Total
35705 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-34112 | 1 Adobe | 1 Coldfusion | 2026-06-17 | N/A | 7.5 HIGH |
| ColdFusion versions 2023u7, 2021u13 and earlier are affected by an Improper Access Control vulnerability that could result in arbitrary file system read. An attacker could exploit this vulnerability to gain unauthorized access to sensitive files or data. Exploitation of this issue does not require user interaction. | |||||
| CVE-2024-34099 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2026-06-17 | N/A | 7.8 HIGH |
| Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier are affected by an Improper Access Control vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2024-34098 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2026-06-17 | N/A | 7.8 HIGH |
| Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2024-34082 | 1 Getgrav | 1 Grav | 2026-06-17 | N/A | 8.5 HIGH |
| Grav is a file-based Web platform. Prior to version 1.7.46, a low privilege user account with page edit privilege can read any server files using Twig Syntax. This includes Grav user account files - `/grav/user/accounts/*.yaml`. This file stores hashed user password, 2FA secret, and the password reset token. This can allow an adversary to compromise any registered account and read any file in the web server by resetting a password for a user to get access to the password reset token from the file or by cracking the hashed password. A low privileged user may also perform a full account takeover of other registered users including Administrators. Version 1.7.46 contains a patch. | |||||
| CVE-2024-34080 | 1 Mantisbt | 1 Mantisbt | 2026-06-17 | N/A | 5.3 MEDIUM |
| MantisBT (Mantis Bug Tracker) is an open source issue tracker. If an issue references a note that belongs to another issue that the user doesn't have access to, then it gets hyperlinked. Clicking on the link gives an access denied error as expected, yet some information remains available via the link, link label, and tooltip. This can result in disclosure of the existence of the note, the note author name, the note creation timestamp, and the issue id the note belongs to. Version 2.26.2 contains a patch for the issue. No known workarounds are available. | |||||
| CVE-2024-34043 | 1 Linuxfoundation | 1 Ric-app-kpimon-go | 2026-06-17 | N/A | 5.3 MEDIUM |
| O-RAN RICAPP kpimon-go I-Release has a segmentation violation via a certain E2AP-PDU message. | |||||
| CVE-2024-34009 | 1 Moodle | 1 Moodle | 2026-06-17 | N/A | 7.5 HIGH |
| Insufficient checks whether ReCAPTCHA was enabled made it possible to bypass the checks on the login page. This did not affect other pages where ReCAPTCHA is utilized. | |||||
| CVE-2024-34005 | 1 Moodle | 1 Moodle | 2026-06-17 | N/A | 6.5 MEDIUM |
| In a shared hosting environment that has been misconfigured to allow access to other users' content, a Moodle user with both access to restore database activity modules and direct access to the web server outside of the Moodle webroot could execute a local file include. | |||||
| CVE-2024-34004 | 1 Moodle | 1 Moodle | 2026-06-17 | N/A | 6.5 MEDIUM |
| In a shared hosting environment that has been misconfigured to allow access to other users' content, a Moodle user with both access to restore wiki modules and direct access to the web server outside of the Moodle webroot could execute a local file include. | |||||
| CVE-2024-34003 | 1 Moodle | 1 Moodle | 2026-06-17 | N/A | 5.9 MEDIUM |
| In a shared hosting environment that has been misconfigured to allow access to other users' content, a Moodle user with both access to restore workshop modules and direct access to the web server outside of the Moodle webroot could execute a local file include. | |||||
| CVE-2024-34002 | 1 Moodle | 1 Moodle | 2026-06-17 | N/A | 6.5 MEDIUM |
| In a shared hosting environment that has been misconfigured to allow access to other users' content, a Moodle user with both access to restore feedback modules and direct access to the web server outside of the Moodle webroot could execute a local file include. | |||||
| CVE-2024-33999 | 1 Moodle | 1 Moodle | 2026-06-17 | N/A | 9.8 CRITICAL |
| The referrer URL used by MFA required additional sanitizing, rather than being used directly. | |||||
| CVE-2024-33996 | 1 Moodle | 1 Moodle | 2026-06-17 | N/A | 6.2 MEDIUM |
| Incorrect validation of allowed event types in a calendar web service made it possible for some users to create events with types/audiences they did not have permission to publish to. | |||||
| CVE-2024-33880 | 2 Microsoft, Virtosoftware | 2 Sharepoint Server, Sharepoint Bulk File Download | 2026-06-17 | N/A | 5.3 MEDIUM |
| An issue was discovered in VirtoSoftware Virto Bulk File Download 5.5.44 for SharePoint 2019. It discloses full pathnames via Virto.SharePoint.FileDownloader/Api/Download.ashx?action=archive. | |||||
| CVE-2024-33850 | 1 Pexip | 1 Pexip Infinity | 2026-06-17 | N/A | 4.3 MEDIUM |
| Pexip Infinity before 34.1 has Improper Access Control for persons in a waiting room. They can see the conference roster list, and perform certain actions that should not be allowed before they are admitted to the meeting. | |||||
| CVE-2024-33847 | 1 Linux | 1 Linux Kernel | 2026-06-17 | N/A | 5.5 MEDIUM |
| In the Linux kernel, the following vulnerability has been resolved: f2fs: compress: don't allow unaligned truncation on released compress inode f2fs image may be corrupted after below testcase: - mkfs.f2fs -O extra_attr,compression -f /dev/vdb - mount /dev/vdb /mnt/f2fs - touch /mnt/f2fs/file - f2fs_io setflags compression /mnt/f2fs/file - dd if=/dev/zero of=/mnt/f2fs/file bs=4k count=4 - f2fs_io release_cblocks /mnt/f2fs/file - truncate -s 8192 /mnt/f2fs/file - umount /mnt/f2fs - fsck.f2fs /dev/vdb [ASSERT] (fsck_chk_inode_blk:1256) --> ino: 0x5 has i_blocks: 0x00000002, but has 0x3 blocks [FSCK] valid_block_count matching with CP [Fail] [0x4, 0x5] [FSCK] other corrupted bugs [Fail] The reason is: partial truncation assume compressed inode has reserved blocks, after partial truncation, valid block count may change w/o .i_blocks and .total_valid_block_count update, result in corruption. This patch only allow cluster size aligned truncation on released compress inode for fixing. | |||||
| CVE-2024-33844 | 1 Parrot | 1 Anafi Firmware | 2026-06-17 | N/A | 7.5 HIGH |
| The 'control' in Parrot ANAFI USA firmware 1.10.4 does not check the MAV_MISSION_TYPE(0, 1, 2, 255), which allows attacker to cut off the connection between a controller and the drone by sending MAVLink MISSION_COUNT command with a wrong MAV_MISSION_TYPE. | |||||
| CVE-2024-33775 | 1 Nagios | 1 Nagios Xi | 2026-06-17 | N/A | 9.8 CRITICAL |
| An issue with the Autodiscover component in Nagios XI 2024R1.01 allows a remote attacker to escalate privileges via a crafted Dashlet. | |||||
| CVE-2024-33700 | 1 Level1 | 2 Wbr-6012, Wbr-6012 Firmware | 2026-06-17 | N/A | 7.5 HIGH |
| The LevelOne WBR-6012 router firmware R0.40e6 suffers from an input validation vulnerability within its FTP functionality, enabling attackers to cause a denial of service through a series of malformed FTP commands. This can lead to device reboots and service disruption. | |||||
| CVE-2024-33626 | 1 Level1 | 2 Wbr-6012, Wbr-6012 Firmware | 2026-06-17 | N/A | 5.3 MEDIUM |
| The LevelOne WBR-6012 router contains a vulnerability within its web application that allows unauthenticated disclosure of sensitive information, such as the WiFi WPS PIN, through a hidden page accessible by an HTTP request. Disclosure of this information could enable attackers to connect to the device's WiFi network. | |||||