Total
35704 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-32498 | 1 Openstack | 3 Cinder, Glance, Nova | 2026-06-17 | N/A | 6.5 MEDIUM |
| An issue was discovered in OpenStack Cinder through 24.0.0, Glance before 28.0.2, and Nova before 29.0.3. Arbitrary file access can occur via custom QCOW2 external data. By supplying a crafted QCOW2 image that references a specific data file path, an authenticated user may convince systems to return a copy of that file's contents from the server, resulting in unauthorized access to potentially sensitive data. All Cinder and Nova deployments are affected; only Glance deployments with image conversion enabled are affected. | |||||
| CVE-2024-32485 | 1 Intel | 1 Virtual Raid On Cpu | 2026-06-17 | N/A | 3.9 LOW |
| Improper Input Validation in some Intel(R) VROC software before version 8.6.0.2003 may allow an authenticated user to potentially enable denial of service via local access. | |||||
| CVE-2024-32476 | 1 Argoproj | 1 Argo Cd | 2026-06-17 | N/A | 6.5 MEDIUM |
| Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. There is a Denial of Service (DoS) vulnerability via OOM using jq in ignoreDifferences. This vulnerability has been patched in version(s) 2.10.7, 2.9.12 and 2.8.16. | |||||
| CVE-2024-32467 | 1 Metersphere | 1 Metersphere | 2026-06-17 | N/A | 5.7 MEDIUM |
| MeterSphere is an open source continuous testing platform. Prior to version 2.10.14-lts, members without space permissions can view member information from other workspaces beyond their authority. Version 2.10.14-lts fixes this issue. | |||||
| CVE-2024-32167 | 1 Oretnom23 | 1 Online Medicine Ordering System | 2026-06-17 | N/A | 9.1 CRITICAL |
| Sourcecodester Online Medicine Ordering System 1.0 is vulnerable to Arbitrary file deletion vulnerability as the backend settings have the function of deleting pictures to delete any files. | |||||
| CVE-2024-32131 | 1 W3eden | 1 Download Manager | 2026-06-17 | N/A | 5.3 MEDIUM |
| Exposure of Sensitive Information to an Unauthorized Actor vulnerability in W3 Eden Inc. Download Manager allows Functionality Bypass.This issue affects Download Manager: from n/a through 3.2.82. | |||||
| CVE-2024-32100 | 1 Sandhillsdev | 1 Easy Digital Downloads | 2026-06-17 | N/A | 5.3 MEDIUM |
| Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Easy Digital Downloads.This issue affects Easy Digital Downloads: from n/a through 3.2.11. | |||||
| CVE-2024-32049 | 1 F5 | 1 Big-ip Next Central Manager | 2026-06-17 | N/A | 7.4 HIGH |
| BIG-IP Next Central Manager (CM) may allow an unauthenticated, remote attacker to obtain the BIG-IP Next LTM/WAF instance credentials. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | |||||
| CVE-2024-32037 | 1 Osgeo | 1 Geonetwork | 2026-06-17 | N/A | N/A |
| GeoNetwork is a catalog application to manage spatially referenced resources. In versions prior to 4.2.10 and 4.4.5, the search end-point response headers contain information about Elasticsearch software in use. This information is valuable from a security point of view because it allows software used by the server to be easily identified. GeoNetwork 4.4.5 and 4.2.10 fix this issue. No known workarounds are available. | |||||
| CVE-2024-32007 | 1 Apache | 1 Cxf | 2026-06-17 | N/A | 7.5 HIGH |
| An improper input validation of the p2c parameter in the Apache CXF JOSE code before 4.0.5, 3.6.4 and 3.5.9 allows an attacker to perform a denial of service attack by specifying a large value for this parameter in a token. | |||||
| CVE-2024-31991 | 1 Mealie | 1 Mealie | 2026-06-17 | N/A | 4.1 MEDIUM |
| Mealie is a self hosted recipe manager and meal planner. Prior to 1.4.0, the safe_scrape_html function utilizes a user-controlled URL to issue a request to a remote server. Based on the content of the response, it will either parse the content or disregard it. This function, nor those that call it, add any restrictions on the URL that can be provided, nor is it restricted to being an FQDN (i.e., an IP address can be provided). As this function’s return will be handled differently by its caller depending on the response, it is possible for an attacker to use this functionality to positively identify HTTP(s) servers on the local network with any IP/port combination. This issue can result in any authenticated user being able to map HTTP servers on a local network that the Mealie service has access to. Note that by default any user can create an account on a Mealie server, and that the default changeme@example.com user is available with its hard-coded password. This vulnerability is fixed in 1.4.0. | |||||
