Total
45 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-47125 | 1 Gotenna | 1 Gotenna Pro | 2026-06-17 | N/A | 8.1 HIGH |
| The goTenna Pro App does not authenticate public keys which allows an unauthenticated attacker to manipulate messages. It is advised to update your app to the current release for enhanced encryption protocols. | |||||
| CVE-2024-43571 | 1 Microsoft | 1 Windows 11 24h2 | 2026-06-17 | N/A | 5.6 MEDIUM |
| Sudo for Windows Spoofing Vulnerability | |||||
| CVE-2024-41889 | 1 Pimax | 2 Pitool, Play | 2026-06-17 | N/A | 9.8 CRITICAL |
| Multiple Pimax products accept WebSocket connections from unintended endpoints. If this vulnerability is exploited, arbitrary code may be executed by a remote unauthenticated attacker. | |||||
| CVE-2024-39537 | 1 Juniper | 7 Acx7020, Acx7024, Acx7024x and 4 more | 2026-06-17 | N/A | 6.5 MEDIUM |
| An Improper Restriction of Communication Channel to Intended Endpoints vulnerability in Juniper Networks Junos OS Evolved on ACX 7000 Series allows an unauthenticated, network-based attacker to cause a limited information disclosure and availability impact to the device. Due to a wrong initialization, specific processes which should only be able to communicate internally within the device can be reached over the network via open ports. This issue affects Junos OS Evolved on ACX 7000 Series: * All versions before 21.4R3-S7-EVO, * 22.2-EVO versions before 22.2R3-S4-EVO, * 22.3-EVO versions before 22.3R3-S3-EVO, * 22.4-EVO versions before 22.4R3-S2-EVO, * 23.2-EVO versions before 23.2R2-EVO, * 23.4-EVO versions before 23.4R1-S1-EVO, 23.4R2-EVO. | |||||
| CVE-2024-39271 | 2026-06-17 | N/A | 2.6 LOW | ||
| Improper restriction of communication channel to intended endpoints in some Intel(R) PROSet/Wireless WiFi and Killerâ„¢ WiFi software before version 23.80 may allow an unauthenticated user to potentially enable information disclosure via adjacent access. | |||||
| CVE-2024-36252 | 2026-06-17 | N/A | 6.3 MEDIUM | ||
| Improper restriction of communication channel to intended endpoints issue exists in Ricoh Streamline NX PC Client ver.3.6.x and earlier. If this vulnerability is exploited, arbitrary code may be executed on the PC where the product is installed. | |||||
| CVE-2024-34446 | 2026-06-17 | N/A | 7.5 HIGH | ||
| Mullvad VPN through 2024.1 on Android does not set a DNS server in the blocking state (after a hard failure to create a tunnel), and thus DNS traffic can leave the device. Data showing that the affected device was the origin of sensitive DNS requests may be observed and logged by operators of unintended DNS servers. | |||||
| CVE-2024-26131 | 1 Element | 1 Element | 2026-06-17 | N/A | 8.4 HIGH |
| Element Android is an Android Matrix Client. Element Android version 1.4.3 through 1.6.10 is vulnerable to intent redirection, allowing a third-party malicious application to start any internal activity by passing some extra parameters. Possible impact includes making Element Android display an arbitrary web page, executing arbitrary JavaScript; bypassing PIN code protection; and account takeover by spawning a login screen to send credentials to an arbitrary home server. This issue is fixed in Element Android 1.6.12. There is no known workaround to mitigate the issue. | |||||
| CVE-2024-26013 | 1 Fortinet | 6 Fortianalyzer, Fortimanager, Fortios and 3 more | 2026-06-17 | N/A | 7.5 HIGH |
| A improper restriction of communication channel to intended endpoints vulnerability [CWE-923] in Fortinet FortiOS version 7.4.0 through 7.4.4, 7.2.0 through 7.2.8, 7.0.0 through 7.0.15, 6.4.0 through 6.4.15 and before 6.2.16, Fortinet FortiProxy version 7.4.0 through 7.4.2, 7.2.0 through 7.2.9 and before 7.0.15, Fortinet FortiManager version 7.4.0 through 7.4.2, 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.14 and before 6.2.13, Fortinet FortiAnalyzer version 7.4.0 through 7.4.2, 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.14 and before 6.2.13, Fortinet FortiVoice version 7.0.0 through 7.0.2 before 6.4.8 and Fortinet FortiWeb before 7.4.2 may allow an unauthenticated attacker in a man-in-the-middle position to impersonate the management device (FortiCloud server or/and in certain conditions, FortiManager), via intercepting the FGFM authentication request between the management device and the managed device | |||||
| CVE-2024-24974 | 1 Openvpn | 1 Openvpn | 2026-06-17 | N/A | 7.5 HIGH |
