Total
35703 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-28154 | 1 Jenkins | 1 Mq Notifier | 2026-06-17 | N/A | 6.5 MEDIUM |
| Jenkins MQ Notifier Plugin 1.4.0 and earlier logs potentially sensitive build parameters as part of debug information in build logs by default. | |||||
| CVE-2024-28120 | 1 Codeium | 1 Codeium | 2026-06-17 | N/A | 6.5 MEDIUM |
| codeium-chrome is an open source code completion plugin for the chrome web browser. The service worker of the codeium-chrome extension doesn't check the sender when receiving an external message. This allows an attacker to host a website that will steal the user's Codeium api-key, and thus impersonate the user on the backend autocomplete server. This issue has not been addressed. Users are advised to monitor the usage of their API key. | |||||
| CVE-2024-28103 | 1 Rubyonrails | 1 Rails | 2026-06-17 | N/A | 5.4 MEDIUM |
| Action Pack is a framework for handling and responding to web requests. Since 6.1.0, the application configurable Permissions-Policy is only served on responses with an HTML related Content-Type. This vulnerability is fixed in 6.1.7.8, 7.0.8.2, and 7.1.3.3. | |||||
| CVE-2024-28077 | 1 Gl-inet | 36 A1300, A1300 Firmware, Ar300m and 33 more | 2026-06-17 | N/A | 7.5 HIGH |
| A denial-of-service issue was discovered on certain GL-iNet devices. Some websites can detect devices exposed to the external network through DDNS, and consequently obtain the IP addresses and ports of devices that are exposed. By using special usernames and special characters (such as half parentheses or square brackets), one can call the login interface and cause the session-management program to crash, resulting in customers being unable to log into their devices. This affects MT6000 4.5.6, XE3000 4.4.5, X3000 4.4.6, MT3000 4.5.0, MT2500 4.5.0, AXT1800 4.5.0, AX1800 4.5.0, A1300 4.5.0, S200 4.1.4-0300, X750 4.3.7, SFT1200 4.3.7, MT1300 4.3.10, AR750 4.3.10, AR750S 4.3.10, AR300M 4.3.10, AR300M16 4.3.10, B1300 4.3.10, MT300N-V2 4.3.10, and XE300 4.3.16. | |||||
| CVE-2024-28072 | 1 Solarwinds | 1 Serv-u | 2026-06-17 | N/A | 5.7 MEDIUM |
| A highly privileged account can overwrite arbitrary files on the system with log output. The log file path tags were not sanitized properly. | |||||
| CVE-2024-28067 | 1 Samsung | 2 Exynos Modem 5300, Exynos Modem 5300 Firmware | 2026-06-17 | N/A | 5.3 MEDIUM |
| A vulnerability in Samsung Exynos Modem 5300 allows a Man-in-the-Middle (MITM) attacker to downgrade the security mode of packets going to the victim, enabling the attacker to send messages to the victim in plaintext. | |||||
| CVE-2024-28050 | 1 Intel | 2 Arc A Graphics, Iris Xe Graphics | 2026-06-17 | N/A | 5.0 MEDIUM |
| Improper access control in some Intel(R) Arc(TM) & Iris(R) Xe Graphics software before version 31.0.101.4824 may allow an authenticated user to potentially enable denial of service via local access. | |||||
| CVE-2024-28020 | 1 Hitachienergy | 2 Foxman-un, Unem | 2026-06-17 | N/A | 8.0 HIGH |
| A user/password reuse vulnerability exists in the FOXMAN-UN/UNEM application and server management. If exploited a malicious high-privileged user could use the passwords and login information through complex routines to extend access on the server and other services. | |||||
| CVE-2024-27947 | 1 Siemens | 1 Ruggedcom Crossbow | 2026-06-17 | N/A | 5.3 MEDIUM |
| A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.5). The affected systems could allow log messages to be forwarded to a specific client under certain circumstances. An attacker could leverage this vulnerability to forward log messages to a specific compromised client. | |||||
| CVE-2024-27937 | 1 Glpi-project | 1 Glpi | 2026-06-17 | N/A | 6.5 MEDIUM |
| GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. An authenticated user can obtain the email address of all GLPI users. This issue has been patched in version 10.0.13. | |||||
| CVE-2024-27932 | 1 Deno | 1 Deno | 2026-06-17 | N/A | 4.6 MEDIUM |
| Deno is a JavaScript, TypeScript, and WebAssembly runtime. Starting in version 1.8.0 and prior to version 1.40.4, Deno improperly checks that an import specifier's hostname is equal to or a child of a token's hostname, which can cause tokens to be sent to servers they shouldn't be sent to. An auth token intended for `example[.]com` may be sent to `notexample[.]com`. Anyone who uses DENO_AUTH_TOKENS and imports potentially untrusted code is affected. Version 1.40.0 contains a patch for this issue | |||||
| CVE-2024-27931 | 1 Deno | 1 Deno | 2026-06-17 | N/A | 5.8 MEDIUM |
| Deno is a JavaScript, TypeScript, and WebAssembly runtime with secure defaults. Insufficient validation of parameters in `Deno.makeTemp*` APIs would allow for creation of files outside of the allowed directories. This may allow the user to overwrite important files on the system that may affect other systems. A user may provide a prefix or suffix to a `Deno.makeTemp*` API containing path traversal characters. This is fixed in Deno 1.41.1. | |||||
| CVE-2024-27930 | 1 Glpi-project | 1 Glpi | 2026-06-17 | N/A | 6.5 MEDIUM |
| GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. An authenticated user can access sensitive fields data from items on which he has read access. This issue has been patched in version 10.0.13. | |||||
| CVE-2024-27913 | 1 Frrouting | 1 Frrouting | 2026-06-17 | N/A | 6.5 MEDIUM |
| ospf_te_parse_te in ospfd/ospf_te.c in FRRouting (FRR) through 9.1 allows remote attackers to cause a denial of service (ospfd daemon crash) via a malformed OSPF LSA packet, because of an attempted access to a missing attribute field. | |||||
| CVE-2024-27897 | 1 Huawei | 2 Emui, Harmonyos | 2026-06-17 | N/A | 7.5 HIGH |
| Input verification vulnerability in the call module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | |||||
| CVE-2024-27896 | 1 Huawei | 2 Emui, Harmonyos | 2026-06-17 | N/A | 7.5 HIGH |
| Input verification vulnerability in the log module. Impact: Successful exploitation of this vulnerability can affect integrity. | |||||
| CVE-2024-27895 | 1 Huawei | 1 Harmonyos | 2026-06-17 | N/A | 7.5 HIGH |
| Vulnerability of permission control in the window module. Successful exploitation of this vulnerability may affect confidentiality. | |||||
| CVE-2024-27886 | 1 Apple | 1 Macos | 2026-06-17 | N/A | 5.5 MEDIUM |
| A logic issue was addressed with improved restrictions. This issue is fixed in macOS Sonoma 14.4, macOS Ventura 13.7. An unprivileged app may be able to log keystrokes in other apps including those using secure input mode. | |||||
| CVE-2024-27884 | 1 Apple | 6 Ipados, Iphone Os, Macos and 3 more | 2026-06-17 | N/A | 5.5 MEDIUM |
| This issue was addressed with a new entitlement. This issue is fixed in iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5, tvOS 17.5, visionOS 1.2, watchOS 10.5. An app may be able to access user-sensitive data. | |||||
| CVE-2024-27883 | 1 Apple | 1 Macos | 2026-06-17 | N/A | 4.4 MEDIUM |
| A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Monterey 12.7.6, macOS Sonoma 14.6, macOS Ventura 13.6.8. An app may be able to modify protected parts of the file system. | |||||