Total
35862 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-45441 | 1 Huawei | 2 Emui, Harmonyos | 2026-06-17 | N/A | 6.2 MEDIUM |
| Input verification vulnerability in the system service module Impact: Successful exploitation of this vulnerability will affect availability. | |||||
| CVE-2024-45426 | 1 Zoom | 6 Meeting Software Development Kit, Rooms, Rooms Controller and 3 more | 2026-06-17 | N/A | 4.9 MEDIUM |
| Incorrect ownership assignment in some Zoom Workplace Apps may allow a privileged user to conduct an information disclosure via network access. | |||||
| CVE-2024-45425 | 1 Zoom | 6 Meeting Software Development Kit, Rooms, Rooms Controller and 3 more | 2026-06-17 | N/A | 4.9 MEDIUM |
| Incorrect user management in some Zoom Workplace Apps may allow a privileged user to conduct an information disclosure via network access. | |||||
| CVE-2024-45424 | 1 Zoom | 6 Meeting Software Development Kit, Rooms, Rooms Controller and 3 more | 2026-06-17 | N/A | 5.3 MEDIUM |
| Business logic error in some Zoom Workplace Apps may allow an unauthenticated user to conduct a disclosure of information via network access. | |||||
| CVE-2024-45422 | 1 Zoom | 6 Meeting Software Development Kit, Rooms, Rooms Controller and 3 more | 2026-06-17 | N/A | 6.5 MEDIUM |
| Improper input validation in some Zoom Apps before version 6.2.0 may allow an unauthenticated user to conduct a denial of service via network access. | |||||
| CVE-2024-45417 | 1 Zoom | 4 Meeting Software Development Kit, Rooms, Video Software Development Kit and 1 more | 2026-06-17 | N/A | 6.0 MEDIUM |
| Uncontrolled resource consumption in the installer for some Zoom apps for macOS before version 6.1.5 may allow a privileged user to conduct a disclosure of information via local access. | |||||
| CVE-2024-45407 | 1 Lizardbyte | 1 Sunshine | 2026-06-17 | N/A | 6.5 MEDIUM |
| Sunshine is a self-hosted game stream host for Moonlight. Clients that experience a MITM attack during the pairing process may inadvertantly allow access to an unintended client rather than failing authentication due to a PIN validation error. The pairing attempt fails due to the incorrect PIN, but the certificate from the forged pairing attempt is incorrectly persisted prior to the completion of the pairing request. This allows access to the certificate belonging to the attacker. | |||||
| CVE-2024-45384 | 1 Apache | 1 Druid | 2026-06-17 | N/A | 5.3 MEDIUM |
| Padding Oracle vulnerability in Apache Druid extension, druid-pac4j. This could allow an attacker to manipulate a pac4j session cookie. This issue affects Apache Druid versions 0.18.0 through 30.0.0. Since the druid-pac4j extension is optional and disabled by default, Druid installations not using the druid-pac4j extension are not affected by this vulnerability. While we are not aware of a way to meaningfully exploit this flaw, we nevertheless recommend upgrading to version 30.0.1 or higher which fixes the issue and ensuring you have a strong druid.auth.pac4j.cookiePassphrase as a precaution. | |||||
| CVE-2024-45373 | 1 Doverfuelingsolutions | 4 Progauge Maglink Lx4 Console, Progauge Maglink Lx4 Console Firmware, Progauge Maglink Lx Console and 1 more | 2026-06-17 | N/A | 8.8 HIGH |
| Once logged in to ProGauge MAGLINK LX4 CONSOLE, a valid user can change their privileges to administrator. | |||||
| CVE-2024-45335 | 1 Trendmicro | 1 Antivirus One | 2026-06-17 | N/A | 8.4 HIGH |
| Trend Micro Antivirus One, version 3.10.4 and below contains a vulnerability that could allow an attacker to use a specifically crafted virus to allow itself to bypass and evade a virus scan detection. | |||||
| CVE-2024-45334 | 1 Trendmicro | 1 Antivirus One | 2026-06-17 | N/A | 7.8 HIGH |
| Trend Micro Antivirus One versions 3.10.4 and below (Consumer) is vulnerable to an Arbitrary Configuration Update that could allow unauthorized access to product configurations and functions. | |||||
| CVE-2024-45330 | 1 Fortinet | 2 Fortianalyzer, Fortianalyzer Cloud | 2026-06-17 | N/A | 7.2 HIGH |
| A use of externally-controlled format string in Fortinet FortiAnalyzer versions 7.4.0 through 7.4.3, 7.2.2 through 7.2.5 allows attacker to escalate its privileges via specially crafted requests. | |||||
| CVE-2024-45326 | 1 Fortinet | 1 Fortideceptor | 2026-06-17 | N/A | 4.3 MEDIUM |
| AnĀ Improper Access Control vulnerability [CWE-284] vulnerability in Fortinet FortiDeceptor 6.0.0, FortiDeceptor 5.3 all versions, FortiDeceptor 5.2 all versions, FortiDeceptor 5.1 all versions, FortiDeceptor 5.0 all versions may allow an authenticated attacker with none privileges to perform operations on the central management appliance via crafted requests. | |||||
| CVE-2024-45297 | 1 Discourse | 1 Discourse | 2026-06-17 | N/A | 5.3 MEDIUM |
| Discourse is an open source platform for community discussion. Users can see topics with a hidden tag if they know the label/name of that tag. This issue has been patched in the latest stable, beta and tests-passed version of Discourse. All users area are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2024-45271 | 2 Helmholz, Mbconnectline | 4 Rex 100, Rex 100 Firmware, Mbnet.mini and 1 more | 2026-06-17 | N/A | 8.4 HIGH |
| An unauthenticated local attacker can gain admin privileges by deploying a config file due to improper input validation. | |||||
| CVE-2024-45244 | 1 Hyperledger | 1 Fabric | 2026-06-17 | N/A | 5.3 MEDIUM |
| Hyperledger Fabric through 3.0.0 and 2.5.x through 2.5.9 do not verify that a request has a timestamp within the expected time window. | |||||
| CVE-2024-45236 | 1 Nicmx | 1 Fort-validator | 2026-06-17 | N/A | 7.5 HIGH |
| An issue was discovered in Fort before 1.6.3. A malicious RPKI repository that descends from a (trusted) Trust Anchor can serve (via rsync or RRDP) a signed object containing an empty signedAttributes field. Fort accesses the set's elements without sanitizing it first. Because Fort is an RPKI Relying Party, a crash can lead to Route Origin Validation unavailability, which can lead to compromised routing. | |||||
| CVE-2024-45234 | 1 Nicmx | 1 Fort-validator | 2026-06-17 | N/A | 7.5 HIGH |
| An issue was discovered in Fort before 1.6.3. A malicious RPKI repository that descends from a (trusted) Trust Anchor can serve (via rsync or RRDP) an ROA or a Manifest containing a signedAttrs encoded in non-canonical form. This bypasses Fort's BER decoder, reaching a point in the code that panics when faced with data not encoded in DER. Because Fort is an RPKI Relying Party, a panic can lead to Route Origin Validation unavailability, which can lead to compromised routing. | |||||
| CVE-2024-45231 | 1 Djangoproject | 1 Django | 2026-06-17 | N/A | 5.3 MEDIUM |
| An issue was discovered in Django v5.1.1, v5.0.9, and v4.2.16. The django.contrib.auth.forms.PasswordResetForm class, when used in a view implementing password reset flows, allows remote attackers to enumerate user e-mail addresses by sending password reset requests and observing the outcome (only when e-mail sending is consistently failing). | |||||
| CVE-2024-45230 | 1 Djangoproject | 1 Django | 2026-06-17 | N/A | 7.5 HIGH |
| An issue was discovered in Django 5.1 before 5.1.1, 5.0 before 5.0.9, and 4.2 before 4.2.16. The urlize() and urlizetrunc() template filters are subject to a potential denial-of-service attack via very large inputs with a specific sequence of characters. | |||||