| The interactive service in OpenVPN 2.6.9 and earlier allows the OpenVPN service pipe to be accessed remotely, which allows a remote attacker to interact with the privileged OpenVPN interactive service. | |||||
| CVE-2024-22315 | 1 Ibm | 3 Storage Fusion, Storage Fusion Hci, Storage Fusion Hci For Watsonx | 2026-06-17 | N/A | 4.0 MEDIUM |
| IBM Fusion and IBM Fusion HCI 2.3.0 through 2.8.2 is vulnerable to insecure network connection by allowing an attacker who gains access to a Fusion container to establish an external network connection. | |||||
| CVE-2023-28078 | 1 Dell | 1 Smartfabric Os10 | 2026-06-17 | N/A | 9.1 CRITICAL |
| Dell OS10 Networking Switches running 10.5.2.x and above contain a vulnerability with zeroMQ when VLT is configured. A remote unauthenticated attacker could potentially exploit this vulnerability leading to information disclosure and a possible Denial of Service when a huge number of requests are sent to the switch. This is a high severity vulnerability as it allows an attacker to view sensitive data. Dell recommends customers to upgrade at the earliest opportunity. | |||||
| CVE-2022-43916 | 2 Ibm, Redhat | 2 App Connect Enterprise Certified Container, Openshift | 2026-06-17 | N/A | 6.8 MEDIUM |
| IBM App Connect Enterprise Certified Container 7.1, 7.2, 8.0, 8.1, 8.2, 9.0, 9.1, 9.2, 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 11.4, 11.5, 11.6, 12.0, 12.1, 12.2, 12.3, 12.4, 12.5, 12.6, and 12.7 Pods do not restrict network egress for Pods that are used for internal infrastructure. | |||||
| CVE-2022-2663 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2026-06-17 | N/A | 5.3 MEDIUM |
| An issue was found in the Linux kernel in nf_conntrack_irc where the message handling can be confused and incorrectly matches the message. A firewall may be able to be bypassed when users are using unencrypted IRC with nf_conntrack_irc configured. | |||||
| CVE-2021-38487 | 1 Rti | 3 Connext Dds Micro, Connext Professional, Connext Secure | 2026-06-17 | 6.4 MEDIUM | 8.2 HIGH |
| RTI Connext Professional versions 4.1 to 6.1.0, and Connext Micro versions 2.4 and later are vulnerable when an attacker sends a specially crafted packet to flood target devices with unwanted traffic. This may result in a denial-of-service condition and information exposure. | |||||
| CVE-2017-3891 | 1 Blackberry | 1 Qnx Software Development Platform | 2026-06-17 | 6.8 MEDIUM | 9.6 CRITICAL |
| In BlackBerry QNX Software Development Platform (SDP) 6.6.0, an elevation of privilege vulnerability in the default configuration of the QNX SDP with QNet enabled on networks comprising two or more QNet nodes could allow an attacker to access local and remote files or take ownership of files on other QNX nodes regardless of permissions by executing commands targeting arbitrary nodes from a secondary QNX 6.6.0 QNet node. | |||||
| CVE-2025-36145 | 1 Ibm | 1 Watsonx.data | 2026-06-01 | N/A | 5.4 MEDIUM |
| IBM watsonx.data 2.2 through 2.3.1 IBM Lakehouse does not properly restrict inbound and outbound connections which could allow an attacker to transfer or modify files without restrictions. | |||||
| CVE-2025-36180 | 1 Ibm | 1 Watsonx.data | 2026-05-12 | N/A | 5.3 MEDIUM |
| IBM watsonx.data 2.2 through 2.3 IBM Lakehouse does not properly restrict communication between pods which could allow an attacker to transfer data between pods without restrictions. | |||||
| CVE-2026-22726 | 1 Cloudfoundry | 2 Cf-deployment, Routing Release | 2026-05-04 | N/A | 5.0 MEDIUM |
| Route Services can be leveraged to send app traffic to network destinations outside of an app's configured egress rules. As a result, a malicious developer with access to Cloudfoundry could configure a route-service that would allow it to send requests to HTTP services on internal networks reachable by the Gorouter, which may not have previously had direct access from outside networks, or from the application. Routing release: affected from v0.118.0 through v0.371.0 (inclusive); upgrade to v0.372.0 or greater. CF Deployment: affected from v0.0.2 through v54.14.0 (inclusive); upgrade to v55.0.0 or greater (includes routing_release v0.372.0). | |||||
| CVE-2025-62843 | 1 Qnap | 1 Qurouter | 2026-04-14 | N/A | 6.8 MEDIUM |
| An improper restriction of communication channel to intended endpoints vulnerability has been reported to affect QHora. If an attacker gains physical access, they can then exploit the vulnerability to gain the privileges that were intended for the original endpoint. We have already fixed the vulnerability in the following version: QuRouter 2.6.3.009 and later | |||||