Total
29681 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-32544 | 1 Intel | 1 Nuc P14e Laptop Element | 2025-06-17 | 7.3 High |
| Improper access control in some Intel HotKey Services for Windows 10 for Intel NUC P14E Laptop Element software installers before version 1.1.45 may allow an authenticated user to potentially enable denial of service via local access. | ||||
| CVE-2023-42134 | 1 Paxtechnology | 3 A50, A920 Pro, Paydroid | 2025-06-17 | 6.8 Medium |
| PAX Android based POS devices with PayDroid_8.1.0_Sagittarius_V11.1.45_20230314 or earlier can allow the signed partition overwrite and subsequently local code execution via hidden command. The attacker must have physical USB access to the device in order to exploit this vulnerability. | ||||
| CVE-2024-21612 | 1 Juniper | 1 Junos Os Evolved | 2025-06-17 | 7.5 High |
| An Improper Handling of Syntactically Invalid Structure vulnerability in Object Flooding Protocol (OFP) service of Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). On all Junos OS Evolved platforms, when specific TCP packets are received on an open OFP port, the OFP crashes leading to a restart of Routine Engine (RE). Continuous receipt of these specific TCP packets will lead to a sustained Denial of Service (DoS) condition. This issue affects: Juniper Networks Junos OS Evolved * All versions earlier than 21.2R3-S7-EVO; * 21.3 versions earlier than 21.3R3-S5-EVO ; * 21.4 versions earlier than 21.4R3-S5-EVO; * 22.1 versions earlier than 22.1R3-S4-EVO; * 22.2 versions earlier than 22.2R3-S3-EVO ; * 22.3 versions earlier than 22.3R3-EVO; * 22.4 versions earlier than 22.4R2-EVO, 22.4R3-EVO. | ||||
| CVE-2024-21607 | 1 Juniper | 23 Ex9200, Ex9204, Ex9208 and 20 more | 2025-06-17 | 5.3 Medium |
| An Unsupported Feature in the UI vulnerability in Juniper Networks Junos OS on MX Series and EX9200 Series allows an unauthenticated, network-based attacker to cause partial impact to the integrity of the device. If the "tcp-reset" option is added to the "reject" action in an IPv6 filter which matches on "payload-protocol", packets are permitted instead of rejected. This happens because the payload-protocol match criteria is not supported in the kernel filter causing it to accept all packets without taking any other action. As a fix the payload-protocol match will be treated the same as a "next-header" match to avoid this filter bypass. This issue doesn't affect IPv4 firewall filters. This issue affects Juniper Networks Junos OS on MX Series and EX9200 Series: * All versions earlier than 20.4R3-S7; * 21.1 versions earlier than 21.1R3-S5; * 21.2 versions earlier than 21.2R3-S5; * 21.3 versions earlier than 21.3R3-S4; * 21.4 versions earlier than 21.4R3-S4; * 22.1 versions earlier than 22.1R3-S2; * 22.2 versions earlier than 22.2R3-S2; * 22.3 versions earlier than 22.3R2-S2, 22.3R3; * 22.4 versions earlier than 22.4R1-S2, 22.4R2-S2, 22.4R3. | ||||
| CVE-2024-21600 | 1 Juniper | 1 Junos | 2025-06-17 | 6.5 Medium |
| An Improper Neutralization of Equivalent Special Elements vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on PTX Series allows a unauthenticated, adjacent attacker to cause a Denial of Service (DoS). When MPLS packets are meant to be sent to a flexible tunnel interface (FTI) and if the FTI tunnel is down, these will hit the reject NH, due to which the packets get sent to the CPU and cause a host path wedge condition. This will cause the FPC to hang and requires a manual restart to recover. Please note that this issue specifically affects PTX1000, PTX3000, PTX5000 with FPC3, PTX10002-60C, and PTX10008/16 with LC110x. Other PTX Series devices and Line Cards (LC) are not affected. The following log message can be seen when the issue occurs: Cmerror Op Set: Host Loopback: HOST LOOPBACK WEDGE DETECTED IN PATH ID <id> (URI: /fpc/<fpc>/pfe/<pfe>/cm/<cm>/Host_Loopback/<cm>/HOST_LOOPBACK_MAKE_CMERROR_ID[<id>]) This issue affects Juniper Networks Junos OS: * All versions earlier than 20.4R3-S8; * 21.1 versions earlier than 21.1R3-S4; * 21.2 versions earlier than 21.2R3-S6; * 21.3 versions earlier than 21.3R3-S3; * 21.4 versions earlier than 21.4R3-S5; * 22.1 versions earlier than 22.1R2-S2, 22.1R3; * 22.2 versions earlier than 22.2R2-S1, 22.2R3. | ||||
| CVE-2024-21589 | 1 Juniper | 1 Paragon Active Assurance Control Center | 2025-06-17 | 7.4 High |
| An Improper Access Control vulnerability in the Juniper Networks Paragon Active Assurance Control Center allows an unauthenticated network-based attacker to access reports without authenticating, potentially containing sensitive configuration information. A feature was introduced in version 3.1.0 of the Paragon Active Assurance Control Center which allows users to selectively share account data. By exploiting this vulnerability, it is possible to access reports without being logged in, resulting in the opportunity for malicious exfiltration of user data. Note that the Paragon Active Assurance Control Center SaaS offering is not affected by this issue. This issue affects Juniper Networks Paragon Active Assurance versions 3.1.0, 3.2.0, 3.2.2, 3.3.0, 3.3.1, 3.4.0. This issue does not affect Juniper Networks Paragon Active Assurance versions earlier than 3.1.0. | ||||
| CVE-2023-48297 | 1 Discourse | 1 Discourse | 2025-06-17 | 8.6 High |
| Discourse is a platform for community discussion. The message serializer uses the full list of expanded chat mentions (@all and @here) which can lead to a very long array of users. This issue was patched in versions 3.1.4 and beta 3.2.0.beta5. | ||||
| CVE-2024-21665 | 1 Pimcore | 1 E-commerce Framework | 2025-06-17 | 4.3 Medium |
| ecommerce-framework-bundle is the Pimcore Ecommerce Framework Bundle. An authenticated and unauthorized user can access the back-office orders list and be able to query over the information returned. Access control and permissions are not being enforced. This vulnerability has been patched in version 1.0.10. | ||||
| CVE-2023-48252 | 1 Bosch | 21 Nexo-os, Nexo Cordless Nutrunner Nxa011s-36v-b \(0608842012\), Nexo Cordless Nutrunner Nxa011s-36v \(0608842011\) and 18 more | 2025-06-17 | 8.8 High |
| The vulnerability allows an authenticated remote attacker to perform actions exceeding their authorized access via crafted HTTP requests. | ||||
| CVE-2023-49722 | 1 Bosch | 6 Bcc101, Bcc101 Firmware, Bcc102 and 3 more | 2025-06-17 | 8.3 High |
| Network port 8899 open in WiFi firmware of BCC101/BCC102/BCC50 products, that allows an attacker to connect to the device via same WiFi network. | ||||
| CVE-2024-20809 | 1 Samsung | 1 Nearby Device Scanning | 2025-06-17 | 4 Medium |
| Improper access control vulnerability in Nearby device scanning prior version 11.1.14.7 allows local attacker to access data. | ||||
| CVE-2024-20808 | 1 Samsung | 1 Nearby Device Scanning | 2025-06-17 | 4 Medium |
| Improper access control vulnerability in Nearby device scanning prior version 11.1.14.7 allows local attacker to access data. | ||||
| CVE-2024-20806 | 1 Samsung | 1 Android | 2025-06-17 | 6.2 Medium |
| Improper access control in Notification service prior to SMR Jan-2024 Release 1 allows local attacker to access notification data. | ||||
| CVE-2023-47858 | 1 Mattermost | 1 Mattermost Server | 2025-06-17 | 4.3 Medium |
| Mattermost fails to properly verify the permissions needed for viewing archived public channels, allowing a member of one team to get details about the archived public channels of another team via the GET /api/v4/teams/<team-id>/channels/deleted endpoint. | ||||
| CVE-2024-28000 | 1 Litespeedtech | 1 Litespeed Cache | 2025-06-17 | 9.8 Critical |
| Incorrect Privilege Assignment vulnerability in LiteSpeed Technologies LiteSpeed Cache litespeed-cache allows Privilege Escalation.This issue affects LiteSpeed Cache: from 1.9 through 6.3.0.1. | ||||
| CVE-2023-28197 | 1 Apple | 1 Macos | 2025-06-17 | 3.3 Low |
| An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Ventura 13.3, macOS Big Sur 11.7.5, macOS Monterey 12.6.4. An app may be able to access user-sensitive data. | ||||
| CVE-2021-46903 | 1 Meinbergglobal | 1 Lantime Firmware | 2025-06-17 | 6.5 Medium |
| An issue was discovered in LTOS-Web-Interface in Meinberg LANTIME-Firmware before 6.24.029 MBGID-9343 and 7 before 7.04.008 MBGID-6303. An admin can delete required user accounts (in violation of expected access control). | ||||
| CVE-2023-47202 | 1 Trendmicro | 1 Apex One | 2025-06-17 | 7.8 High |
| A local file inclusion vulnerability on the Trend Micro Apex One management server could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | ||||
| CVE-2024-23055 | 1 Plone | 1 Plone Docker Official Image | 2025-06-17 | 6.1 Medium |
| An issue in Plone Docker Official Image 5.2.13 (5221) open-source software allows for remote code execution via improper validation of input by the HOST headers. | ||||
| CVE-2023-3655 | 1 Cashit | 1 Cashit\! | 2025-06-17 | 7.5 High |
| cashIT! - serving solutions. Devices from "PoS/ Dienstleistung, Entwicklung & Vertrieb GmbH" to 03.A06rks 2023.02.37 are affected by a dangerous methods, that allows to leak the database (system settings, user accounts,...). This vulnerability can be triggered by an HTTP endpoint exposed to the network. | ||||