Total
35849 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-43115 | 1 Apache | 1 Dolphinscheduler | 2026-06-17 | N/A | 8.8 HIGH |
| Improper Input Validation vulnerability in Apache DolphinScheduler. An authenticated user can execute any shell script server by alert script. This issue affects Apache DolphinScheduler: before 3.2.2. Users are recommended to upgrade to version 3.3.1, which fixes the issue. | |||||
| CVE-2024-43087 | 1 Google | 1 Android | 2026-06-17 | N/A | 7.8 HIGH |
| In getInstalledAccessibilityPreferences of AccessibilitySettings.java, there is a possible way to hide an enabled accessibility service in the accessibility service settings due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. | |||||
| CVE-2024-43085 | 1 Google | 1 Android | 2026-06-17 | N/A | 7.8 HIGH |
| In handleMessage of UsbDeviceManager.java, there is a possible method to access device contents over USB without unlocking the device due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2024-43081 | 1 Google | 1 Android | 2026-06-17 | N/A | 7.8 HIGH |
| In installExistingPackageAsUser of InstallPackageHelper.java, there is a possible carrier restriction bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2024-43052 | 1 Qualcomm | 182 205 Mobile Platform, 205 Mobile Platform Firmware, 215 Mobile Platform and 179 more | 2026-06-17 | N/A | 7.8 HIGH |
| Memory corruption while processing API calls to NPU with invalid input. | |||||
| CVE-2024-43051 | 1 Qualcomm | 488 Aqt1000, Aqt1000 Firmware, Ar8031 and 485 more | 2026-06-17 | N/A | 5.5 MEDIUM |
| Information disclosure while deriving keys for a session for any Widevine use case. | |||||
| CVE-2024-42995 | 1 Vtiger | 1 Vtiger Crm | 2026-06-17 | N/A | 8.3 HIGH |
| VTiger CRM <= 8.1.0 does not correctly check user privileges. A low-privileged user can interact directly with the "Migration" administrative module to disable arbitrary modules. | |||||
| CVE-2024-42978 | 1 Tenda | 2 Fh1206, Fh1206 Firmware | 2026-06-17 | N/A | 9.8 CRITICAL |
| An issue in the handler function in /goform/telnet of Tenda FH1206 v02.03.01.35 allows attackers to execute arbitrary commands via a crafted HTTP request. | |||||
| CVE-2024-42967 | 1 Totolink | 2 Lr350, Lr350 Firmware | 2026-06-17 | N/A | 9.8 CRITICAL |
| Incorrect access control in TOTOLINK LR350 V9.3.5u.6369_B20220309 allows attackers to obtain the apmib configuration file, which contains the username and the password, via a crafted request to /cgi-bin/ExportSettings.sh. | |||||
| CVE-2024-42966 | 1 Totolink | 2 N350rt, N350rt Firmware | 2026-06-17 | N/A | 9.8 CRITICAL |
| Incorrect access control in TOTOLINK N350RT V9.3.5u.6139_B20201216 allows attackers to obtain the apmib configuration file, which contains the username and the password, via a crafted request to /cgi-bin/ExportSettings.sh. | |||||
| CVE-2024-42947 | 1 Tenda | 2 Fh1201, Fh1201 Firmware | 2026-06-17 | N/A | 9.8 CRITICAL |
| An issue in the handler function in /goform/telnet of Tenda FH1201 v1.2.0.14 (408) allows attackers to execute arbitrary commands via a crafted HTTP request. | |||||
| CVE-2024-42861 | 1 Linuxptp Project | 1 Linuxptp | 2026-06-17 | N/A | 7.5 HIGH |
| An issue in IEEE 802.1AS linuxptp v.4.2 and before allowing a remote attacker to cause a denial of service via a crafted Pdelay_Req message to the time synchronization function | |||||
| CVE-2024-42835 | 1 Langflow | 1 Langflow | 2026-06-17 | N/A | 9.8 CRITICAL |
| langflow v1.0.12 was discovered to contain a remote code execution (RCE) vulnerability via the PythonCodeTool component. | |||||
| CVE-2024-42798 | 1 Lopalopa | 1 Music Management System | 2026-06-17 | N/A | 7.6 HIGH |
| An Incorrect Access Control vulnerability was found in /music/index.php?page=user_list and /music/index.php?page=edit_user in Kashipara Music Management System v1.0. This allows a low privileged attacker to take over the administrator account. | |||||
| CVE-2024-42797 | 1 Lopalopa | 1 Music Management System | 2026-06-17 | N/A | 9.8 CRITICAL |
| An Incorrect Access Control vulnerability was found in /music/ajax.php?action=delete_playlist in Kashipara Music Management System v1.0. This vulnerability allows an unauthenticated attacker to delete the valid music playlist entries. | |||||
| CVE-2024-42796 | 1 Lopalopa | 1 Music Management System | 2026-06-17 | N/A | 5.9 MEDIUM |
| An Incorrect Access Control vulnerability was found in /music/ajax.php?action=delete_genre in Kashipara Music Management System v1.0. This vulnerability allows an unauthenticated attacker to delete the valid music genre entries. | |||||
| CVE-2024-42795 | 1 Lopalopa | 1 Music Management System | 2026-06-17 | N/A | 4.2 MEDIUM |
| An Incorrect Access Control vulnerability was found in /music/view_user.php?id=3 and /music/controller.php?page=edit_user&id=3 in Kashipara Music Management System v1.0. This vulnerability allows an unauthenticated attacker to view valid user details. | |||||
| CVE-2024-42794 | 1 Lopalopa | 1 Music Management System | 2026-06-17 | N/A | 4.7 MEDIUM |
| Kashipara Music Management System v1.0 is vulnerable to Incorrect Access Control via /music/ajax.php?action=save_user. | |||||
| CVE-2024-42776 | 1 Jayesh | 1 Hotel Management System | 2026-06-17 | N/A | 7.2 HIGH |
| Kashipara Hotel Management System v1.0 is vulnerable to Incorrect Access Control via /admin/users.php. | |||||
| CVE-2024-42775 | 1 Jayesh | 1 Hotel Management System | 2026-06-17 | N/A | 9.1 CRITICAL |
| An Incorrect Access Control vulnerability was found in /admin/add_room_controller.php in Kashipara Hotel Management System v1.0, which allows an unauthenticated attacker to add the valid hotel room entries in the administrator section via the direct URL access. | |||||
