Skip to main content

Harmonyos

742 CVEs product

Monthly

CVE-2026-58557 MEDIUM This Month

Design defect in HarmonyOS's 'Expedition mode' allows a high-privileged local attacker, with user interaction, to cause significant availability disruption and minor integrity impact. Reported by Huawei in its July 2026 security bulletin, the vulnerability carries a CVSS 3.1 base score of 4.8, reflecting constrained exploitability due to local access, high privilege, and required user interaction. No public exploit code has been identified, and the flaw does not appear in the CISA KEV catalog. Notably, the 'Information Disclosure' tag associated with this CVE is inconsistent with the CVSS confidentiality metric of C:N - this discrepancy should be verified against the vendor advisory.

Information Disclosure Harmonyos
NVD
CVSS 3.1
4.8
CVE-2026-58554 MEDIUM This Month

Permission control bypass in the Settings module of Huawei HarmonyOS and EMUI exposes sensitive service data to unauthorized local actors. A locally-installed application without elevated privileges can exploit the flaw (CWE-200) during user interaction with the Settings UI to read confidential configuration or service data - with a CVSS-rated High confidentiality impact (C:H). No public exploit code has been identified at time of analysis, and the vulnerability is not listed in CISA KEV.

Information Disclosure Harmonyos Emui
NVD
CVSS 3.1
6.6
CVE-2026-58555 MEDIUM This Month

Permission bypass in the HarmonyOS card module allows a local, unprivileged user - with required user interaction - to circumvent access controls, resulting in high availability impact alongside limited confidentiality and integrity exposure. The vulnerability affects Huawei HarmonyOS across all tracked versions per CPE data and is documented in Huawei's July 2026 security bulletin. No public exploit code and no CISA KEV listing have been identified at time of analysis, keeping real-world risk constrained to local attack scenarios.

Privilege Escalation Harmonyos
NVD
CVSS 3.1
6.6
CVE-2026-58553 MEDIUM This Month

Out-of-bounds read in HarmonyOS's image codec module allows a local attacker to cause service availability disruption, with the vendor description also noting potential confidentiality impact - a discrepancy with the CVSS C:N metric that warrants attention. All versions of Huawei HarmonyOS across consumer devices, vision products, wearables, and laptops are identified as affected per the July 2026 Huawei Security Bulletin. No public exploit code has been identified at time of analysis, and the medium CVSS score of 4.0 with a local attack vector limits real-world exploitation to scenarios with physical or local access to the target device.

Buffer Overflow Harmonyos
NVD
CVSS 3.1
4.0
CVE-2026-58552 MEDIUM This Month

Out-of-bounds read in HarmonyOS's image codec module exposes partial memory contents to local attackers, affecting service confidentiality with a secondary availability impact. The CVSS vector (AV:L/PR:N) scopes exploitation to the local device - reachable by any installed application capable of submitting image data to the vulnerable codec - without requiring elevated privileges. No confirmed active exploitation (not listed in CISA KEV) and no public exploit code have been identified at time of analysis; Huawei has published remediation bulletins across four device categories in July 2026.

Buffer Overflow Harmonyos
NVD
CVSS 3.1
5.1
CVE-2026-58551 MEDIUM This Month

Out-of-bounds read in HarmonyOS's image codec module exposes limited memory content and may cause service instability, affecting confidentiality and availability at a low severity level. The flaw resides in image processing logic and is reachable by a local, unprivileged actor who can trigger image decoding - such as by supplying a crafted image file. No public exploit has been identified at time of analysis, and Huawei has disclosed patches via July 2026 security bulletins covering consumer devices, wearables, and laptops.

Buffer Overflow Harmonyos
NVD
CVSS 3.1
5.1
CVE-2026-58550 MEDIUM This Month

Out-of-bounds read in HarmonyOS's image codec module can be triggered locally, with potential impact to service confidentiality and availability. Huawei disclosed this via its July 2026 security bulletin family covering consumer devices, vision products, wearables, and laptops - indicating broad exposure across the HarmonyOS device ecosystem. No public exploit code has been identified at time of analysis, and the vulnerability is not listed in CISA's KEV catalog.

Buffer Overflow Harmonyos
NVD
CVSS 3.1
4.0
CVE-2026-58549 MEDIUM This Month

Out-of-bounds read in the HarmonyOS image codec module allows a local unprivileged user to disrupt service availability on affected Huawei devices. Huawei's own bulletin language references potential confidentiality impact, but the NVD CVSS vector assigns C:N and A:L only - a discrepancy that warrants attention. No public exploit code and no CISA KEV listing have been identified at time of analysis, keeping real-world risk low despite the wide device footprint across Huawei phones, wearables, and laptops.