| CVE-2024-31970 | 1 Adtran | 2 834-5, Sdg Smartos | 2026-06-17 | N/A | 8.8 HIGH |
| AdTran SRG 834-5 HDC17600021F1 devices (with SmartOS 11.1.1.1 and fixed in Version 12.1.3.1) have SSH enabled by default, accessible both over the LAN and the Internet. During a window of time when the device is being set up, it uses a default username and password combination of admin/admin with root-level privileges. An attacker can exploit this window to gain unauthorized root access by either modifying the existing admin account or creating a new account with equivalent privileges. This vulnerability allows attackers to execute arbitrary commands. NOTE: The vendor has disputed this, finding the report not applicable. According to AdTran, SSH has never been accessible (from WAN) on SmartOS official builds. Furthermore, the vendor adds that test build 11.1.0.101-202106231430 was never released to end users. | |||||
| CVE-2024-31912 | 1 Ibm | 1 Mq | 2026-06-17 | N/A | 7.5 HIGH |
| IBM MQ 9.3 LTS and 9.3 CD could allow an authenticated user to escalate their privileges under certain configurations due to incorrect privilege assignment. IBM X-Force ID: 289894. | |||||
| CVE-2024-31883 | 1 Ibm | 1 Security Verify Access | 2026-06-17 | N/A | 5.3 MEDIUM |
| IBM Security Verify Access 10.0.0.0 through 10.0.7.1, under certain configurations, could allow an unauthenticated attacker to cause a denial of service due to asymmetric resource consumption. IBM X-Force ID: 287615. | |||||
| CVE-2024-31869 | 1 Apache | 1 Airflow | 2026-06-17 | N/A | 4.3 MEDIUM |
| Airflow versions 2.7.0 through 2.8.4 have a vulnerability that allows an authenticated user to see sensitive provider configuration via the "configuration" UI page when "non-sensitive-only" was set as "webserver.expose_config" configuration (The celery provider is the only community provider currently that has sensitive configurations). You should migrate to Airflow 2.9 or change your "expose_config" configuration to False as a workaround. This is similar, but different to CVE-2023-46288 https://github.com/advisories/GHSA-9qqg-mh7c-chfq which concerned API, not UI configuration page. | |||||
| CVE-2024-31867 | 1 Apache | 1 Zeppelin | 2026-06-17 | N/A | 6.5 MEDIUM |
| Improper Input Validation vulnerability in Apache Zeppelin. The attackers can execute malicious queries by setting improper configuration properties to LDAP search filter. This issue affects Apache Zeppelin: from 0.8.2 before 0.11.1. Users are recommended to upgrade to version 0.11.1, which fixes the issue. | |||||
| CVE-2024-31865 | 1 Apache | 1 Zeppelin | 2026-06-17 | N/A | 6.5 MEDIUM |
| Improper Input Validation vulnerability in Apache Zeppelin. The attackers can call updating cron API with invalid or improper privileges so that the notebook can run with the privileges. This issue affects Apache Zeppelin: from 0.8.2 before 0.11.1. Users are recommended to upgrade to version 0.11.1, which fixes the issue. | |||||
| CVE-2024-31862 | 1 Apache | 1 Zeppelin | 2026-06-17 | N/A | 5.3 MEDIUM |
| Improper Input Validation vulnerability in Apache Zeppelin when creating a new note from Zeppelin's UI.This issue affects Apache Zeppelin: from 0.10.1 before 0.11.0. Users are recommended to upgrade to version 0.11.0, which fixes the issue. | |||||
| CVE-2024-31842 | 1 Italtel | 1 Embrace | 2026-06-17 | N/A | 8.8 HIGH |
| An issue was discovered in Italtel Embrace 1.6.4. The web application inserts the access token of an authenticated user inside GET requests. The query string for the URL could be saved in the browser's history, passed through Referers to other web sites, stored in web logs, or otherwise recorded in other sources. If the query string contains sensitive information such as session identifiers, then attackers can use this information to launch further attacks. Because the access token in sent in GET requests, this vulnerability could lead to complete account takeover. | |||||
| CVE-2024-31759 | 1 Publiccms | 1 Publiccms | 2026-06-17 | N/A | 8.8 HIGH |
| An issue in sanluan PublicCMS v.4.0.202302.e allows an attacker to escalate privileges via the change password function. | |||||