Vulnerabilities (CVE)

Filtered by NVD-CWE-noinfo
Total 35862 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2024-45441 1 Huawei 2 Emui, Harmonyos 2026-06-17 N/A 6.2 MEDIUM
Input verification vulnerability in the system service module Impact: Successful exploitation of this vulnerability will affect availability.
CVE-2024-45426 1 Zoom 6 Meeting Software Development Kit, Rooms, Rooms Controller and 3 more 2026-06-17 N/A 4.9 MEDIUM
Incorrect ownership assignment in some Zoom Workplace Apps may allow a privileged user to conduct an information disclosure via network access.
CVE-2024-45425 1 Zoom 6 Meeting Software Development Kit, Rooms, Rooms Controller and 3 more 2026-06-17 N/A 4.9 MEDIUM
Incorrect user management in some Zoom Workplace Apps may allow a privileged user to conduct an information disclosure via network access.
CVE-2024-45424 1 Zoom 6 Meeting Software Development Kit, Rooms, Rooms Controller and 3 more 2026-06-17 N/A 5.3 MEDIUM
Business logic error in some Zoom Workplace Apps may allow an unauthenticated user to conduct a disclosure of information via network access.
CVE-2024-45422 1 Zoom 6 Meeting Software Development Kit, Rooms, Rooms Controller and 3 more 2026-06-17 N/A 6.5 MEDIUM
Improper input validation in some Zoom Apps before version 6.2.0 may allow an unauthenticated user to conduct a denial of service via network access.
CVE-2024-45417 1 Zoom 4 Meeting Software Development Kit, Rooms, Video Software Development Kit and 1 more 2026-06-17 N/A 6.0 MEDIUM
Uncontrolled resource consumption in the installer for some Zoom apps for macOS before version 6.1.5 may allow a privileged user to conduct a disclosure of information via local access.
CVE-2024-45407 1 Lizardbyte 1 Sunshine 2026-06-17 N/A 6.5 MEDIUM
Sunshine is a self-hosted game stream host for Moonlight. Clients that experience a MITM attack during the pairing process may inadvertantly allow access to an unintended client rather than failing authentication due to a PIN validation error. The pairing attempt fails due to the incorrect PIN, but the certificate from the forged pairing attempt is incorrectly persisted prior to the completion of the pairing request. This allows access to the certificate belonging to the attacker.
CVE-2024-45384 1 Apache 1 Druid 2026-06-17 N/A 5.3 MEDIUM
Padding Oracle vulnerability in Apache Druid extension, druid-pac4j. This could allow an attacker to manipulate a pac4j session cookie. This issue affects Apache Druid versions 0.18.0 through 30.0.0. Since the druid-pac4j extension is optional and disabled by default, Druid installations not using the druid-pac4j extension are not affected by this vulnerability. While we are not aware of a way to meaningfully exploit this flaw, we nevertheless recommend upgrading to version 30.0.1 or higher which fixes the issue and ensuring you have a strong druid.auth.pac4j.cookiePassphrase as a precaution.
CVE-2024-45373 1 Doverfuelingsolutions 4 Progauge Maglink Lx4 Console, Progauge Maglink Lx4 Console Firmware, Progauge Maglink Lx Console and 1 more 2026-06-17 N/A 8.8 HIGH
Once logged in to ProGauge MAGLINK LX4 CONSOLE, a valid user can change their privileges to administrator.
CVE-2024-45335 1 Trendmicro 1 Antivirus One 2026-06-17 N/A 8.4 HIGH
Trend Micro Antivirus One, version 3.10.4 and below contains a vulnerability that could allow an attacker to use a specifically crafted virus to allow itself to bypass and evade a virus scan detection.
CVE-2024-45334 1 Trendmicro 1 Antivirus One 2026-06-17 N/A 7.8 HIGH
Trend Micro Antivirus One versions 3.10.4 and below (Consumer) is vulnerable to an Arbitrary Configuration Update that could allow unauthorized access to product configurations and functions.
CVE-2024-45330 1 Fortinet 2 Fortianalyzer, Fortianalyzer Cloud 2026-06-17 N/A 7.2 HIGH
A use of externally-controlled format string in Fortinet FortiAnalyzer versions 7.4.0 through 7.4.3, 7.2.2 through 7.2.5 allows attacker to escalate its privileges via specially crafted requests.
CVE-2024-45326 1 Fortinet 1 Fortideceptor 2026-06-17 N/A 4.3 MEDIUM
AnĀ Improper Access Control vulnerability [CWE-284] vulnerability in Fortinet FortiDeceptor 6.0.0, FortiDeceptor 5.3 all versions, FortiDeceptor 5.2 all versions, FortiDeceptor 5.1 all versions, FortiDeceptor 5.0 all versions may allow an authenticated attacker with none privileges to perform operations on the central management appliance via crafted requests.
CVE-2024-45297 1 Discourse 1 Discourse 2026-06-17 N/A 5.3 MEDIUM
Discourse is an open source platform for community discussion. Users can see topics with a hidden tag if they know the label/name of that tag. This issue has been patched in the latest stable, beta and tests-passed version of Discourse. All users area are advised to upgrade. There are no known workarounds for this vulnerability.
CVE-2024-45271 2 Helmholz, Mbconnectline 4 Rex 100, Rex 100 Firmware, Mbnet.mini and 1 more 2026-06-17 N/A 8.4 HIGH
An unauthenticated local attacker can gain admin privileges by deploying a config file due to improper input validation.
CVE-2024-45244 1 Hyperledger 1 Fabric 2026-06-17 N/A 5.3 MEDIUM
Hyperledger Fabric through 3.0.0 and 2.5.x through 2.5.9 do not verify that a request has a timestamp within the expected time window.
CVE-2024-45236 1 Nicmx 1 Fort-validator 2026-06-17 N/A 7.5 HIGH
An issue was discovered in Fort before 1.6.3. A malicious RPKI repository that descends from a (trusted) Trust Anchor can serve (via rsync or RRDP) a signed object containing an empty signedAttributes field. Fort accesses the set's elements without sanitizing it first. Because Fort is an RPKI Relying Party, a crash can lead to Route Origin Validation unavailability, which can lead to compromised routing.
CVE-2024-45234 1 Nicmx 1 Fort-validator 2026-06-17 N/A 7.5 HIGH
An issue was discovered in Fort before 1.6.3. A malicious RPKI repository that descends from a (trusted) Trust Anchor can serve (via rsync or RRDP) an ROA or a Manifest containing a signedAttrs encoded in non-canonical form. This bypasses Fort's BER decoder, reaching a point in the code that panics when faced with data not encoded in DER. Because Fort is an RPKI Relying Party, a panic can lead to Route Origin Validation unavailability, which can lead to compromised routing.
CVE-2024-45231 1 Djangoproject 1 Django 2026-06-17 N/A 5.3 MEDIUM
An issue was discovered in Django v5.1.1, v5.0.9, and v4.2.16. The django.contrib.auth.forms.PasswordResetForm class, when used in a view implementing password reset flows, allows remote attackers to enumerate user e-mail addresses by sending password reset requests and observing the outcome (only when e-mail sending is consistently failing).
CVE-2024-45230 1 Djangoproject 1 Django 2026-06-17 N/A 7.5 HIGH
An issue was discovered in Django 5.1 before 5.1.1, 5.0 before 5.0.9, and 4.2 before 4.2.16. The urlize() and urlizetrunc() template filters are subject to a potential denial-of-service attack via very large inputs with a specific sequence of characters.