Buffer Overflow Harmonyos
NVD
CVSS 3.1
4.0
CVE-2026-28551 MEDIUM This Month

Race condition vulnerability in the device security management module. Impact: Successful exploitation of this vulnerability may affect availability. [CVSS 4.7 MEDIUM]

Race Condition Harmonyos
NVD
CVSS 3.1
4.7
EPSS
0.0%
CVE-2026-28549 MEDIUM This Month

Race condition vulnerability in the permission management service. Impact: Successful exploitation of this vulnerability may affect availability. [CVSS 6.6 MEDIUM]

Race Condition Harmonyos
NVD
CVSS 3.1
6.6
EPSS
0.0%
CVE-2026-28548 HIGH This Week

Vulnerability of improper verification in the email application. Impact: Successful exploitation of this vulnerability may affect service confidentiality. [CVSS 7.1 HIGH]

Privilege Escalation Emui Harmonyos
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2026-28547 MEDIUM This Month

Vulnerability of uninitialized pointer access in the scanning module. Impact: Successful exploitation of this vulnerability may affect availability. [CVSS 6.8 MEDIUM]

Buffer Overflow Harmonyos
NVD
CVSS 3.1
6.8
EPSS
0.0%
CVE-2026-28546 MEDIUM This Month

Buffer overflow vulnerability in the scanning module. Impact: Successful exploitation of this vulnerability may affect availability. [CVSS 5.9 MEDIUM]

Buffer Overflow Harmonyos
NVD
CVSS 3.1
5.9
EPSS
0.0%
CVE-2026-28542 HIGH This Week

Permission bypass vulnerability in the system service framework. Impact: Successful exploitation of this vulnerability may affect availability. [CVSS 7.3 HIGH]

Authentication Bypass Emui Harmonyos
NVD
CVSS 3.1
7.3
EPSS
0.0%
CVE-2026-28552 MEDIUM This Month

Out-of-bounds write vulnerability in the IMS module. Impact: Successful exploitation of this vulnerability may affect availability. [CVSS 6.5 MEDIUM]

Buffer Overflow Harmonyos Emui
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-28550 MEDIUM This Month

Race condition vulnerability in the security control module. Impact: Successful exploitation of this vulnerability may affect availability. [CVSS 4.0 MEDIUM]

Race Condition Harmonyos
NVD
CVSS 3.1
4.0
EPSS
0.0%
CVE-2026-28545 MEDIUM This Month

Race condition vulnerability in the printing module. Impact: Successful exploitation of this vulnerability may affect availability. [CVSS 5.9 MEDIUM]

Race Condition Harmonyos
NVD
CVSS 3.1
5.9
EPSS
0.0%
CVE-2026-28544 MEDIUM This Month

Race condition vulnerability in the printing module. Impact: Successful exploitation of this vulnerability may affect availability. [CVSS 6.2 MEDIUM]

Race Condition Harmonyos
NVD
CVSS 3.1
6.2
EPSS
0.0%
CVE-2026-28543 MEDIUM This Month

Race condition vulnerability in the maintenance and diagnostics module. Impact: Successful exploitation of this vulnerability may affect availability. [CVSS 4.4 MEDIUM]

Industrial Race Condition Harmonyos
NVD
CVSS 3.1
4.4
EPSS
0.0%
CVE-2026-28541 MEDIUM This Month

Harmonyos versions up to 5.1.0 is affected by permissions, privileges, and access controls (CVSS 4.0).

Privilege Escalation Harmonyos
NVD
CVSS 3.1
4.0
EPSS
0.0%
CVE-2026-28540 MEDIUM This Month

Out-of-bounds character read vulnerability in Bluetooth. Impact: Successful exploitation of this vulnerability may affect service confidentiality. [CVSS 4.0 MEDIUM]

Buffer Overflow Harmonyos
NVD
CVSS 3.1
4.0
EPSS
0.0%
CVE-2026-28539 MEDIUM This Month

Data processing vulnerability in the certificate management module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. [CVSS 6.2 MEDIUM]

Information Disclosure Harmonyos
NVD
CVSS 3.1
6.2
EPSS
0.0%
CVE-2026-28538 MEDIUM This Month

Path traversal vulnerability in the certificate management module. Impact: Successful exploitation of this vulnerability may affect availability. [CVSS 5.9 MEDIUM]

Path Traversal Harmonyos
NVD
CVSS 3.1
5.9
EPSS
0.0%
CVE-2026-28537 MEDIUM This Month

Double free vulnerability in the window module. Impact: Successful exploitation of this vulnerability may affect availability. [CVSS 5.1 MEDIUM]

Information Disclosure Harmonyos
NVD
CVSS 3.1
5.1
EPSS
0.0%
CVE-2026-28536 CRITICAL Act Now

Auth bypass in device authentication module.

