Total
2925 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-1156 | 1 Emerson | 8 Data Record Ad, Flexlogger, G Web Development Software and 5 more | 2026-06-17 | N/A | 7.8 HIGH |
| Incorrect directory permissions for the shared NI RabbitMQ service may allow a local authenticated user to read RabbitMQ configuration information and potentially enable escalation of privileges. | |||||
| CVE-2024-1155 | 1 Emerson | 8 Data Record Ad, Flexlogger, G Web Development Software and 5 more | 2026-06-17 | N/A | 7.8 HIGH |
| Incorrect permissions in the installation directories for shared SystemLink Elixir based services may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2024-13947 | 2026-06-17 | N/A | 6.0 MEDIUM | ||
| Device commissioning parameters in ASPECT may be modified by an external source if administrative credentials become compromisedThis issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*. | |||||
| CVE-2024-13302 | 1 Ciandt | 1 Pages Restriction Access | 2026-06-17 | N/A | 5.3 MEDIUM |
| Incorrect Authorization vulnerability in Drupal Pages Restriction Access allows Forceful Browsing.This issue affects Pages Restriction Access: from 2.0.0 before 2.0.3. | |||||
| CVE-2024-13291 | 1 Basic Http Authentication Project | 1 Basic Http Authentication | 2026-06-17 | N/A | 7.3 HIGH |
| Incorrect Authorization vulnerability in Drupal Basic HTTP Authentication allows Forceful Browsing.This issue affects Basic HTTP Authentication: from 7.X-1.0 before 7.X-1.4. | |||||
| CVE-2024-13290 | 1 Ohdear | 1 Ohdear Integration | 2026-06-17 | N/A | 5.3 MEDIUM |
| Incorrect Authorization vulnerability in Drupal OhDear Integration allows Forceful Browsing.This issue affects OhDear Integration: from 0.0.0 before 2.0.4. | |||||
| CVE-2024-13282 | 1 Block Permissions Project | 1 Block Permissions | 2026-06-17 | N/A | 8.8 HIGH |
| Incorrect Authorization vulnerability in Drupal Block permissions allows Forceful Browsing.This issue affects Block permissions: from 1.0.0 before 1.2.0. | |||||
| CVE-2024-13281 | 1 Monster Menus Project | 1 Monster Menus | 2026-06-17 | N/A | 9.1 CRITICAL |
| Incorrect Authorization vulnerability in Drupal Monster Menus allows Forceful Browsing.This issue affects Monster Menus: from 0.0.0 before 9.3.2. | |||||
| CVE-2024-13278 | 1 Diff Project | 1 Diff | 2026-06-17 | N/A | 9.1 CRITICAL |
| Incorrect Authorization vulnerability in Drupal Diff allows Functionality Misuse.This issue affects Diff: from 0.0.0 before 1.8.0. | |||||
| CVE-2024-13277 | 1 Smart Ip Ban Project | 1 Smart Ip Ban | 2026-06-17 | N/A | 9.1 CRITICAL |
| Incorrect Authorization vulnerability in Drupal Smart IP Ban allows Forceful Browsing.This issue affects Smart IP Ban: from 7.X-1.0 before 7.X-1.1. | |||||
| CVE-2024-13271 | 1 Content Entity Clone Project | 1 Content Entity Clone | 2026-06-17 | N/A | 4.3 MEDIUM |
| Incorrect Authorization vulnerability in Drupal Content Entity Clone allows Forceful Browsing.This issue affects Content Entity Clone: from 0.0.0 before 1.0.4. | |||||
| CVE-2024-13270 | 1 Freelinking Project | 1 Freelinking | 2026-06-17 | N/A | 4.3 MEDIUM |
| Incorrect Authorization vulnerability in Drupal Freelinking allows Forceful Browsing.This issue affects Freelinking: from 0.0.0 before 4.0.1. | |||||
| CVE-2024-13266 | 1 Responsive And Off-canvas Menu Project | 1 Responsive And Off-canvas Menu | 2026-06-17 | N/A | 5.3 MEDIUM |
| Incorrect Authorization vulnerability in Drupal Responsive and off-canvas menu allows Forceful Browsing.This issue affects Responsive and off-canvas menu: from 0.0.0 before 4.4.4. | |||||
| CVE-2024-13258 | 1 Rest \& Json Api Authentication Project | 1 Rest \& Json Api Authentication | 2026-06-17 | N/A | 9.8 CRITICAL |
| Incorrect Authorization vulnerability in Drupal Drupal REST & JSON API Authentication allows Forceful Browsing.This issue affects Drupal REST & JSON API Authentication: from 0.0.0 before 2.0.13. | |||||
| CVE-2024-13257 | 1 Commerce View Receipt Project | 1 Commerce View Receipt | 2026-06-17 | N/A | 5.3 MEDIUM |
| Incorrect Authorization vulnerability in Drupal Commerce View Receipt allows Forceful Browsing.This issue affects Commerce View Receipt: from 0.0.0 before 1.0.3. | |||||
| CVE-2024-13253 | 1 Advanced Pwa Inc Push Notifications Project | 1 Advanced Pwa Inc Push Notifications | 2026-06-17 | N/A | 9.1 CRITICAL |
| Incorrect Authorization vulnerability in Drupal Advanced PWA inc Push Notifications allows Forceful Browsing.This issue affects Advanced PWA inc Push Notifications: from 0.0.0 before 1.5.0. | |||||
| CVE-2024-12862 | 2026-06-17 | N/A | N/A | ||
| Incorrect Authorization vulnerability in the OpenText Content Server REST API on Windows, Linux allows users without the appropriate permissions to remove external collaborators.This issue affects Content Server: 20.2-24.4. | |||||
| CVE-2024-12831 | 1 Arista | 1 Ng Firewall | 2026-06-17 | N/A | 7.8 HIGH |
| Arista NG Firewall uvm_login Incorrect Authorization Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Arista NG Firewall. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the uvm_login module. The issue results from incorrect authorization. An attacker can leverage this to escalate privileges to resources normally protected from the user. Was ZDI-CAN-24324. | |||||
| CVE-2024-12539 | 1 Elastic | 1 Elasticsearch | 2026-06-17 | N/A | 6.5 MEDIUM |
| An issue was discovered where improper authorization controls affected certain queries that could allow a malicious actor to circumvent Document Level Security in Elasticsearch and get access to documents that their roles would normally not allow. | |||||
| CVE-2024-12247 | 1 Mattermost | 1 Mattermost Server | 2026-06-17 | N/A | 4.6 MEDIUM |
| Mattermost versions 9.7.x <= 9.7.5, 9.8.x <= 9.8.2 and 9.9.x <= 9.9.2 fail to properly propagate permission scheme updates across cluster nodes which allows a user to keep old permissions, even if the permission scheme has been updated. | |||||