Skip to main content
CVE-2026-41964 HIGH This Week

Race condition in HarmonyOS web component enables local privilege escalation to full system compromise without authentication. The TOCTOU flaw (CWE-362) allows local attackers to achieve high confidentiality, integrity, and availability impact through unauthorized permission escalation. Huawei has released patches via May 2026 security bulletins for both mobile and laptop devices. EPSS data not yet available for this 2026 CVE; no confirmed active exploitation or public POC identified at time of analysis.

Race Condition Information Disclosure
NVD
CVSS 3.1
8.4
EPSS
0.0%
CVE-2025-0028 HIGH This Week

Local attackers with low-privilege credentials can exploit unchecked return value handling in AMD Platform Management Framework (PMF) to read or write arbitrary memory addresses across multiple AMD Ryzen processor families (6000, 7000, 8000 series). This CWE-252 flaw enables privilege escalation to kernel level, compromising system confidentiality and availability with high impact across both virtualized and physical contexts. AMD has released security bulletin AMD-SB-4015 addressing the vulnerability. No CISA KEV listing or public exploit code has been identified at time of analysis, but the low attack complexity (AC:L) and local privilege requirement (PR:L) suggest exploitation is technically straightforward for attackers with initial system access.

Amd Information Disclosure
NVD
CVSS 4.0
8.3
EPSS
0.0%
CVE-2026-46367 HIGH PATCH GHSA This Week

Stored cross-site scripting in phpMyFAQ 4.1.1 lets any authenticated user with a registered account persist JavaScript inside FAQ or News comments by submitting a URL containing an unescaped double quote, which Utils::parseUrl() injects unescaped into an href attribute. Payloads execute for every visitor - including admins viewing the comments panel - enabling session cookie theft and full application takeover. Publicly available exploit code exists in the GHSA advisory, though EPSS is only 0.01% and SSVC categorizes exploitation as POC rather than active.

XSS Phpmyfaq
NVD GitHub VulDB
CVSS 4.0
8.3
EPSS
0.0%
CVE-2026-34253 HIGH PATCH This Week

Buffer underflow in vorbis-tools 1.4.3's ogg123 utility allows remote attackers to crash the application or potentially execute code through malformed remote control input. The vulnerability achieves an EPSS score indicating moderate exploitation likelihood, with proof-of-concept code available according to SSVC assessment, though it has not been added to CISA's KEV catalog indicating no confirmed active exploitation.

RCE
NVD GitHub VulDB
CVSS 3.1
8.2
EPSS
0.1%
CVE-2026-22810 HIGH PATCH GHSA This Week

Path traversal vulnerability in Joplin's OneNote importer (versions 3.2.2 through 3.5.6) allows local attackers with authenticated access to overwrite arbitrary files on disk by importing malicious .one files containing directory traversal sequences in embedded file names. The vulnerability can lead to remote code execution by overwriting system files like .bashrc. Publicly available exploit code exists, with vendor-released patch available in version 3.5.7.

Path Traversal RCE
NVD GitHub
CVSS 3.1
8.2
EPSS
0.0%
CVE-2026-46361 HIGH PATCH This Week

Stored cross-site scripting in phpMyFAQ before 4.1.2 lets FAQ editors persist HTML-entity-encoded JavaScript that survives sanitization and executes in every visitor's browser, including administrators. The flaw stems from Twig's `| raw` filter being applied to `result.question` and `result.answerPreview` in `search.twig`, combined with a `html_entity_decode(strip_tags())` round-trip in SearchController.php that resurrects encoded tags. Publicly available exploit code exists (POC per SSVC), though EPSS is 0.01% and the issue is not on the CISA KEV list.

XSS PHP
NVD GitHub VulDB
CVSS 4.0
8.2
EPSS
0.0%
CVE-2026-45062 HIGH PATCH GHSA This Week

Path traversal vulnerability in FrankenPHP allows remote code execution through Unicode handling flaws in CGI path splitting. The splitPos() function in cgi.go incorrectly processes non-ASCII bytes in request paths, allowing attackers to trick FrankenPHP into executing arbitrary non-.php files as PHP scripts by crafting URLs with Unicode lookalike characters or specific non-ASCII byte sequences. Successfully exploited in environments where attackers can upload or control file content, leading to remote code execution with CVSS 8.1 (High).

RCE Docker PHP
NVD GitHub VulDB
CVSS 3.1
8.1
EPSS
0.1%
CVE-2026-35194 HIGH PATCH GHSA This Week

Code injection in Apache Flink's SQL engine allows authenticated users to execute arbitrary code on TaskManagers through malicious SQL queries. The vulnerability affects JSON functions in versions 1.15.0+ and LIKE expressions with ESCAPE clauses in versions 1.17.0+, where user-controlled strings are interpolated into generated Java code without proper escaping. Apache has released patches in versions 1.20.4, 2.0.2, 2.1.2 and 2.2.1.

Java RCE Apache Code Injection
NVD VulDB
CVSS 3.1
8.1
EPSS
0.0%
CVE-2026-4094 HIGH This Week

Authenticated attackers with Contributor-level access can delete entire multi-currency configurations in FOX Currency Switcher Professional for WooCommerce by visiting any wp-admin page with a specific parameter, and the lack of nonce verification allows CSRF-based exploitation against administrators. Confirmed actively exploited (CISA KEV). CVSS 8.1 reflects high integrity and availability impact, with EPSS data unavailable. WordPress plugin affects versions ≤1.4.5, with patch released in version 1.4.6 per Wordfence advisory. The dual attack vectors (direct authenticated abuse and CSRF) significantly increase real-world risk for WooCommerce installations using this currency management plugin.

Authentication Bypass CSRF WordPress
NVD VulDB
CVSS 3.1
8.1
EPSS
0.0%
CVE-2026-46407 HIGH PATCH This Week

Authenticated administrators in Vvveb CMS versions before 1.0.8.3 can access REST API tokens of other administrators through the admin/auth-token endpoint by manipulating the admin_id parameter. This authorization bypass allows lateral privilege escalation between admin accounts, potentially compromising all administrative API operations. The vulnerability requires low-privileged authenticated access and has been patched in version 1.0.8.3.

Authentication Bypass Vvveb
NVD GitHub
CVSS 3.1
8.1
EPSS
0.0%
CVE-2026-45574 HIGH PATCH GHSA This Week

Missing TLS certificate validation in epa4all-client allows adjacent network attackers to intercept SOAP traffic between ePA services and Konnektor systems. The vulnerability affects versions prior to 1.2.2 and enables man-in-the-middle attacks using self-signed, expired, or otherwise invalid certificates to access patient identifiers (KVNR), SMC-B card operations, document content, and credential exchanges. No public exploit identified at time of analysis, with CVSS 8.1 indicating high impact on adjacent network segments.

Information Disclosure
NVD GitHub
CVSS 3.1
8.1
EPSS
0.0%
CVE-2026-41702 HIGH PATCH This Week

Local privilege escalation in VMware Fusion allows authenticated users with non-administrative privileges to gain root access by exploiting a TOCTOU race condition in a SETUID binary. The vulnerability requires local access and low attack complexity (CVSS:3.1 AV:L/AC:L/PR:L), enabling complete system compromise on macOS hosts running affected Fusion versions. EPSS and KEV status data not available; exploitation requires existing local user access but can bypass all privilege boundaries once triggered.

VMware Privilege Escalation
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-46359 HIGH PATCH GHSA This Week

SQL injection in phpMyFAQ prior to 4.1.2 allows attackers authenticating through Azure AD/Entra ID OAuth to execute arbitrary database queries by embedding SQL metacharacters in their identity provider display name or JWT claims. The CurrentUser::setTokenData() method interpolates OAuth token fields into an UPDATE statement via sprintf without calling the database escape routine, while sibling methods in the same file correctly escape input. Publicly available exploit code exists per VulnCheck and the GHSA advisory, though EPSS is low (0.03%, 9th percentile) and the issue is not in CISA KEV.

Microsoft SQLi
NVD GitHub VulDB
CVSS 4.0
7.7
EPSS
0.0%
CVE-2026-44692 HIGH PATCH GHSA This Week

Authenticated users in Sharp (a Laravel admin framework) can bypass authorization to download arbitrary files from any configured Laravel Storage disk through the generic download endpoint. The vulnerability allows authenticated users with view access to any single Sharp entity to download unrelated files including backups, invoices, internal documents, and tenant-specific data by manipulating the disk and path parameters. Sharp v9.22.0 fixes this by implementing signed URLs that prevent parameter tampering.

Authentication Bypass
NVD GitHub
CVSS 3.1
7.7
EPSS
0.0%
CVE-2026-45715 HIGH PATCH GHSA This Week

Budibase's REST datasource integration before version 3.38.1 bypasses IP blacklist security controls through HTTP redirect following. Authenticated Builder-level users can exploit this to access cloud metadata services and internal databases by redirecting requests through attacker-controlled servers, potentially stealing AWS/GCP/Azure credentials. This vulnerability class was previously fixed in automation steps but the REST integration was overlooked, creating an inconsistent security posture.

Redis Python SSRF Microsoft
NVD GitHub
CVSS 3.1
7.7
EPSS
0.0%
CVE-2026-45548 HIGH PATCH GHSA This Week

Server-Side Request Forgery (SSRF) in Budibase's AI Extract File automation step allows authenticated users with builder permissions to bypass IP blacklist protections and access internal resources. The vulnerability exists because the processUrlFile function uses fetch() directly without the fetchWithBlacklist() validation that protects all other automation steps, enabling attacks on cloud metadata endpoints (169.254.169.254), internal APIs, and private networks. Fixed in version 3.34.8.

SSRF Microsoft
NVD GitHub VulDB
CVSS 3.1
7.7
EPSS
0.0%
CVE-2026-46408 HIGH PATCH This Week

Vvveb CMS versions before 1.0.8.3 allow authenticated users to hijack other users' shopping carts during checkout. The checkout endpoint fails to verify cart ownership when processing a user-supplied cart_id parameter, enabling attackers to access and potentially complete purchases using another user's cart contents. This vulnerability has been patched in version 1.0.8.3.

Authentication Bypass Vvveb
NVD GitHub
CVSS 3.1
7.6
EPSS
0.0%
CVE-2026-39054 HIGH This Week

Command injection in Oinone Pamirs 7.0.0 allows remote unauthenticated attackers to execute arbitrary OS commands through the CommandHelper.executeCommands method. The vulnerability stems from unsanitized command strings being passed directly to a shell process's standard input. With an EPSS score indicating moderate exploitation likelihood and SSVC assessment showing automatable attacks with total technical impact, this represents a significant risk despite no current KEV listing or confirmed active exploitation.

Command Injection
NVD GitHub VulDB
CVSS 3.1
7.3
EPSS
1.3%
CVE-2026-6403 HIGH This Week

Remote unauthenticated attackers can exploit a path traversal vulnerability in Quick Playground plugin for WordPress (versions ≤1.3.3) to exfiltrate sensitive server files including wp-config.php credentials. The flaw in the qckply_zip_theme() function allows arbitrary filesystem traversal via an unsanitized 'stylesheet' parameter, triggering creation of downloadable ZIP archives containing any server-accessible files. With CVSS 7.5 (AV:N/AC:L/PR:N/UI:N) indicating trivial remote exploitation requiring no authentication, this represents an immediate confidentiality risk for all sites running affected versions, though no CISA KEV listing or public exploit code has been identified at time of analysis.

WordPress Path Traversal
NVD VulDB
CVSS 3.1
7.5
EPSS
0.3%
CVE-2026-38728 HIGH PATCH GHSA This Week

Memory exhaustion vulnerability in Nodemailer smtp-server before v3.18.3 enables remote denial of service attacks through unbounded command line processing. The vulnerability allows unauthenticated attackers to crash SMTP services by sending oversized commands that exhaust server memory. Public exploit code exists and the issue is rated as highly automatable by CISA SSVC framework, though not yet listed in CISA KEV.

Denial Of Service
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-40092 HIGH PATCH GHSA This Week

Remote denial-of-service vulnerability in Nimiq full nodes allows unauthenticated attackers to crash nodes by publishing malformed Kademlia DHT records with incorrect Ed25519 signature lengths. The vulnerability triggers a panic in the Ed25519 signature verification code when processing DHT records with signatures not exactly 64 bytes. Vendor-released patch: v1.4.0.

Denial Of Service
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-44716 HIGH PATCH GHSA This Week

{filename:path} endpoint fails to validate paths containing %2F-encoded directory separators, bypassing Starlette's URL normalization. Fixed in version 1.2.0 with no public exploit identified at time of analysis.

Path Traversal Python SSH
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-44826 HIGH PATCH This Week

Negative quantity manipulation in Vvveb CMS versions before 1.0.8.2 allows unauthenticated remote attackers to create orders with negative totals, potentially defrauding merchants. The cart-add endpoint accepts negative quantity values that propagate through the entire order flow, creating legitimate-looking orders where the merchant appears to owe money to the customer. Fixed in version 1.0.8.2.

Information Disclosure Vvveb
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-46474 HIGH PATCH This Week

Insufficient entropy in Trog::TOTP for Perl (versions before 1.006) allows remote attackers to predict TOTP secrets generated using Perl's built-in rand() function, undermining the security of two-factor authentication tokens issued by applications relying on this module. The flaw was reported by CPANSec and a fixed release (1.006) is available on CPAN. No public exploit identified at time of analysis, and the EPSS score is very low (0.02%).

Information Disclosure Trog
NVD VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-45736 HIGH PATCH GHSA This Week

Uninitialized memory disclosure in the ws WebSocket library for Node.js (versions 8.0.0 through 8.20.0) allows a connected peer to receive leaked process memory when an application calls websocket.close() with a TypedArray as the reason argument. Because the close-frame reason buffer is not zero-initialized, fragments of adjacent heap memory - potentially containing secrets, tokens, or other clients' data - are transmitted over the wire. No public exploit is identified at time of analysis (SSVC lists POC-class maturity but EPSS is only 0.01%), and the issue is fixed in ws 8.20.1.

Node.js Information Disclosure Ws
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-45539 HIGH PATCH GHSA This Week

Symbolic link following vulnerability in Microsoft APM dependency manager versions 0.5.4 to 0.12.4 allows remote attackers to read arbitrary files from the victim's system through malicious dependencies. The vulnerability occurs when APM processes symlinks in remote dependencies, following them to read local files and potentially exposing sensitive data that gets staged in git repositories. No public exploit identified at time of analysis.

Information Disclosure Microsoft
NVD GitHub VulDB
CVSS 3.1
7.4
EPSS
0.1%
CVE-2026-45575 HIGH PATCH GHSA This Week

Authentication bypass in epa4all-client allows MITM attackers positioned within the TI (Telematikinfrastruktur) network to capture SMC-B-signed authentication material by substituting a forged OIDC discovery document. The vulnerability affects all versions prior to 1.2.2 and requires the attacker to intercept TLS connections between the client and Identity Provider. No public exploit identified at time of analysis.

Jwt Attack Information Disclosure
NVD GitHub
CVSS 3.1
7.4
EPSS
0.0%
CVE-2026-45364 HIGH PATCH GHSA This Week

Rate limiter bypass in better-auth versions < 1.4.17 allows attackers to defeat authentication attempt limits by rotating through IPv6 addresses within their allocated /64 prefix or using different textual representations of the same address. The vulnerability affects authentication endpoints including sign-in, sign-up, and password reset when serving IPv6 clients, which includes most cloud providers by default. No public exploit identified at time of analysis.

Google Canonical Authentication Bypass
NVD GitHub
CVSS 3.1
7.3
EPSS
0.1%
CVE-2025-54518 HIGH PATCH This Week

Improper isolation of shared resources within the CPU operation cache on Zen 2-based products could allow an attacker to corrupt instructions executed at a different privilege level, potentially resulting in privilege escalation.

Privilege Escalation Amd Epyc 7002 Series Processors Amd Ryzen 4000 Series Mobile Processors With Radeon Graphics Amd Ryzen 7020 Series Processors With Radeon Graphics Amd Ryzen 3000 Series Desktop Processors +8
NVD VulDB
CVSS 4.0
7.3
EPSS
0.0%
CVE-2026-8700 HIGH PATCH This Week

Cryptographic weakness in Crypt::DSA for Perl versions before 1.20 allows remote attackers to predict DSA key material because seeds are generated with Perl's built-in rand() function instead of a cryptographically secure random source. Any DSA keys, signatures, or nonces produced by affected versions may be recoverable through brute-force or statistical analysis of the predictable PRNG state. No public exploit identified at time of analysis, and EPSS probability is negligible (0.01%), but the cryptographic primitive failure means all keys generated by vulnerable versions should be considered untrusted.

Information Disclosure
NVD VulDB
CVSS 3.1
7.3
EPSS
0.0%
CVE-2026-46362 HIGH PATCH This Week

Authorization bypass in phpMyFAQ versions prior to 4.1.2 allows any authenticated administrative user to access all permission-protected admin pages, regardless of their assigned privileges. The flaw resides in AbstractAdministrationController::userHasPermission() which sends a forbidden response but fails to terminate execution, leaking admin logs, user data, system information, and configuration. Publicly available exploit details exist via the GHSA advisory, though EPSS exploitation probability remains very low at 0.04%.

Authentication Bypass Phpmyfaq
NVD GitHub VulDB
CVSS 4.0
7.1
EPSS
0.0%
CVE-2026-45037 HIGH PATCH This Week

Tabby terminal emulator before version 1.0.232 automatically renders malicious URIs from SSH/Telnet servers as clickable links without validating the protocol scheme, allowing attackers to trigger arbitrary OS protocol handlers when users click these links. The vulnerability requires user interaction (clicking the malicious link) and affects all platforms where Tabby runs. EPSS data unavailable, not currently in CISA KEV, indicating no confirmed active exploitation at this time.

Information Disclosure Tabby
NVD GitHub VulDB
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-29938 HIGH This Week

Arbitrary code execution and denial of service in AMD Platform Management Framework (PMF) affects Ryzen 7035, 7040, 8040 mobile processors and Ryzen Embedded 8000 series. A local authenticated attacker exploiting an unchecked return value vulnerability can write to arbitrary memory locations, potentially escalating privileges from low to high integrity across system boundaries. The CVSS 4.0 score of 7.1 reflects local attack vector with low complexity but requires specific attack timing conditions (AT:P), though the cross-scope impact (S:H) and high confidentiality/integrity impact to subsequent systems elevate real-world risk for enterprise environments with AMD mobile processors.

Denial Of Service Amd RCE
NVD
CVSS 4.0
7.1
EPSS
0.0%
CVE-2023-31316 HIGH This Week

Improperly preserved integrity of hardware configuration state during a power save/restore operation in the AMD Secure Processor (ASP) could allow an attacker with the ability to write outside the. Rated high severity (CVSS 7.1). No vendor patch available.

Information Disclosure Amd
NVD
CVSS 4.0
7.1
EPSS
0.0%
CVE-2026-45008 HIGH PATCH This Week

Arbitrary directory deletion in phpMyFAQ before 4.1.2 allows authenticated admins with the INSTANCE_DELETE permission to recursively delete directories outside the multisite clientFolder by submitting path traversal sequences in the client URL parameter. The flaw stems from Client::deleteClientFolder() stripping only the https:// scheme without canonicalizing or validating ../ segments before passing the path to Filesystem::deleteDirectory(). Publicly available exploit code exists (VulnCheck advisory and GHSA write-up include a PoC), though EPSS remains low at 0.04% and the issue is not listed in CISA KEV.

Path Traversal Phpmyfaq
NVD GitHub VulDB
CVSS 4.0
7.0
EPSS
0.0%
CVE-2026-45036 HIGH PATCH This Week

Local code execution in Tabby terminal emulator versions before 1.0.233 occurs when users view attacker-controlled files containing ZMODEM protocol headers. The vulnerability exploits automatic ZMODEM detection that injects commands into the user's shell when displaying malicious content with common commands like 'cat'. Real-world risk is moderate (EPSS data not provided) as it requires local access and user interaction, but enables code execution without explicit user consent beyond viewing a file.

Command Injection RCE Tabby
NVD GitHub VulDB
CVSS 3.1
7.0
EPSS
0.0%
CVE-2025-48512 HIGH This Week

Privilege escalation in AMD GPIO controller driver for Windows allows authenticated local users with low privileges to execute arbitrary code with elevated rights via insecure directory permissions. Affects nearly the entire AMD processor portfolio from Ryzen 3000-series through latest EPYC 9005 and Ryzen AI 300. AMD has released patched chipset drivers (version 7.04.09.545 for most desktop/mobile products, 8.03.16.641 for server platforms) addressing the vulnerability. EPSS score and KEV status not provided in source data, but the local attack vector and user interaction requirement limit remote exploitation risk despite the 7.0 CVSS score.

Privilege Escalation Amd RCE
NVD VulDB
CVSS 4.0
7.0
EPSS
0.0%
CVE-2024-36333 HIGH This Week

A DLL hijacking vulnerability in the AMD Cleanup Utility could allow an attacker to achieve privilege escalation potentially resulting in arbitrary code execution. Rated high severity (CVSS 7.0), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation RCE Amd
NVD VulDB
CVSS 4.0
7.0
EPSS
0.0%
CVE-2024-36334 HIGH This Week

Improper verification of cryptographic signature in the Radeon RGB tool could allow a malicious file placed in the installation directory to be run with elevated privileges potentially leading to. Rated high severity (CVSS 7.0), this vulnerability is low attack complexity. No vendor patch available.

Jwt Attack RCE
NVD VulDB
CVSS 4.0
7.0
EPSS
0.0%
CVE-2025-48513 MEDIUM This Month

Uninitialized kernel memory within AMD's Platform Management Framework (PMF) can be read by local authenticated attackers, resulting in information disclosure or availability impact. This affects AMD Ryzen processors across multiple generations (6000, 7035, 7040, 8040 series and Z1/Embedded 8000) where PMF is present. The vulnerability requires local access and authenticated user privileges but does not require user interaction, making it exploitable by any local user with login credentials.

Amd Information Disclosure
NVD
CVSS 4.0
6.9
EPSS
0.0%
CVE-2025-48520 MEDIUM This Month

Improper input validation in the AMD Platform Management Framework (PMF) driver allows local authenticated attackers to read out-of-bounds memory, resulting in information disclosure or denial of service. The vulnerability affects multiple Ryzen processor families (7035, 7040, 8040, 6000 series, and Embedded 8000) and requires local access with limited privileges to exploit.

Information Disclosure Buffer Overflow Amd
NVD VulDB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2025-0045 MEDIUM This Month

Buffer overflow in the AMD Secure Processor (ASP) PCI driver affects dozens of AMD Ryzen, EPYC, and Threadripper processor families across desktop, mobile, and embedded variants. Local attackers with user-level privileges can trigger improper input validation in the driver to cause a crash or denial of service, with potential for integrity impact. The vulnerability requires local access and authenticated user privileges; no active exploitation in the wild has been confirmed, and vendor-released patches are available.

Denial Of Service Amd Buffer Overflow
NVD VulDB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2025-48521 MEDIUM This Month

Use-After-Free vulnerability in the AMD Secure Processor (ASP) PCI driver affects multiple Ryzen, Threadripper, EPYC, and Athlon processor families due to improper input validation. A local attacker with user-level privileges can trigger the UAF condition, resulting in denial of service via platform crash or potential loss of platform integrity. Vendor-released patch: AMD Ryzen Chipset Driver 7.02.13.148 (or equivalent Catalyst driver versions for embedded SKUs). No public exploit identified at time of analysis.

Denial Of Service Amd Use After Free Memory Corruption
NVD VulDB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2025-48516 MEDIUM This Month

DDR5 memory modules in multiple AMD Ryzen processor families contain an insecure default PMIC (Power Management Integrated Circuit) interface configuration that allows local users with standard privileges to cause permanent denial of service or corrupt memory module integrity via unprotected firmware access. The vulnerability affects Ryzen 4000, 7000, 7020, 7030, 7035, 7040, 7045 series processors and Threadripper Pro 3000 WX-series, requiring local system access but no special privileges or user interaction. No public exploit code or active exploitation has been confirmed at time of analysis.

Privilege Escalation Denial Of Service Amd Ryzen 4000 Series Mobile Processors With Radeon Graphics Amd Ryzen 7035 Series Processors With Radeon Graphics Amd Athlon 3000 Series Mobile Processors With Radeon Graphics +30
NVD
CVSS 4.0
6.9
EPSS
0.0%
CVE-2024-36332 MEDIUM This Month

Improper isolation of GPU HW register space could allow a privileged attacker in malicious Guest Virtual Machine (VM) to perform unauthorized access to specific victim range of GPU MMIO register. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Authentication Bypass Amd Radeon Pro V710
NVD
CVSS 4.0
6.8
EPSS
0.0%
CVE-2025-29944 MEDIUM This Month

Buffer overflow in AMD Sensor Fusion Hub Driver allows local authenticated attackers to write out of bounds, causing denial of service or system crash. The vulnerability affects multiple Ryzen processor families (4000, 5000, 7000, 7020, 7030, 7035, 7040 series and Ryzen AI 300 series) with Radeon integrated graphics across Windows mobile and desktop platforms. No active exploitation has been confirmed at time of analysis.

Denial Of Service Amd Buffer Overflow
NVD
CVSS 4.0
6.8
EPSS
0.0%
CVE-2023-31309 MEDIUM This Month

Improper validation in Power Management Firmware (PMFW) may allow an attacker with privileges to pass malformed workload arguments when exporting table data from SMU to DRAM potentially resulting in. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Amd Radeon Rx 6000 Series Graphics Products Amd Radeon Pro W6000 Series Graphics Products Amd Radeon Pro V520 Amd Radeon Pro V620
NVD
CVSS 4.0
6.8
EPSS
0.0%
CVE-2026-41970 MEDIUM This Month

Out-of-bounds write in Huawei HarmonyOS and EMUI distributed file system module allows authenticated local attackers to corrupt memory, potentially affecting system availability and integrity. CVSS 6.8 reflects adjacent network access requirement and low attack complexity, but exploitation requires prior authentication and local network presence. No public exploit code or active exploitation confirmed at time of analysis.

Memory Corruption Buffer Overflow Emui
NVD VulDB
CVSS 3.1
6.8
EPSS
0.0%
CVE-2026-4683 MEDIUM This Month

Unauthenticated attackers can modify Smartcat API credentials in the Smartcat Translator for WPML plugin through a missing capability check on the 'routeData' REST endpoint, allowing hijacking of translation services or denial of service. All versions through 3.1.77 are affected. The vulnerability requires only network access and no user interaction, making it remotely exploitable by any unauthenticated actor against default WordPress configurations running the vulnerable plugin.

Authentication Bypass Denial Of Service WordPress
NVD VulDB
CVSS 3.1
6.5
EPSS
0.1%
CVE-2026-39053 MEDIUM This Month

XML External Entity (XXE) injection in Oinone Pamirs 7.0.0 allows remote unauthenticated attackers to disclose local files or perform Server-Side Request Forgery (SSRF) attacks via malicious XML input to unsafe XStream parsing entry points (PamirsXmlUtils.fromXML, ViewXmlUtils.fromXML). The vulnerability has network attack vector with low complexity (CVSS:3.1 AV:N/AC:L/PR:N) and is automatable per SSVC framework, though no active exploitation or public POC has been confirmed at time of analysis. EPSS data not available; CISA KEV status: not listed.

XXE SSRF
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.1%
Prev Page 2 of 4 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy