Total
29910 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-0627 | 1 Docker | 1 Docker Desktop | 2026-06-17 | N/A | 6.7 MEDIUM |
| Docker Desktop 4.11.x allows --no-windows-containers flag bypass via IPC response spoofing which may lead to Local Privilege Escalation (LPE).This issue affects Docker Desktop: 4.11.X. | |||||
| CVE-2023-0584 | 1 Vektor-inc | 1 Vk Blocks | 2026-06-17 | N/A | 4.3 MEDIUM |
| The VK Blocks plugin for WordPress is vulnerable to improper authorization via the REST 'update_options' function in versions up to, and including, 1.57.0.5. This allows authenticated attackers, with contributor-level permissions or above, to change the 'vk_font_awesome_version' option to an arbitrary value. | |||||
| CVE-2023-0583 | 1 Vektor-inc | 1 Vk Blocks | 2026-06-17 | N/A | 4.3 MEDIUM |
| The VK Blocks plugin for WordPress is vulnerable to improper authorization via the REST 'update_vk_blocks_options' function in versions up to, and including, 1.57.0.5. This allows authenticated attackers, with contributor-level permissions or above, to change plugin settings including default icons. | |||||
| CVE-2023-0581 | 1 Lcweb | 1 Privatecontent | 2026-06-17 | N/A | 5.3 MEDIUM |
| The PrivateContent plugin for WordPress is vulnerable to protection mechanism bypass due to the use of client side validation in versions up to, and including, 8.4.3. This is due to the plugin checking if an IP had been blocklist via client-side scripts rather than server-side. This makes it possible for unauthenticated attackers to bypass any login restrictions that may prevent a brute force attack. | |||||
| CVE-2023-0508 | 1 Gitlab | 1 Gitlab | 2026-06-17 | N/A | 3.1 LOW |
| An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.4 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. Open redirection was possible via HTTP response splitting in the NPM package API. | |||||
| CVE-2023-0482 | 2 Netapp, Redhat | 3 Active Iq Unified Manager, Oncommand Workflow Automation, Resteasy | 2026-06-17 | N/A | 5.5 MEDIUM |
| In RESTEasy the insecure File.createTempFile() is used in the DataSourceProvider, FileProvider and Mime4JWorkaround classes which creates temp files with insecure permissions that could be read by a local user. | |||||
| CVE-2023-0475 | 1 Hashicorp | 1 Go-getter | 2026-06-17 | N/A | 4.2 MEDIUM |
| HashiCorp go-getter up to 1.6.2 and 2.1.1 is vulnerable to decompression bombs. Fixed in 1.7.0 and 2.2.0. | |||||
| CVE-2023-0435 | 1 Pyload | 1 Pyload | 2026-06-17 | N/A | 9.8 CRITICAL |
| Excessive Attack Surface in GitHub repository pyload/pyload prior to 0.5.0b3.dev41. | |||||
| CVE-2023-0386 | 4 Canonical, Debian, Linux and 1 more | 13 Ubuntu Linux, Debian Linux, Linux Kernel and 10 more | 2026-06-17 | N/A | 7.8 HIGH |
| A flaw was found in the Linux kernel, where unauthorized access to the execution of the setuid file with capabilities was found in the Linux kernel’s OverlayFS subsystem in how a user copies a capable file from a nosuid mount into another mount. This uid mapping bug allows a local user to escalate their privileges on the system. | |||||
| CVE-2023-0348 | 1 Akuvox | 2 E11, E11 Firmware | 2026-06-17 | N/A | 7.5 HIGH |
| Akuvox E11 allows direct SIP calls. No access control is enforced by the SIP servers, which could allow an attacker to contact any device within Akuvox to call any other device. | |||||
| CVE-2023-0344 | 1 Akuvox | 2 E11, E11 Firmware | 2026-06-17 | N/A | 9.1 CRITICAL |
| Akuvox E11 appears to be using a custom version of dropbear SSH server. This server allows an insecure option that by default is not in the official dropbear SSH server. | |||||
| CVE-2023-0317 | 1 Secomea | 1 Gatemanager | 2026-06-17 | N/A | 4.9 MEDIUM |
| Unprotected Alternate Channel vulnerability in debug console of GateManager allows system administrator to obtain sensitive information. | |||||
| CVE-2023-0205 | 1 Nvidia | 4 Connectx-5, Connectx-6, Connectx-6-dx and 1 more | 2026-06-17 | N/A | 5.0 MEDIUM |
| NVIDIA ConnectX-5, ConnectX-6, and ConnectX6-DX contain a vulnerability in the NIC firmware, where an unprivileged user can exploit insufficient granularity of access control, which may lead to denial of service. | |||||
| CVE-2023-0158 | 1 Nlnetlabs | 1 Krill | 2026-06-17 | N/A | 7.5 HIGH |
| NLnet Labs Krill supports direct access to the RRDP repository content through its built-in web server at the "/rrdp" endpoint. Prior to 0.12.1 a direct query for any existing directory under "/rrdp/", rather than an RRDP file such as "/rrdp/notification.xml" as would be expected, causes Krill to crash. If the built-in "/rrdp" endpoint is exposed directly to the internet, then malicious remote parties can cause the publication server to crash. The repository content is not affected by this, but the availability of the server and repository can cause issues if this attack is persistent and is not mitigated. | |||||
| CVE-2023-0120 | 1 Gitlab | 1 Gitlab | 2026-06-17 | N/A | 3.5 LOW |
| An issue has been discovered in GitLab affecting all versions starting from 10.0 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1. Due to improper permission validation it was possible to edit labels description by an unauthorised user. | |||||
| CVE-2023-0002 | 2 Microsoft, Paloaltonetworks | 2 Windows, Cortex Xdr Agent | 2026-06-17 | N/A | 5.5 MEDIUM |
| A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices allows a local user to execute privileged cytool commands that disable or uninstall the agent. | |||||
| CVE-2022-50539 | 1 Linux | 1 Linux Kernel | 2026-06-17 | N/A | 5.5 MEDIUM |
| In the Linux kernel, the following vulnerability has been resolved: ARM: OMAP2+: omap4-common: Fix refcount leak bug In omap4_sram_init(), of_find_compatible_node() will return a node pointer with refcount incremented. We should use of_node_put() when it is not used anymore. | |||||
| CVE-2022-50520 | 1 Linux | 1 Linux Kernel | 2026-06-17 | N/A | 5.5 MEDIUM |
| In the Linux kernel, the following vulnerability has been resolved: drm/radeon: Fix PCI device refcount leak in radeon_atrm_get_bios() As comment of pci_get_class() says, it returns a pci_device with its refcount increased and decreased the refcount for the input parameter @from if it is not NULL. If we break the loop in radeon_atrm_get_bios() with 'pdev' not NULL, we need to call pci_dev_put() to decrease the refcount. Add the missing pci_dev_put() to avoid refcount leak. | |||||
| CVE-2022-50514 | 1 Linux | 1 Linux Kernel | 2026-06-17 | N/A | 5.5 MEDIUM |
| In the Linux kernel, the following vulnerability has been resolved: usb: gadget: f_hid: fix refcount leak on error path When failing to allocate report_desc, opts->refcnt has already been incremented so it needs to be decremented to avoid leaving the options structure permanently locked. | |||||
| CVE-2022-50505 | 1 Linux | 1 Linux Kernel | 2026-06-17 | N/A | 5.5 MEDIUM |
| In the Linux kernel, the following vulnerability has been resolved: iommu/amd: Fix pci device refcount leak in ppr_notifier() As comment of pci_get_domain_bus_and_slot() says, it returns a pci device with refcount increment, when finish using it, the caller must decrement the reference count by calling pci_dev_put(). So call it before returning from ppr_notifier() to avoid refcount leak. | |||||