Total
29907 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-34611 | 1 Samsung | 1 Android | 2026-06-17 | N/A | 5.1 MEDIUM |
| Improper access control in KnoxService prior to SMR Aug-2024 Release 1 allows local attackers to get sensitive information. | |||||
| CVE-2024-34610 | 1 Samsung | 1 Android | 2026-06-17 | N/A | 5.1 MEDIUM |
| Improper access control in ExtControlDeviceService prior to SMR Aug-2024 Release 1 allows local attackers to access protected data. | |||||
| CVE-2024-34609 | 1 Samsung | 1 Android | 2026-06-17 | N/A | 6.2 MEDIUM |
| Improper access control in VoiceNoteService prior to SMR Aug-2024 Release 1 allows local attackers to bypass restrictions on starting services from the background. | |||||
| CVE-2024-34608 | 1 Samsung | 1 Android | 2026-06-17 | N/A | 6.2 MEDIUM |
| Improper access control in PaymentManagerService prior to SMR Aug-2024 Release 1 allows local attackers to bypass restrictions on starting services from the background. | |||||
| CVE-2024-34607 | 1 Samsung | 1 Android | 2026-06-17 | N/A | 6.2 MEDIUM |
| Improper access control in SamsungNotesService prior to SMR Aug-2024 Release 1 allows local attackers to bypass restrictions on starting services from the background. | |||||
| CVE-2024-34606 | 1 Samsung | 1 Android | 2026-06-17 | N/A | 6.2 MEDIUM |
| Improper access control in SmartThingsService prior to SMR Aug-2024 Release 1 allows local attackers to bypass restrictions on starting services from the background. | |||||
| CVE-2024-34605 | 1 Samsung | 1 Android | 2026-06-17 | N/A | 6.2 MEDIUM |
| Improper access control in SamsungHealthService prior to SMR Aug-2024 Release 1 allows local attackers to bypass restrictions on starting services from the background. | |||||
| CVE-2024-34604 | 1 Samsung | 1 Android | 2026-06-17 | N/A | 6.2 MEDIUM |
| Improper access control in LedCoverService prior to SMR Aug-2024 Release 1 allows local attackers to bypass restrictions on starting services from the background. | |||||
| CVE-2024-34603 | 1 Samsung | 1 Android | 2026-06-17 | N/A | 4.0 MEDIUM |
| Improper access control in Samsung Message prior to SMR Jul-2024 Release 1 allows local attackers to access location data. | |||||
| CVE-2024-34601 | 1 Samsung | 1 Galaxy Store | 2026-06-17 | N/A | 5.9 MEDIUM |
| Improper verification of intent by broadcast receiver vulnerability in GalaxyStore prior to version 4.5.81.0 allows local attackers to launch unexported activities of GalaxyStore. | |||||
| CVE-2024-34595 | 1 Samsung | 1 Android | 2026-06-17 | N/A | 7.8 HIGH |
| Improper access control in clickAdapterItem of SystemUI prior to SMR Jul-2024 Release 1 allows local attackers to launch privileged activities. | |||||
| CVE-2024-34586 | 1 Samsung | 1 Android | 2026-06-17 | N/A | 5.9 MEDIUM |
| Improper access control in KnoxCustomManagerService prior to SMR Jul-2024 Release 1 allows local attackers to configure Knox privacy policy. | |||||
| CVE-2024-34585 | 1 Samsung | 1 Android | 2026-06-17 | N/A | 7.8 HIGH |
| Improper access control in launchApp of SystemUI prior to SMR Jul-2024 Release 1 allows local attackers to launch privileged activities. | |||||
| CVE-2024-34583 | 1 Samsung | 1 Android | 2026-06-17 | N/A | 4.0 MEDIUM |
| Improper access control in system property prior to SMR Jul-2024 Release 1 allows local attackers to get device identifier. | |||||
| CVE-2024-34517 | 1 Neo4j | 1 Neo4j | 2026-06-17 | N/A | 6.5 MEDIUM |
| The Cypher component in Neo4j 5.0.0 through 5.18 mishandles IMMUTABLE privileges in some situations where an attacker already has admin access. | |||||
| CVE-2024-34363 | 1 Envoyproxy | 1 Envoy | 2026-06-17 | N/A | 7.5 HIGH |
| Envoy is a cloud-native, open source edge and service proxy. Due to how Envoy invoked the nlohmann JSON library, the library could throw an uncaught exception from downstream data if incomplete UTF-8 strings were serialized. The uncaught exception would cause Envoy to crash. | |||||
| CVE-2024-34314 | 1 Cmseasy | 1 Cmseasy | 2026-06-17 | N/A | 4.9 MEDIUM |
| CmsEasy v7.7.7.9 was discovered to contain a local file inclusion vunerability via the file_get_contents function in the fetch_action method of /admin/template_admin.php. This vulnerability allows attackers to read arbitrary files. | |||||
| CVE-2024-34077 | 1 Mantisbt | 1 Mantisbt | 2026-06-17 | N/A | 7.3 HIGH |
| MantisBT (Mantis Bug Tracker) is an open source issue tracker. Insufficient access control in the registration and password reset process allows an attacker to reset another user's password and takeover their account, if the victim has an incomplete request pending. The exploit is only possible while the verification token is valid, i.e for 5 minutes after the confirmation URL sent by e-mail has been opened, and the user did not complete the process by updating their password. A brute-force attack calling account_update.php with increasing user IDs is possible. A successful takeover would grant the attacker full access to the compromised account, including sensitive information and functionalities associated with the account, the extent of which depends on its privileges and the data it has access to. Version 2.26.2 contains a patch for the issue. As a workaround, one may mitigate the risk by reducing the verification token's validity (change the value of the `TOKEN_EXPIRY_AUTHENTICATED` constant in `constants_inc.php`). | |||||
| CVE-2024-33848 | 1 Intel | 1 Raid Web Console | 2026-06-17 | N/A | 6.5 MEDIUM |
| Uncaught exception in Intel(R) RAID Web Console software all versions may allow an authenticated user to potentially enable denial of service via local access. | |||||
| CVE-2024-33510 | 1 Fortinet | 2 Fortios, Fortiproxy | 2026-06-17 | N/A | 4.3 MEDIUM |
| AnĀ improper neutralization of special elements in output used by a downstream component ('Injection') vulnerability [CWE-74] in FortiOS version 7.4.3 and below, version 7.2.8 and below, version 7.0.16 and below; FortiProxy version 7.4.3 and below, version 7.2.9 and below, version 7.0.16 and below; FortiSASE version 24.2.b SSL-VPN web user interface may allow a remote unauthenticated attacker to perform phishing attempts via crafted requests. | |||||