Total
2925 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-29766 | 1 Appcrossx | 1 Crossx | 2026-06-17 | N/A | 7.8 HIGH |
| An issue found in CrossX v.1.15.3 for Android allows a local attacker to cause an escalation of Privileges via the database files. | |||||
| CVE-2023-29761 | 1 Urbanandroid | 1 Sleep | 2026-06-17 | N/A | 5.5 MEDIUM |
| An issue found in Sleep v.20230303 for Android allows unauthorized apps to cause a persistent denial of service by manipulating the SharedPreference files. | |||||
| CVE-2023-29759 | 1 Flightaware | 1 Flightaware | 2026-06-17 | N/A | 5.5 MEDIUM |
| An issue found in FlightAware v.5.8.0 for Android allows unauthorized apps to cause a persistent denial of service by manipulating the database files. | |||||
| CVE-2023-29758 | 1 Leap | 1 Blue Light Filter | 2026-06-17 | N/A | 5.5 MEDIUM |
| An issue found in Blue Light Filter v.1.5.5 for Android allows unauthorized apps to cause a persistent denial of service by manipulating the SharedPreference files. | |||||
| CVE-2023-29752 | 1 Ekatox | 1 Facemoji Emoji Keyboard | 2026-06-17 | N/A | 7.8 HIGH |
| An issue found in Facemoji Emoji Keyboard v.2.9.1.2 for Android allows unauthorized apps to cause escalation of privilege attacks by manipulating the component. | |||||
| CVE-2023-29708 | 1 Wavlink | 1 Wavrouter App | 2026-06-17 | N/A | 7.5 HIGH |
| An issue was discovered in /cgi-bin/adm.cgi in WavLink WavRouter version RPT70HA1.x, allows attackers to force a factory reset via crafted payload. | |||||
| CVE-2023-29656 | 1 Darktrace | 1 Threat Visualizer | 2026-06-17 | N/A | 6.1 MEDIUM |
| An improper authorization vulnerability in Darktrace mobile app (Android) prior to version 6.0.15 allows disabled and low-privilege users to control "antigena" actions(block/unblock traffic) from the mobile application. This vulnerability could create a "shutdown", blocking all ingress or egress traffic in the entire infrastructure where darktrace agents are deployed. | |||||
| CVE-2023-29484 | 1 Terminalfour | 1 Terminalfour | 2026-06-17 | N/A | 6.5 MEDIUM |
| In Terminalfour before 8.3.16, misconfigured LDAP users are able to login with an invalid password. | |||||
| CVE-2023-29381 | 1 Zimbra | 1 Collaboration | 2026-06-17 | N/A | 9.8 CRITICAL |
| An issue in Zimbra Collaboration (ZCS) v.8.8.15 and v.9.0 allows a remote attacker to escalate privileges and obtain sensitive information via the password and 2FA parameters. | |||||
| CVE-2023-29296 | 1 Adobe | 2 Commerce, Magento | 2026-06-17 | N/A | 4.3 MEDIUM |
| Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. A low-privileged attacker could leverage this vulnerability to modify a minor functionality of another user's data. Exploitation of this issue does not require user interaction. | |||||
| CVE-2023-29295 | 1 Adobe | 2 Commerce, Magento | 2026-06-17 | N/A | 4.3 MEDIUM |
| Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass a minor functionality. Exploitation of this issue does not require user interaction. | |||||
| CVE-2023-29288 | 1 Adobe | 2 Commerce, Magento | 2026-06-17 | N/A | 4.3 MEDIUM |
| Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. A privileged attacker could leverage this vulnerability to modify a minor functionality of another user's data. Exploitation of this issue does not require user interaction. | |||||
| CVE-2023-29240 | 1 F5 | 1 Big-iq Centralized Management | 2026-06-17 | N/A | 5.4 MEDIUM |
| An authenticated attacker granted a Viewer or Auditor role on a BIG-IQ can upload arbitrary files using an undisclosed iControl REST endpoint. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | |||||
| CVE-2023-28714 | 2 Intel, Microsoft | 2 Proset\/wireless Wifi, Windows | 2026-06-17 | N/A | 8.2 HIGH |
| Improper access control in firmware for some Intel(R) PROSet/Wireless WiFi software for Windows before version 22.220 HF (Hot Fix) may allow a privileged user to potentially enable escalation of privilege via local access. | |||||
| CVE-2023-28698 | 1 Wddgroup | 1 Fantsy | 2026-06-17 | N/A | 9.8 CRITICAL |
| Wade Graphic Design FANTSY has a vulnerability of insufficient authorization check. An unauthenticated remote user can exploit this vulnerability by modifying URL parameters to gain administrator privileges to perform arbitrary system operation or disrupt service. | |||||
| CVE-2023-28635 | 1 Vantage6 | 1 Vantage6 | 2026-06-17 | N/A | 5.4 MEDIUM |
| vantage6 is privacy preserving federated learning infrastructure. Prior to version 4.0.0, malicious users may try to get access to resources they are not allowed to see, by creating resources with integers as names. One example where this is a risk, is when users define which users are allowed to run algorithms on their node. This may be defined by username or user id. Now, for example, if user id 13 is allowed to run tasks, and an attacker creates a username with username '13', they would be wrongly allowed to run an algorithm. There may also be other places in the code where such a mixup of resource ID or name leads to issues. Version 4.0.0 contains a patch for this issue. The best solution is to check when resources are created or modified, that the resource name always starts with a character. | |||||
| CVE-2023-28634 | 1 Glpi-project | 1 Glpi | 2026-06-17 | N/A | 8.8 HIGH |
| GLPI is a free asset and IT management software package. Starting in version 0.83 and prior to versions 9.5.13 and 10.0.7, a user who has the Technician profile could see and generate a Personal token for a Super-Admin. Using such token it is possible to negotiate a GLPI session and hijack the Super-Admin account, resulting in a Privilege Escalation. Versions 9.5.13 and 10.0.7 contain a patch for this issue. | |||||
| CVE-2023-28611 | 1 Omicronenergy | 2 Stationguard, Stationscout | 2026-06-17 | N/A | 9.8 CRITICAL |
| Incorrect authorization in OMICRON StationGuard 1.10 through 2.20 and StationScout 1.30 through 2.20 allows an attacker to bypass intended access restrictions. | |||||
| CVE-2023-28468 | 1 Insyde | 1 Kernel | 2026-06-17 | N/A | 6.5 MEDIUM |
| An issue was discovered in FvbServicesRuntimeDxe in Insyde InsydeH2O with kernel 5.0 through 5.5. The FvbServicesRuntimeDxe SMM module exposes an SMI handler that allows an attacker to interact with the SPI flash at run-time from the OS. | |||||
| CVE-2023-28357 | 1 Rocket.chat | 1 Rocket.chat | 2026-06-17 | N/A | 4.3 MEDIUM |
| A vulnerability has been identified in Rocket.Chat, where the ACL checks in the Slash Command /mute occur after checking whether a user is a member of a given channel, leaking private channel members to unauthorized users. This allows authenticated users to enumerate whether a username is a member of a channel that they do not have access to. | |||||