Vulnerabilities (CVE)

Filtered by NVD-CWE-noinfo
Total 35740 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2024-37769 1 B1ackc4t 1 14finger 2026-06-17 N/A 8.8 HIGH
Insecure permissions in 14Finger v1.1 allow attackers to escalate privileges from normal user to Administrator via a crafted POST request.
CVE-2024-37768 1 B1ackc4t 1 14finger 2026-06-17 N/A 9.1 CRITICAL
14Finger v1.1 was discovered to contain an arbitrary user deletion vulnerability via the component /api/admin/user?id.
CVE-2024-37526 1 Ibm 2 Data Virtualization On Cloud Pak For Data, Watson Query With Cloud Pak For Data 2026-06-17 N/A 6.5 MEDIUM
IBM Watson Query on Cloud Pak for Data (IBM Data Virtualization 1.8, 2.0, 2.1, 2.2, and 3.0.0) could allow an authenticated user to obtain sensitive information from objects published using Watson Query due to an improper data protection mechanism.
CVE-2024-37484 1 Zephyr-one 1 Zephyr Project Manager 2026-06-17 N/A 8.8 HIGH
Improper Privilege Management vulnerability in Dylan James Zephyr Project Manager allows Privilege Escalation.This issue affects Zephyr Project Manager: from n/a through 3.3.97.
CVE-2024-37455 1 Brainstormforce 1 Ultimate Addons For Elementor 2026-06-17 N/A 8.8 HIGH
Improper Privilege Management vulnerability in Brainstorm Force Ultimate Addons for Elementor allows Privilege Escalation.This issue affects Ultimate Addons for Elementor: from n/a through 1.36.31.
CVE-2024-37404 1 Ivanti 2 Connect Secure, Policy Secure 2026-06-17 N/A 8.8 HIGH
Improper Input Validation in the admin portal of Ivanti Connect Secure before 22.7R2.1 and 9.1R18.9, or Ivanti Policy Secure before 22.7R1.1 allows a remote authenticated attacker to achieve remote code execution.
CVE-2024-37398 1 Ivanti 1 Secure Access Client 2026-06-17 N/A 7.8 HIGH
Insufficient validation in Ivanti Secure Access Client before 22.7R4 allows a local authenticated attacker to escalate their privileges.
CVE-2024-37391 2 Microsoft, Proton 2 Windows, Protonvpn 2026-06-17 N/A 7.8 HIGH
ProtonVPN before 3.2.10 on Windows mishandles the drive installer path, which should use this: '"' + ExpandConstant('{autopf}\Proton\Drive') + '"' in Setup/setup.iss.
CVE-2024-37373 1 Ivanti 1 Avalanche 2026-06-17 N/A 7.2 HIGH
Improper input validation in the Central Filestore in Ivanti Avalanche 6.3.1 allows a remote authenticated attacker with admin rights to achieve RCE.
CVE-2024-37370 1 Mit 1 Kerberos 5 2026-06-17 N/A 7.5 HIGH
In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify the plaintext Extra Count field of a confidential GSS krb5 wrap token, causing the unwrapped token to appear truncated to the application.
CVE-2024-37365 1 Rockwellautomation 1 Factorytalk View 2026-06-17 N/A 7.3 HIGH
A remote code execution vulnerability exists in the affected product. The vulnerability allows users to save projects within the public directory allowing anyone with local access to modify and/or delete files. Additionally, a malicious user could potentially leverage this vulnerability to escalate their privileges by changing the macro to execute arbitrary code.
CVE-2024-37346 1 Absolute 1 Secure Access 2026-06-17 N/A 4.9 MEDIUM
There is an insufficient input validation vulnerability in the Warehouse component of Absolute Secure Access prior to 13.06. Attackers with system administrator permissions can impair the availability of certain elements of the Secure Access administrative UI by writing invalid data to the warehouse over the network. There is no loss of warehouse integrity or confidentiality, the security scope is unchanged. Loss of availability is high.
CVE-2024-37342 1 Microsoft 5 Sql 2016 Azure Connect Feature Pack, Sql Server 2016, Sql Server 2017 and 2 more 2026-06-17 N/A 7.1 HIGH
Microsoft SQL Server Native Scoring Information Disclosure Vulnerability
CVE-2024-37341 1 Microsoft 5 Sql 2016 Azure Connect Feature Pack, Sql Server 2016, Sql Server 2017 and 2 more 2026-06-17 N/A 8.8 HIGH
Microsoft SQL Server Elevation of Privilege Vulnerability
CVE-2024-37340 1 Microsoft 5 Sql 2016 Azure Connect Feature Pack, Sql Server 2016, Sql Server 2017 and 2 more 2026-06-17 N/A 8.8 HIGH
Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability
CVE-2024-37339 1 Microsoft 5 Sql 2016 Azure Connect Feature Pack, Sql Server 2016, Sql Server 2017 and 2 more 2026-06-17 N/A 8.8 HIGH
Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability
CVE-2024-37338 1 Microsoft 5 Sql 2016 Azure Connect Feature Pack, Sql Server 2016, Sql Server 2017 and 2 more 2026-06-17 N/A 8.8 HIGH
Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability
CVE-2024-37337 1 Microsoft 5 Sql 2016 Azure Connect Feature Pack, Sql Server 2016, Sql Server 2017 and 2 more 2026-06-17 N/A 7.1 HIGH
Microsoft SQL Server Native Scoring Information Disclosure Vulnerability
CVE-2024-37336 1 Microsoft 4 Sql Server 2016, Sql Server 2017, Sql Server 2019 and 1 more 2026-06-17 N/A 8.8 HIGH
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
CVE-2024-37335 1 Microsoft 5 Sql 2016 Azure Connect Feature Pack, Sql Server 2016, Sql Server 2017 and 2 more 2026-06-17 N/A 8.8 HIGH
Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability