Skip to main content

CWE-701

Weaknesses Introduced During Design

8 CVEs Avg CVSS 5.5 MITRE
0
CRITICAL
0
HIGH
8
MEDIUM
0
LOW
0
POC
0
KEV

Monthly

CVE-2026-58557 MEDIUM This Month

Design defect in HarmonyOS's 'Expedition mode' allows a high-privileged local attacker, with user interaction, to cause significant availability disruption and minor integrity impact. Reported by Huawei in its July 2026 security bulletin, the vulnerability carries a CVSS 3.1 base score of 4.8, reflecting constrained exploitability due to local access, high privilege, and required user interaction. No public exploit code has been identified, and the flaw does not appear in the CISA KEV catalog. Notably, the 'Information Disclosure' tag associated with this CVE is inconsistent with the CVSS confidentiality metric of C:N - this discrepancy should be verified against the vendor advisory.

Information Disclosure Harmonyos
NVD
CVSS 3.1
4.8
EPSS
0.1%
CVE-2026-41979 MEDIUM This Month

Permission control failure in the HarmonyOS print module allows a local attacker - without requiring elevated privileges - to compromise system integrity through user-triggered interaction. The vulnerability resides in Huawei's HarmonyOS, disclosed via the June 2026 Huawei Security Bulletin, and carries a CVSS 5.5 (Medium) rating. No public exploit code has been identified at time of analysis, and it does not appear in the CISA KEV catalog, though the high integrity impact warrants attention in enterprise HarmonyOS deployments.

Information Disclosure
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-41975 MEDIUM This Month

Permission management bypass in HarmonyOS's network management module allows a locally present, low-privileged attacker - with user interaction - to read sensitive network data (C:H) and disrupt service availability (A:H) under high-complexity conditions. The CVSS 6.3 Medium score reflects meaningful impact tempered by stringent prerequisites: local access, an authenticated account, required victim interaction, and high attack complexity. No public exploit identified at time of analysis, and no CISA KEV listing exists, but the confidentiality and availability impacts warrant patching per Huawei's June 2026 security bulletin.

Information Disclosure
NVD
CVSS 3.1
6.3
EPSS
0.0%
CVE-2024-57962 MEDIUM This Month

Vulnerability of incomplete verification information in the VPN service module Impact: Successful exploitation of this vulnerability may affect availability. Rated medium severity (CVSS 6.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Harmonyos
NVD
CVSS 3.1
6.1
EPSS
0.1%
CVE-2023-52954 MEDIUM This Month

Vulnerability of improper permission control in the Gallery module Impact: Successful exploitation of this vulnerability may affect availability. Rated medium severity (CVSS 4.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Emui Harmonyos
NVD
CVSS 3.1
4.4
EPSS
0.0%
CVE-2024-8298 MEDIUM This Month

Memory request vulnerability in the memory management module Impact: Successful exploitation of this vulnerability may affect service confidentiality. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Emui Harmonyos
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-42030 MEDIUM This Month

Access permission verification vulnerability in the content sharing pop-up module Impact: Successful exploitation of this vulnerability may affect service confidentiality. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Emui Harmonyos
NVD
CVSS 3.1
6.2
EPSS
0.1%
CVE-2023-6791 MEDIUM This Month

A credential disclosure vulnerability in Palo Alto Networks PAN-OS software enables an authenticated read-only administrator to obtain the plaintext credentials of stored external system integrations. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Paloalto Pan Os
NVD
CVSS 3.1
4.9
EPSS
0.6%
EPSS 0% CVSS 4.8
MEDIUM This Month

Design defect in HarmonyOS's 'Expedition mode' allows a high-privileged local attacker, with user interaction, to cause significant availability disruption and minor integrity impact. Reported by Huawei in its July 2026 security bulletin, the vulnerability carries a CVSS 3.1 base score of 4.8, reflecting constrained exploitability due to local access, high privilege, and required user interaction. No public exploit code has been identified, and the flaw does not appear in the CISA KEV catalog. Notably, the 'Information Disclosure' tag associated with this CVE is inconsistent with the CVSS confidentiality metric of C:N - this discrepancy should be verified against the vendor advisory.

Information Disclosure Harmonyos
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Permission control failure in the HarmonyOS print module allows a local attacker - without requiring elevated privileges - to compromise system integrity through user-triggered interaction. The vulnerability resides in Huawei's HarmonyOS, disclosed via the June 2026 Huawei Security Bulletin, and carries a CVSS 5.5 (Medium) rating. No public exploit code has been identified at time of analysis, and it does not appear in the CISA KEV catalog, though the high integrity impact warrants attention in enterprise HarmonyOS deployments.

Information Disclosure
NVD VulDB
EPSS 0% CVSS 6.3
MEDIUM This Month

Permission management bypass in HarmonyOS's network management module allows a locally present, low-privileged attacker - with user interaction - to read sensitive network data (C:H) and disrupt service availability (A:H) under high-complexity conditions. The CVSS 6.3 Medium score reflects meaningful impact tempered by stringent prerequisites: local access, an authenticated account, required victim interaction, and high attack complexity. No public exploit identified at time of analysis, and no CISA KEV listing exists, but the confidentiality and availability impacts warrant patching per Huawei's June 2026 security bulletin.

Information Disclosure
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

Vulnerability of incomplete verification information in the VPN service module Impact: Successful exploitation of this vulnerability may affect availability. Rated medium severity (CVSS 6.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Harmonyos
NVD
EPSS 0% CVSS 4.4
MEDIUM This Month

Vulnerability of improper permission control in the Gallery module Impact: Successful exploitation of this vulnerability may affect availability. Rated medium severity (CVSS 4.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Emui Harmonyos
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Memory request vulnerability in the memory management module Impact: Successful exploitation of this vulnerability may affect service confidentiality. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Emui Harmonyos
NVD
EPSS 0% CVSS 6.2
MEDIUM This Month

Access permission verification vulnerability in the content sharing pop-up module Impact: Successful exploitation of this vulnerability may affect service confidentiality. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Emui Harmonyos
NVD
EPSS 1% CVSS 4.9
MEDIUM This Month

A credential disclosure vulnerability in Palo Alto Networks PAN-OS software enables an authenticated read-only administrator to obtain the plaintext credentials of stored external system integrations. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Paloalto Pan Os
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy