 Parrot | 1 Anafi Firmware | 2026-06-17 | N/A | 7.5 HIGH |
| The 'control' in Parrot ANAFI USA firmware 1.10.4 does not check the MAV_MISSION_TYPE(0, 1, 2, 255), which allows attacker to cut off the connection between a controller and the drone by sending MAVLink MISSION_COUNT command with a wrong MAV_MISSION_TYPE. | |||||
| CVE-2024-31611 | 1 Seacms | 1 Seacms | 2026-06-17 | N/A | 9.1 CRITICAL |
| SeaCMS 12.9 has a file deletion vulnerability via admin_template.php. | |||||