Total
35900 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-52922 | 1 Bitcoin | 1 Bitcoin Core | 2026-06-17 | N/A | 6.5 MEDIUM |
| In Bitcoin Core before 25.1, an attacker can cause a node to not download the latest block, because there can be minutes of delay when an announcing peer stalls instead of complying with the peer-to-peer protocol specification. | |||||
| CVE-2024-52903 | 4 Ibm, Linux, Microsoft and 1 more | 4 Db2, Linux Kernel, Windows and 1 more | 2026-06-17 | N/A | 5.3 MEDIUM |
| IBM Db2 for Linux, UNIX and Windows 12.1.0 and 12.1.1 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query. | |||||
| CVE-2024-52872 | 1 Flagsmith | 1 Flagsmith | 2026-06-17 | N/A | 7.5 HIGH |
| In Flagsmith before 2.134.1, the get_document endpoint is not correctly protected by permissions. | |||||
| CVE-2024-52871 | 1 Flagsmith | 1 Flagsmith | 2026-06-17 | N/A | 7.5 HIGH |
| In Flagsmith before 2.134.1, it is possible to bypass the ALLOW_REGISTRATION_WITHOUT_INVITE setting. | |||||
| CVE-2024-52831 | 1 Adobe | 1 Experience Manager | 2026-06-17 | N/A | 3.5 LOW |
| Adobe Experience Manager versions 6.5.21 and earlier are affected by an Improper Input Validation vulnerability that could result in a security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and affect the integrity of the page. Exploitation of this issue requires user interaction. | |||||
| CVE-2024-52815 | 1 Matrix | 1 Synapse | 2026-06-17 | N/A | 5.3 MEDIUM |
| Synapse is an open-source Matrix homeserver. Synapse versions before 1.120.1 fail to properly validate invites received over federation. This vulnerability allows a malicious server to send a specially crafted invite that disrupts the invited user's /sync functionality. Synapse 1.120.1 rejects such invalid invites received over federation and restores the ability to sync for affected users. | |||||
| CVE-2024-52782 | 1 Dcnetworks | 8 Dcme-320, Dcme-320-l, Dcme-320-l Firmware and 5 more | 2026-06-17 | N/A | 9.8 CRITICAL |
| DCME-320 <=7.4.12.90, DCME-520 <=9.25.5.11, DCME-320-L <=9.3.5.26, and DCME-720 <=9.1.5.11 are vulnerable to Remote Code Execution via /function/audit/newstatistics/mon_stat_hist_new.php. | |||||
| CVE-2024-52781 | 1 Dcnetworks | 8 Dcme-320, Dcme-320-l, Dcme-320-l Firmware and 5 more | 2026-06-17 | N/A | 9.8 CRITICAL |
| DCME-320 <=7.4.12.90, DCME-520 <=9.25.5.11, DCME-320-L <=9.3.5.26, and DCME-720 <=9.1.5.11 are vulnerable to Remote Code Execution via /function/system/tool/traceroute.php. | |||||
| CVE-2024-52780 | 1 Dcnetworks | 8 Dcme-320, Dcme-320-l, Dcme-320-l Firmware and 5 more | 2026-06-17 | N/A | 9.8 CRITICAL |
| DCME-320 <=7.4.12.90, DCME-520 <=9.25.5.11, DCME-320-L <=9.3.5.26, and DCME-720 <=9.1.5.11 are vulnerable to Remote Code Execution via /function/system/basic/mgmt_edit.php. | |||||
| CVE-2024-52779 | 1 Dcnetworks | 8 Dcme-320, Dcme-320-l, Dcme-320-l Firmware and 5 more | 2026-06-17 | N/A | 9.8 CRITICAL |
| DCME-320 <=7.4.12.90, DCME-520 <=9.25.5.11, DCME-320-L <=9.3.5.26, and DCME-720 <=9.1.5.11 are vulnerable to Remote Code Execution via /function/audit/newstatistics/mon_stat_top10.php. | |||||
| CVE-2024-52778 | 1 Dcnetworks | 8 Dcme-320, Dcme-320-l, Dcme-320-l Firmware and 5 more | 2026-06-17 | N/A | 9.8 CRITICAL |
| DCME-320 <=7.4.12.90, DCME-520 <=9.25.5.11, DCME-320-L <=9.3.5.26, and DCME-720 <=9.1.5.11 are vulnerable to Remote Code Execution via /function/audit/newstatistics/mon_stat_hist.php. | |||||
| CVE-2024-52777 | 1 Dcnetworks | 8 Dcme-320, Dcme-320-l, Dcme-320-l Firmware and 5 more | 2026-06-17 | N/A | 9.8 CRITICAL |
| DCME-320 <=7.4.12.90, DCME-520 <=9.25.5.11, DCME-320-L, <=9.3.5.26, and DCME-720 <=9.1.5.11 are vulnerable to Remote Code Execution via /function/system/basic/license_update.php. | |||||
| CVE-2024-52765 | 1 H3c | 2 Gr-1800ax, Gr-1800ax Firmware | 2026-06-17 | N/A | 9.8 CRITICAL |
| H3C GR-1800AX MiniGRW1B0V100R007 is vulnerable to remote code execution (RCE) via the aspForm parameter. | |||||
| CVE-2024-52589 | 1 Discourse | 1 Discourse | 2026-06-17 | N/A | 2.2 LOW |
| Discourse is an open source platform for community discussion. Moderators can see the Screened emails list in the admin dashboard, and through that can learn the email of a user. This problem is patched in the latest version of Discourse. Users unable to upgrade should remove moderator role from untrusted users. | |||||
| CVE-2024-52560 | 1 Linux | 1 Linux Kernel | 2026-06-17 | N/A | 5.5 MEDIUM |
| In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Mark inode as bad as soon as error detected in mi_enum_attr() Extended the `mi_enum_attr()` function interface with an additional parameter, `struct ntfs_inode *ni`, to allow marking the inode as bad as soon as an error is detected. | |||||
| CVE-2024-52555 | 1 Jetbrains | 1 Webstorm | 2026-06-17 | N/A | 6.3 MEDIUM |
| In JetBrains WebStorm before 2024.3 code execution in Untrusted Project mode was possible via type definitions installer script | |||||
| CVE-2024-52517 | 1 Nextcloud | 1 Nextcloud Server | 2026-06-17 | N/A | 4.6 MEDIUM |
| Nextcloud Server is a self hosted personal cloud system. After storing "Global credentials" on the server, the API returns them and adds them into the frontend again, allowing to read them in plain text when an attacker already has access to an active session of a user. It is recommended that the Nextcloud Server is upgraded to 28.0.11, 29.0.8 or 30.0.1 and Nextcloud Enterprise Server is upgraded to 25.0.13.13, 26.0.13.9, 27.1.11.9, 28.0.11, 29.0.8 or 30.0.1. | |||||
| CVE-2024-52516 | 1 Nextcloud | 1 Nextcloud Server | 2026-06-17 | N/A | 3.0 LOW |
| Nextcloud Server is a self hosted personal cloud system. When a server is configured to only allow sharing with users that are in ones own groups, after a user was removed from a group, previously shared items were not unshared. It is recommended that the Nextcloud Server is upgraded to 22.2.11 or 23.0.11 or 24.0.6 and Nextcloud Enterprise Server is upgraded to 22.2.11 or 23.0.11 or 24.0.6. | |||||
| CVE-2024-52514 | 1 Nextcloud | 1 Nextcloud Server | 2026-06-17 | N/A | 4.1 MEDIUM |
| Nextcloud Server is a self hosted personal cloud system. After a user received a share with some files inside being blocked by the files access control, the user would still be able to copy the intermediate folder inside Nextcloud allowing them to afterwards potentially access the blocked files depending on the user access control rules. It is recommended that the Nextcloud Server is upgraded to 27.1.9, 28.0.5 or 29.0.0 and Nextcloud Enterprise Server is upgraded to 21.0.9.18, 22.2.10.23, 23.0.12.18, 24.0.12.14, 25.0.13.9, 26.0.13.3, 27.1.9, 28.0.5 or 29.0.0. | |||||
| CVE-2024-52513 | 1 Nextcloud | 1 Nextcloud Server | 2026-06-17 | N/A | 2.6 LOW |
| Nextcloud Server is a self hosted personal cloud system. After receiving a "Files drop" or "Password protected" share link a malicious user was able to download attachments that are referenced in Text files without providing the password. It is recommended that the Nextcloud Server is upgraded to 28.0.11, 29.0.8 or 30.0.1 and Nextcloud Enterprise Server is upgraded to 25.0.13.13, 26.0.13.9, 27.1.11.9, 28.0.11, 29.0.8 or 30.0.1. | |||||
