Total
35703 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-2950 | 1 Boldgrid | 1 Easy Seo | 2026-06-17 | N/A | 5.3 MEDIUM |
| The BoldGrid Easy SEO – Simple and Effective SEO plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.6.14 via meta information (og:description) This makes it possible for unauthenticated attackers to view the first 130 characters of a password protected post which can contain sensitive information. | |||||
| CVE-2024-2918 | 1 Devolutions | 1 Devolutions Server | 2026-06-17 | N/A | 3.6 LOW |
| Improper input validation in PAM JIT elevation feature in Devolutions Server 2024.1.6 and earlier allows an attacker with access to the PAM JIT elevation feature to forge the displayed group in the PAM JIT elevation checkout request via a specially crafted request. | |||||
| CVE-2024-2880 | 1 Gitlab | 1 Gitlab | 2026-06-17 | N/A | 2.7 LOW |
| An issue was discovered in GitLab CE/EE affecting all versions starting from 16.5 prior to 16.11.6, starting from 17.0 prior to 17.0.4, and starting from 17.1 prior to 17.1.2 in which a user with `admin_group_member` custom role permission could ban group members. | |||||
| CVE-2024-2878 | 1 Gitlab | 1 Gitlab | 2026-06-17 | N/A | 7.5 HIGH |
| An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.7 prior to 16.9.7, starting from 16.10 prior to 16.10.5, and starting from 16.11 prior to 16.11.2. It was possible for an attacker to cause a denial of service by crafting unusual search terms for branch names. | |||||
| CVE-2024-2757 | 1 Php | 1 Php | 2026-06-17 | N/A | 7.5 HIGH |
| In PHP 8.3.* before 8.3.5, function mb_encode_mimeheader() runs endlessly for some inputs that contain long strings of non-space characters followed by a space. This could lead to a potential DoS attack if a hostile user sends data to an application that uses this function. | |||||
| CVE-2024-2631 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2026-06-17 | N/A | 4.3 MEDIUM |
| Inappropriate implementation in iOS in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) | |||||
| CVE-2024-2630 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2026-06-17 | N/A | 6.5 MEDIUM |
| Inappropriate implementation in iOS in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium) | |||||
| CVE-2024-2629 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2026-06-17 | N/A | 4.3 MEDIUM |
| Incorrect security UI in iOS in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) | |||||
| CVE-2024-2628 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2026-06-17 | N/A | 4.3 MEDIUM |
| Inappropriate implementation in Downloads in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to perform UI spoofing via a crafted URL. (Chromium security severity: Medium) | |||||
| CVE-2024-2625 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2026-06-17 | N/A | 8.8 HIGH |
| Object lifecycle issue in V8 in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2024-2605 | 1 Mozilla | 2 Firefox, Thunderbird | 2026-06-17 | N/A | 5.9 MEDIUM |
| An attacker could have leveraged the Windows Error Reporter to run arbitrary code on the system escaping the sandbox. *Note:* This issue only affected Windows operating systems. Other operating systems are unaffected. This vulnerability affects Firefox < 124, Firefox ESR < 115.9, and Thunderbird < 115.9. | |||||
| CVE-2024-2541 | 1 Sygnoos | 1 Popup Builder | 2026-06-17 | N/A | 5.3 MEDIUM |
| The Popup Builder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.3.6 via the Subscribers Import feature. This makes it possible for unauthenticated attackers to extract sensitive data after an administrator has imported subscribers via a CSV file. This data may include the first name, last name, e-mail address, and potentially other personally identifiable information of subscribers. | |||||
| CVE-2024-2505 | 1 Gamipress | 1 Gamipress | 2026-06-17 | N/A | 8.1 HIGH |
| The GamiPress WordPress plugin before 6.8.9's access control mechanism fails to properly restrict access to its settings, permitting Authors to manipulate requests and extend access to lower privileged users, like Subscribers, despite initial settings prohibiting such access. This vulnerability resembles broken access control, enabling unauthorized users to modify critical GamiPress WordPress plugin before 6.8.9 configurations. | |||||
| CVE-2024-2473 | 1 Wpserveur | 1 Wps Hide Login | 2026-06-17 | N/A | 5.3 MEDIUM |
| The WPS Hide Login plugin for WordPress is vulnerable to Login Page Disclosure in all versions up to, and including, 1.9.15.2. This is due to a bypass that is created when the 'action=postpass' parameter is supplied. This makes it possible for attackers to easily discover any login page that may have been hidden by the plugin. | |||||
| CVE-2024-2469 | 1 Github | 1 Enterprise Server | 2026-06-17 | N/A | 8.0 HIGH |
| An attacker with an Administrator role in GitHub Enterprise Server could gain SSH root access via remote code execution. This vulnerability affected GitHub Enterprise Server version 3.8.0 and above and was fixed in version 3.8.17, 3.9.12, 3.10.9, 3.11.7 and 3.12.1. This vulnerability was reported via the GitHub Bug Bounty program. | |||||
| CVE-2024-2443 | 1 Github | 1 Enterprise Server | 2026-06-17 | N/A | 9.1 CRITICAL |
| A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance when configuring GeoJSON settings. Exploitation of this vulnerability required access to the GitHub Enterprise Server instance and access to the Management Console with the editor role. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.13 and was fixed in versions 3.8.17, 3.9.12, 3.10.9, 3.11.7, and 3.12.1. This vulnerability was reported via the GitHub Bug Bounty program. | |||||
| CVE-2024-2432 | 1 Paloaltonetworks | 1 Globalprotect | 2026-06-17 | N/A | 4.5 MEDIUM |
| A privilege escalation (PE) vulnerability in the Palo Alto Networks GlobalProtect app on Windows devices enables a local user to execute programs with elevated privileges. However, execution requires that the local user is able to successfully exploit a race condition. | |||||
| CVE-2024-2431 | 1 Paloaltonetworks | 1 Globalprotect | 2026-06-17 | N/A | 5.5 MEDIUM |
| An issue in the Palo Alto Networks GlobalProtect app enables a non-privileged user to disable the GlobalProtect app in configurations that allow a user to disable GlobalProtect with a passcode. | |||||
| CVE-2024-2427 | 1 Rockwellautomation | 2 Powerflex 527 Ac Drives, Powerflex 527 Ac Drives Firmware | 2026-06-17 | N/A | 7.5 HIGH |
| A denial-of-service vulnerability exists in the Rockwell Automation PowerFlex® 527 due to improper traffic throttling in the device. If multiple data packets are sent to the device repeatedly the device will crash and require a manual restart to recover. | |||||
| CVE-2024-2426 | 1 Rockwellautomation | 2 Powerflex 527 Ac Drives, Powerflex 527 Ac Drives Firmware | 2026-06-17 | N/A | 7.5 HIGH |
| A denial-of-service vulnerability exists in the Rockwell Automation PowerFlex® 527 due to improper input validation in the device. If exploited, a disruption in the CIP communication will occur and a manual restart will be required by the user to recover it. | |||||