Total
35474 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-22424 | 1 Google | 1 Android | 2026-06-03 | 7.8 High |
| In multiple locations, there is a possible way to reveal images across users due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. | ||||
| CVE-2026-45286 | 1 Nextcloud | 1 Calendar | 2026-06-03 | 4.3 Medium |
| Nextcloud is an open source content collaboration platform. From versions 5.5.13 to before 5.5.17, and 6.2.0 to before 6.2.3, an authenticated user can enumerate users on the same Nextcloud instance by using the Calendar app's endpoint for suggesting attendees. The sharing restrictions, applied to other endpoints, were not effective here. This issue has been patched in versions 5.5.17 and 6.2.3. | ||||
| CVE-2026-45284 | 1 Nextcloud | 1 User Oidc | 2026-06-03 | 4.6 Medium |
| Nextcloud is an open source content collaboration platform. From version 1.3.6 to before version 8.4.0, an improper check allowed users that where provided by LDAP to still authenticate towards user OIDC after they where deleted. This issue has been patched in version 8.4.0. | ||||
| CVE-2026-30963 | 1 Projectcapsule | 1 Capsule | 2026-06-03 | 3.9 Low |
| Capsule is a multi-tenancy and policy-based framework for Kubernetes. To defend against namespace hijacking achieved through update/patch operations on namespaces, Capsule uses a webhook to validate update requests targeting namespaces. However, in Kubernetes, the namespace/finalize and namespace/status subresource APIs can also modify various fields of a namespace, including the metadata field. Prior to version 0.13.0, the webhook does not define interception rules for these subresources. As a result, if a tenant administrator has permission to modify namespace/status or namespace/finalize, they can successfully perform namespace hijacking. Version 0.13.0 fixes the issue. Another mitigation is to add two subresources (namespaces and snamespaces/status with namespace/finalize within it) to the resources list in the ValidatingWebhookConfiguration rules. | ||||
| CVE-2026-45277 | 1 Nextcloud | 1 Approval | 2026-06-03 | 3.3 Low |
| Nextcloud is an open source content collaboration platform. Prior to version 2.7.2, authenticated users can check if arbitrary files are associated with specific approval workflows where they can request approval. This issue has been patched in version 2.7.2. | ||||
| CVE-2026-45282 | 1 Nextcloud | 2 Nextcloud Server, Text | 2026-06-03 | 6.5 Medium |
| Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 32.0.0 to before 32.0.9, and 33.0.0 to before 33.0.3, an authenticated attacker can access attachments of link shares when knowing the share token, circumventing password protection or download restrictions. It is applicable to any file that is shared directly, as the attacker only needs to know a documentId they own, apart of the mentioned share token. For shared folders the attacker has to know or guess a documentId of a file that is included inside the folder, making it much harder to exploit. The attacker can only extract an attachments, but not the file shared file or folder itself. It is recommended that the Nextcloud Server is upgraded to 33.0.3 or 32.0.9. It is recommended that the Nextcloud Enterprise Server is upgraded to 33.0.3, 32.0.9, 31.0.14.5, 30.0.17.9, 29.0.16.16, 28.0.14.17 or 27.1.11.5 | ||||
| CVE-2024-1153 | 1 Talyabilisim | 1 Travel Apps | 2026-06-03 | 4.6 Medium |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Talya Informatics Travel APPS allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Travel APPS: before v17.0.68. | ||||
| CVE-2024-1744 | 2 Accordors, Ariva Computer | 2 Accord Ors, Accord Ors | 2026-06-03 | 7.5 High |
| Authorization Bypass Through User-Controlled Key, Missing Authorization vulnerability in Ariva Computer Accord ORS allows Retrieve Embedded Sensitive Data. This issue affects Accord ORS: before 7.3.2.1. | ||||
| CVE-2021-33012 | 1 Rockwellautomation | 2 Micrologix 1100, Micrologix 1100 Firmware | 2026-06-03 | 7.5 High |
| Rockwell Automation MicroLogix 1100, all versions, allows a remote, unauthenticated attacker sending specially crafted commands to cause the PLC to fault when the controller is switched to RUN mode, which results in a denial-of-service condition. If successfully exploited, this vulnerability will cause the controller to fault whenever the controller is switched to RUN mode. | ||||
| CVE-2018-6439 | 1 Broadcom | 1 Fabric Operating System | 2026-06-03 | 7.8 High |
| A Vulnerability in the configdownload command of Brocade Fabric OS command line interface (CLI) versions before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow a local attacker to escape the restricted shell and, gain root access. | ||||
| CVE-2024-3305 | 1 Utarit | 1 Soliclub | 2026-06-03 | 7.5 High |
| Authorization Bypass Through User-Controlled Key, Missing Authorization vulnerability in Utarit Information SoliClub allows Retrieve Embedded Sensitive Data. This issue affects SoliClub: before 4.4.0 for iOS, before 5.2.1 for Android. | ||||
| CVE-2024-4259 | 2 Sambas, Sampas Holding | 2 Akos, Akos | 2026-06-03 | 9.8 Critical |
| Missing Authorization vulnerability in SAMPAŞ Holding AKOS (AkosCepVatandasService), SAMPAŞ Holding AKOS (TahsilatService) allows Collect Data as Provided by Users. This issue affects AKOS (AkosCepVatandasService): before V2.0; AKOS (TahsilatService): before V1.0.7. | ||||
| CVE-2024-4341 | 1 Extremepacs | 1 Extreme Xds | 2026-06-03 | 6.5 Medium |
| Authorization Bypass Through User-Controlled Key, Missing Authorization vulnerability in ExtremePacs Extreme XDS allows Collect Data as Provided by Users. This issue affects Extreme XDS: before 3928. | ||||
| CVE-2024-4428 | 1 Menulux | 2 Management Portal, Managment Portal | 2026-06-03 | 9.8 Critical |
| Missing Authentication for Critical Function, Missing Authorization vulnerability in Menulux Information Technologies Managment Portal allows Collect Data as Provided by Users. This issue affects Managment Portal: through 21.05.2024. | ||||
| CVE-2026-0067 | 1 Google | 1 Android | 2026-06-03 | 5.5 Medium |
| In multiple functions of ubsan_throwing_runtime.cpp, there is a possible way to cause a permanent denial of service due to a logic error in the code. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2026-0060 | 1 Google | 1 Android | 2026-06-03 | 5.5 Medium |
| In updateState of GraphicsDriverEnableAngleAsSystemDriverController.java, there is a possible persistent dos issue due to an unusual root cause. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2025-48616 | 1 Google | 1 Android | 2026-06-03 | 3.3 Low |
| In multiple functions of KeyguardViewMediator.java , there is a possible way to bypass lockdown mode with screen pinning due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2026-8405 | 1 Ibm | 1 Guardium Data Protection | 2026-06-03 | 6.5 Medium |
| IBM Guardium Data Protection 12.2.1, and 12.2.2 's add-on feature of Guardium Data Protection named "Long Term Retention" (LTR) can expose sensitive credentials in debug mode. | ||||
| CVE-2025-32348 | 1 Google | 1 Android | 2026-06-02 | 7.8 High |
| In multiple locations, there is a possible background activity launch due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2026-3623 | 1 Ibm | 1 Netezza Performance Server Replication Services | 2026-06-02 | 7.8 High |
| IBM Netezza Performance Server Replication Services 3.0.2.0 through 3.0.5.0 allows an attacker with low‑privileged access to escalate their privileges to root. By exploiting this flaw, the attacker can execute root‑level commands, obtain a root shell, and change the root user’s password. Successful exploitation also enables modification or removal of system‑wide files and the installation of persistent backdoors. This results in full system compromise with complete loss of confidentiality, integrity, and availability. | ||||