Authentication Bypass Harmonyos
NVD
CVSS 3.1
9.6
EPSS
0.0%
CVE-2026-24928 MEDIUM This Month

Out-of-bounds write vulnerability in the file system module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. [CVSS 5.8 MEDIUM]

Buffer Overflow Harmonyos Emui
NVD
CVSS 3.1
5.8
EPSS
0.0%
CVE-2026-24927 MEDIUM This Month

Out-of-bounds access vulnerability in the frequency modulation module. Impact: Successful exploitation of this vulnerability may affect availability. [CVSS 5.5 MEDIUM]

Use After Free Emui Harmonyos
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-24924 MEDIUM This Month

Harmonyos versions up to 6.0.0 is affected by permissions, privileges, and access controls (CVSS 6.1).

Privilege Escalation Harmonyos
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2026-24920 MEDIUM This Month

Permission control vulnerability in the AMS module. Impact: Successful exploitation of this vulnerability may affect availability. [CVSS 6.2 MEDIUM]

Privilege Escalation Emui Harmonyos
NVD
CVSS 3.1
6.2
EPSS
0.0%
CVE-2026-24931 MEDIUM This Month

Harmonyos versions up to 5.1.0 is affected by permissions, privileges, and access controls (CVSS 5.9).

Privilege Escalation Harmonyos
NVD
CVSS 3.1
5.9
EPSS
0.0%
CVE-2026-24930 HIGH This Week

UAF concurrency vulnerability in the graphics module. Impact: Successful exploitation of this vulnerability may affect availability. [CVSS 8.4 HIGH]

Industrial Harmonyos
NVD
CVSS 3.1
8.4
EPSS
0.0%
CVE-2026-24929 MEDIUM This Month

Out-of-bounds read vulnerability in the graphics module. Impact: Successful exploitation of this vulnerability may affect availability. [CVSS 5.9 MEDIUM]

Industrial Harmonyos
NVD
CVSS 3.1
5.9
EPSS
0.0%
CVE-2026-24926 HIGH This Week

Out-of-bounds write vulnerability in the camera module. Impact: Successful exploitation of this vulnerability may affect availability. [CVSS 8.4 HIGH]

Buffer Overflow Harmonyos
NVD
CVSS 3.1
8.4
EPSS
0.0%
CVE-2026-24925 HIGH This Week

Heap-based buffer overflow vulnerability in the image module. Impact: Successful exploitation of this vulnerability may affect availability. [CVSS 7.3 HIGH]

Buffer Overflow Heap Overflow Harmonyos
NVD
CVSS 3.1
7.3
EPSS
0.0%
CVE-2026-24923 MEDIUM This Month

Harmonyos versions up to 6.0.0 is affected by permissions, privileges, and access controls (CVSS 6.3).

Privilege Escalation Harmonyos
NVD
CVSS 3.1
6.3
EPSS
0.0%
CVE-2026-24922 MEDIUM This Month

Buffer overflow vulnerability in the HDC module. Impact: Successful exploitation of this vulnerability may affect availability. [CVSS 6.9 MEDIUM]

Buffer Overflow Harmonyos
NVD
CVSS 3.1
6.9
EPSS
0.0%
CVE-2026-24921 MEDIUM This Month

Address read vulnerability in the HDC module. Impact: Successful exploitation of this vulnerability will affect availability and confidentiality. [CVSS 4.8 MEDIUM]

Buffer Overflow Information Disclosure Harmonyos
NVD
CVSS 3.1
4.8
EPSS
0.0%
CVE-2026-24919 MEDIUM This Month

Out-of-bounds write vulnerability in the DFX module. Impact: Successful exploitation of this vulnerability may affect availability. [CVSS 6.0 MEDIUM]

Buffer Overflow Emui Harmonyos
NVD
CVSS 3.1
6.0
EPSS
0.0%
CVE-2026-24918 MEDIUM This Month

Address read vulnerability in the communication module. Impact: Successful exploitation of this vulnerability may affect availability. [CVSS 6.8 MEDIUM]

Denial Of Service Harmonyos Emui
NVD
CVSS 3.1
6.8
EPSS
0.0%
CVE-2026-24917 MEDIUM This Month

UAF vulnerability in the security module. Impact: Successful exploitation of this vulnerability may affect availability. [CVSS 6.5 MEDIUM]

Use After Free Emui Harmonyos
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-24916 MEDIUM This Month

Identity authentication bypass vulnerability in the window module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. [CVSS 5.9 MEDIUM]

Authentication Bypass Harmonyos
NVD
CVSS 3.1
5.9
EPSS
0.0%
CVE-2026-24915 MEDIUM This Month

Out-of-bounds read issue in the media subsystem. Impact: Successful exploitation of this vulnerability will affect availability and confidentiality. [CVSS 6.2 MEDIUM]

Buffer Overflow Information Disclosure Harmonyos
NVD
CVSS 3.1
6.2
EPSS
0.0%
CVE-2026-24914 MEDIUM This Month

Type confusion vulnerability in the camera module. Impact: Successful exploitation of this vulnerability may affect availability. [CVSS 4.0 MEDIUM]

Use After Free Harmonyos
NVD
CVSS 3.1
4.0
EPSS
0.0%
CVE-2025-68970 MEDIUM This Month

Permission verification bypass vulnerability in the media library module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. [CVSS 6.1 MEDIUM]

Code Injection Emui Harmonyos
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-68969 MEDIUM This Month

Multi-thread race condition vulnerability in the thermal management module. Impact: Successful exploitation of this vulnerability may affect availability. [CVSS 6.8 MEDIUM]

Race Condition Harmonyos
NVD
CVSS 3.1
6.8
EPSS
0.0%
CVE-2025-68968 HIGH This Week

Double free vulnerability in the multi-mode input module. Impact: Successful exploitation of this vulnerability may affect the input function. [CVSS 7.8 HIGH]

Information Disclosure Harmonyos
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-68967 MEDIUM This Month

Harmonyos versions up to 6.0.0 is affected by permissions, privileges, and access controls (CVSS 5.7).

Privilege Escalation Harmonyos
NVD
CVSS 3.1
5.7
EPSS
0.0%
CVE-2025-68966 MEDIUM This Month

Permission control vulnerability in the Notepad module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. [CVSS 5.1 MEDIUM]

Information Disclosure Harmonyos
NVD
CVSS 3.1
5.1
EPSS
0.0%
CVE-2025-68965 MEDIUM This Month

Permission control vulnerability in the Notepad module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. [CVSS 4.7 MEDIUM]

Information Disclosure Harmonyos
NVD
CVSS 3.1
4.7
EPSS
0.0%
CVE-2025-68964 MEDIUM This Month

Data verification vulnerability in the HiView module. Impact: Successful exploitation of this vulnerability may affect availability. [CVSS 6.2 MEDIUM]

Code Injection Harmonyos
NVD
CVSS 3.1
6.2
EPSS
0.0%
CVE-2025-68963 MEDIUM This Month

Man-in-the-middle attack vulnerability in the Clone module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. [CVSS 5.7 MEDIUM]

Information Disclosure Harmonyos Emui
NVD
CVSS 3.1
5.7
EPSS
0.0%
CVE-2025-68962 MEDIUM This Month

Multi-thread race condition vulnerability in the camera framework module. Impact: Successful exploitation of this vulnerability may affect availability. [CVSS 5.1 MEDIUM]

Race Condition Harmonyos
NVD
CVSS 3.1
5.1
EPSS
0.0%
CVE-2025-68961 MEDIUM This Month

Multi-thread race condition vulnerability in the camera framework module. Impact: Successful exploitation of this vulnerability may affect availability. [CVSS 5.1 MEDIUM]

Race Condition Harmonyos
NVD
CVSS 3.1
5.1
EPSS
0.0%
CVE-2025-68960 HIGH This Week

Multi-thread race condition vulnerability in the video framework module. Impact: Successful exploitation of this vulnerability may affect availability. [CVSS 8.4 HIGH]

Race Condition Harmonyos
NVD
CVSS 3.1
8.4
EPSS
0.0%
CVE-2025-68959 MEDIUM This Month

Permission verification bypass vulnerability in the media library module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. [CVSS 6.2 MEDIUM]

Information Disclosure Harmonyos Emui
NVD
CVSS 3.1
6.2
EPSS
0.0%
CVE-2025-68958 HIGH This Week

Multi-thread race condition vulnerability in the card framework module. Impact: Successful exploitation of this vulnerability may affect availability. [CVSS 8.0 HIGH]

Race Condition Harmonyos
NVD
CVSS 3.1
8.0
EPSS
0.0%
CVE-2025-68957 HIGH This Week

Multi-thread race condition vulnerability in the card framework module. Impact: Successful exploitation of this vulnerability may affect availability. [CVSS 8.4 HIGH]

Race Condition Harmonyos
NVD
CVSS 3.1
8.4
EPSS
0.0%
CVE-2025-68956 HIGH This Week

Multi-thread race condition vulnerability in the card framework module. Impact: Successful exploitation of this vulnerability may affect availability. [CVSS 8.0 HIGH]

Race Condition Harmonyos
NVD
CVSS 3.1
8.0
EPSS
0.0%
CVE-2025-68955 HIGH This Week

Multi-thread race condition vulnerability in the card framework module. Impact: Successful exploitation of this vulnerability may affect availability. [CVSS 8.0 HIGH]

Race Condition Harmonyos
NVD
CVSS 3.1
8.0
EPSS
0.0%
CVE-2025-66330 MEDIUM This Month

App lock verification bypass vulnerability in the file management app. Impact: Successful exploitation of this vulnerability may affect service confidentiality.

Information Disclosure Harmonyos
NVD
CVSS 3.1
4.9
EPSS
0.0%
CVE-2025-66328 HIGH This Week

Multi-thread race condition vulnerability in the network management module. Impact: Successful exploitation of this vulnerability may affect availability.

Information Disclosure Race Condition Harmonyos
NVD
CVSS 3.1
8.4
EPSS
0.0%
CVE-2025-66327 HIGH This Week

Race condition vulnerability in the network module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.

Information Disclosure Race Condition Harmonyos
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-66325 MEDIUM This Month

Permission control vulnerability in the package management module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.

Privilege Escalation Harmonyos Emui
NVD
CVSS 3.1
6.2
EPSS
0.0%
CVE-2025-58279 MEDIUM This Month

Permission control vulnerability in the media library module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.

Information Disclosure Harmonyos
NVD
CVSS 3.1
4.4
EPSS
0.0%
CVE-2025-66326 MEDIUM This Month

Race condition vulnerability in the audio module. Impact: Successful exploitation of this vulnerability may affect availability.

Use After Free Memory Corruption Information Disclosure Harmonyos
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2025-66324 HIGH This Week

Input verification vulnerability in the compression and decompression module. Impact: Successful exploitation of this vulnerability may affect app data integrity.

Privilege Escalation Harmonyos
NVD
CVSS 3.1
8.4
EPSS
0.0%
CVE-2025-66323 MEDIUM This Month

CVE-2025-66323 is a security vulnerability (CVSS 5.3). Remediation should follow standard vulnerability management procedures.

Information Disclosure Harmonyos
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-66322 MEDIUM This Month

Multi-thread race condition vulnerability in the camera framework module. Impact: Successful exploitation of this vulnerability may affect availability.

Information Disclosure Race Condition Harmonyos
NVD
CVSS 3.1
5.1
EPSS
0.0%
CVE-2025-66321 MEDIUM This Month

Multi-thread race condition vulnerability in the camera framework module. Impact: Successful exploitation of this vulnerability may affect availability.

Information Disclosure Race Condition Harmonyos
NVD
CVSS 3.1
5.1
EPSS
0.0%
CVE-2025-66320 MEDIUM This Month

Multi-thread race condition vulnerability in the camera framework module. Impact: Successful exploitation of this vulnerability may affect availability.

Information Disclosure Race Condition Harmonyos
NVD
CVSS 3.1
5.1
EPSS
0.0%
CVE-2025-64312 MEDIUM This Month

Permission control vulnerability in the file management module. Rated medium severity (CVSS 4.9), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Harmonyos
NVD
CVSS 3.1
4.9
EPSS
0.0%
CVE-2025-58311 MEDIUM This Month

UAF vulnerability in the USB driver module. Rated medium severity (CVSS 5.8). No vendor patch available.

Memory Corruption Information Disclosure Use After Free Emui Harmonyos
NVD
CVSS 3.1
5.8
EPSS
0.0%
CVE-2025-58308 HIGH This Week

Vulnerability of improper criterion security check in the call module. Rated high severity (CVSS 7.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Harmonyos
NVD
CVSS 3.1
7.3
EPSS
0.0%
CVE-2025-58305 MEDIUM This Month

Identity authentication bypass vulnerability in the Gallery app. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Authentication Bypass Harmonyos
NVD
CVSS 3.1
6.2
EPSS
0.0%
CVE-2025-58304 MEDIUM This Month

Permission control vulnerability in the file management module. Rated medium severity (CVSS 4.9), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Harmonyos
NVD
CVSS 3.1
4.9
EPSS
0.0%
CVE-2025-58302 HIGH This Week

Permission control vulnerability in the Settings module. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Emui Harmonyos
NVD
CVSS 3.1
8.4
EPSS
0.0%
CVE-2025-64315 MEDIUM This Month

Configuration defect vulnerability in the file management module. Rated medium severity (CVSS 4.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Harmonyos
NVD
CVSS 3.1
4.4
EPSS
0.0%
CVE-2025-64314 CRITICAL Act Now

Permission control vulnerability in the memory management module. Rated critical severity (CVSS 9.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Information Disclosure Harmonyos
NVD
CVSS 3.1
9.3
EPSS
0.0%
CVE-2025-64313 MEDIUM This Month

Denial of service (DoS) vulnerability in the office service. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Race Condition Microsoft Harmonyos
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-64311 MEDIUM This Month

Permission control vulnerability in the Notepad module. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required. No vendor patch available.

Information Disclosure Harmonyos
NVD
CVSS 3.1
5.1
EPSS
0.0%
CVE-2025-58316 HIGH This Week

DoS vulnerability in the video-related system service module. Rated high severity (CVSS 7.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Race Condition Information Disclosure Harmonyos
NVD
CVSS 3.1
7.3
EPSS
0.0%
CVE-2025-58315 MEDIUM This Month

Permission control vulnerability in the Wi-Fi module. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Harmonyos
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-58314 MEDIUM This Month

Vulnerability of accessing invalid memory in the component driver module. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Emui Harmonyos
NVD
CVSS 3.1
6.6
EPSS
0.0%
CVE-2025-58312 MEDIUM This Month

Permission control vulnerability in the App Lock module. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required. No vendor patch available.

Privilege Escalation Harmonyos
NVD
CVSS 3.1
5.1
EPSS
0.0%
CVE-2025-58310 HIGH This Week

Permission control vulnerability in the distributed component. Rated high severity (CVSS 8.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Information Disclosure Harmonyos
NVD
CVSS 3.1
8.0
EPSS
0.0%
CVE-2025-58309 MEDIUM This Month

Permission control vulnerability in the startup recovery module. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Harmonyos
NVD
CVSS 3.1
6.8
EPSS
0.0%
CVE-2025-58307 MEDIUM This Month

UAF vulnerability in the screen recording framework module. Rated medium severity (CVSS 6.4). No vendor patch available.

Memory Corruption Information Disclosure Use After Free Harmonyos
NVD
CVSS 3.1
6.4
EPSS
0.0%
CVE-2025-58303 HIGH This Week

UAF vulnerability in the screen recording framework module. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Race Condition Information Disclosure Harmonyos
NVD
CVSS 3.1
8.4
EPSS
0.0%
CVE-2025-58294 MEDIUM This Month

Permission control vulnerability in the print module. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Harmonyos
NVD
CVSS 3.1
6.2
EPSS
0.0%
CVE-2025-58313 MEDIUM This Month

Race condition vulnerability in the device standby module. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required. No vendor patch available.

Information Disclosure Race Condition Harmonyos
NVD
CVSS 3.1
5.1
EPSS
0.0%
CVSS 4.8
MEDIUM This Month

Design defect in HarmonyOS's 'Expedition mode' allows a high-privileged local attacker, with user interaction, to cause significant availability disruption and minor integrity impact. Reported by Huawei in its July 2026 security bulletin, the vulnerability carries a CVSS 3.1 base score of 4.8, reflecting constrained exploitability due to local access, high privilege, and required user interaction. No public exploit code has been identified, and the flaw does not appear in the CISA KEV catalog. Notably, the 'Information Disclosure' tag associated with this CVE is inconsistent with the CVSS confidentiality metric of C:N - this discrepancy should be verified against the vendor advisory.

Information Disclosure Harmonyos
NVD
CVSS 6.6
MEDIUM This Month

Permission control bypass in the Settings module of Huawei HarmonyOS and EMUI exposes sensitive service data to unauthorized local actors. A locally-installed application without elevated privileges can exploit the flaw (CWE-200) during user interaction with the Settings UI to read confidential configuration or service data - with a CVSS-rated High confidentiality impact (C:H). No public exploit code has been identified at time of analysis, and the vulnerability is not listed in CISA KEV.

Information Disclosure Harmonyos Emui
NVD
CVSS 6.6
MEDIUM This Month

Permission bypass in the HarmonyOS card module allows a local, unprivileged user - with required user interaction - to circumvent access controls, resulting in high availability impact alongside limited confidentiality and integrity exposure. The vulnerability affects Huawei HarmonyOS across all tracked versions per CPE data and is documented in Huawei's July 2026 security bulletin. No public exploit code and no CISA KEV listing have been identified at time of analysis, keeping real-world risk constrained to local attack scenarios.

Privilege Escalation Harmonyos
NVD
CVSS 4.0
MEDIUM This Month

Out-of-bounds read in HarmonyOS's image codec module allows a local attacker to cause service availability disruption, with the vendor description also noting potential confidentiality impact - a discrepancy with the CVSS C:N metric that warrants attention. All versions of Huawei HarmonyOS across consumer devices, vision products, wearables, and laptops are identified as affected per the July 2026 Huawei Security Bulletin. No public exploit code has been identified at time of analysis, and the medium CVSS score of 4.0 with a local attack vector limits real-world exploitation to scenarios with physical or local access to the target device.

Buffer Overflow Harmonyos
NVD
CVSS 5.1
MEDIUM This Month

Out-of-bounds read in HarmonyOS's image codec module exposes partial memory contents to local attackers, affecting service confidentiality with a secondary availability impact. The CVSS vector (AV:L/PR:N) scopes exploitation to the local device - reachable by any installed application capable of submitting image data to the vulnerable codec - without requiring elevated privileges. No confirmed active exploitation (not listed in CISA KEV) and no public exploit code have been identified at time of analysis; Huawei has published remediation bulletins across four device categories in July 2026.

Buffer Overflow Harmonyos
NVD
CVSS 5.1
MEDIUM This Month

Out-of-bounds read in HarmonyOS's image codec module exposes limited memory content and may cause service instability, affecting confidentiality and availability at a low severity level. The flaw resides in image processing logic and is reachable by a local, unprivileged actor who can trigger image decoding - such as by supplying a crafted image file. No public exploit has been identified at time of analysis, and Huawei has disclosed patches via July 2026 security bulletins covering consumer devices, wearables, and laptops.

Buffer Overflow Harmonyos
NVD
CVSS 4.0
MEDIUM This Month

Out-of-bounds read in HarmonyOS's image codec module can be triggered locally, with potential impact to service confidentiality and availability. Huawei disclosed this via its July 2026 security bulletin family covering consumer devices, vision products, wearables, and laptops - indicating broad exposure across the HarmonyOS device ecosystem. No public exploit code has been identified at time of analysis, and the vulnerability is not listed in CISA's KEV catalog.

Buffer Overflow Harmonyos
NVD
CVSS 4.0
MEDIUM This Month

Out-of-bounds read in the HarmonyOS image codec module allows a local unprivileged user to disrupt service availability on affected Huawei devices. Huawei's own bulletin language references potential confidentiality impact, but the NVD CVSS vector assigns C:N and A:L only - a discrepancy that warrants attention. No public exploit code and no CISA KEV listing have been identified at time of analysis, keeping real-world risk low despite the wide device footprint across Huawei phones, wearables, and laptops.

Buffer Overflow Harmonyos
NVD
EPSS 0% CVSS 4.7
MEDIUM This Month

Race condition vulnerability in the device security management module. Impact: Successful exploitation of this vulnerability may affect availability. [CVSS 4.7 MEDIUM]

Race Condition Harmonyos
NVD
EPSS 0% CVSS 6.6
MEDIUM This Month

Race condition vulnerability in the permission management service. Impact: Successful exploitation of this vulnerability may affect availability. [CVSS 6.6 MEDIUM]

Race Condition Harmonyos
NVD
EPSS 0% CVSS 7.1
HIGH This Week

Vulnerability of improper verification in the email application. Impact: Successful exploitation of this vulnerability may affect service confidentiality. [CVSS 7.1 HIGH]

Privilege Escalation Emui Harmonyos
NVD
EPSS 0% CVSS 6.8
MEDIUM This Month

Vulnerability of uninitialized pointer access in the scanning module. Impact: Successful exploitation of this vulnerability may affect availability. [CVSS 6.8 MEDIUM]

Buffer Overflow Harmonyos
NVD
EPSS 0% CVSS 5.9
MEDIUM This Month

Buffer overflow vulnerability in the scanning module. Impact: Successful exploitation of this vulnerability may affect availability. [CVSS 5.9 MEDIUM]

Buffer Overflow Harmonyos
NVD
EPSS 0% CVSS 7.3
HIGH This Week

Permission bypass vulnerability in the system service framework. Impact: Successful exploitation of this vulnerability may affect availability. [CVSS 7.3 HIGH]

Authentication Bypass Emui Harmonyos
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

Out-of-bounds write vulnerability in the IMS module. Impact: Successful exploitation of this vulnerability may affect availability. [CVSS 6.5 MEDIUM]

Buffer Overflow Harmonyos Emui
NVD
EPSS 0% CVSS 4.0
MEDIUM This Month

Race condition vulnerability in the security control module. Impact: Successful exploitation of this vulnerability may affect availability. [CVSS 4.0 MEDIUM]

Race Condition Harmonyos
NVD
EPSS 0% CVSS 5.9
MEDIUM This Month

Race condition vulnerability in the printing module. Impact: Successful exploitation of this vulnerability may affect availability. [CVSS 5.9 MEDIUM]

Race Condition Harmonyos
NVD
EPSS 0% CVSS 6.2
MEDIUM This Month

Race condition vulnerability in the printing module. Impact: Successful exploitation of this vulnerability may affect availability. [CVSS 6.2 MEDIUM]

Race Condition Harmonyos
NVD
EPSS 0% CVSS 4.4
MEDIUM This Month

Race condition vulnerability in the maintenance and diagnostics module. Impact: Successful exploitation of this vulnerability may affect availability. [CVSS 4.4 MEDIUM]

Industrial Race Condition Harmonyos
NVD
EPSS 0% CVSS 4.0
MEDIUM This Month

Harmonyos versions up to 5.1.0 is affected by permissions, privileges, and access controls (CVSS 4.0).

Privilege Escalation Harmonyos
NVD
EPSS 0% CVSS 4.0
MEDIUM This Month

Out-of-bounds character read vulnerability in Bluetooth. Impact: Successful exploitation of this vulnerability may affect service confidentiality. [CVSS 4.0 MEDIUM]

Buffer Overflow Harmonyos
NVD
EPSS 0% CVSS 6.2
MEDIUM This Month

Data processing vulnerability in the certificate management module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. [CVSS 6.2 MEDIUM]

Information Disclosure Harmonyos
NVD
EPSS 0% CVSS 5.9
MEDIUM This Month

Path traversal vulnerability in the certificate management module. Impact: Successful exploitation of this vulnerability may affect availability. [CVSS 5.9 MEDIUM]

Path Traversal Harmonyos
NVD
EPSS 0% CVSS 5.1
MEDIUM This Month

Double free vulnerability in the window module. Impact: Successful exploitation of this vulnerability may affect availability. [CVSS 5.1 MEDIUM]

Information Disclosure Harmonyos
NVD
EPSS 0% CVSS 9.6
CRITICAL Act Now

Auth bypass in device authentication module.

Authentication Bypass Harmonyos
NVD
EPSS 0% CVSS 5.8
MEDIUM This Month

Out-of-bounds write vulnerability in the file system module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. [CVSS 5.8 MEDIUM]

Buffer Overflow Harmonyos Emui
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Out-of-bounds access vulnerability in the frequency modulation module. Impact: Successful exploitation of this vulnerability may affect availability. [CVSS 5.5 MEDIUM]

Use After Free Emui Harmonyos
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

Harmonyos versions up to 6.0.0 is affected by permissions, privileges, and access controls (CVSS 6.1).

Privilege Escalation Harmonyos
NVD
EPSS 0% CVSS 6.2
MEDIUM This Month

Permission control vulnerability in the AMS module. Impact: Successful exploitation of this vulnerability may affect availability. [CVSS 6.2 MEDIUM]

Privilege Escalation Emui Harmonyos
NVD
EPSS 0% CVSS 5.9
MEDIUM This Month

Harmonyos versions up to 5.1.0 is affected by permissions, privileges, and access controls (CVSS 5.9).

Privilege Escalation Harmonyos
NVD
EPSS 0% CVSS 8.4
HIGH This Week

UAF concurrency vulnerability in the graphics module. Impact: Successful exploitation of this vulnerability may affect availability. [CVSS 8.4 HIGH]

Industrial Harmonyos
NVD
EPSS 0% CVSS 5.9
MEDIUM This Month

Out-of-bounds read vulnerability in the graphics module. Impact: Successful exploitation of this vulnerability may affect availability. [CVSS 5.9 MEDIUM]

Industrial Harmonyos
NVD
EPSS 0% CVSS 8.4
HIGH This Week

Out-of-bounds write vulnerability in the camera module. Impact: Successful exploitation of this vulnerability may affect availability. [CVSS 8.4 HIGH]

Buffer Overflow Harmonyos
NVD
EPSS 0% CVSS 7.3
HIGH This Week

Heap-based buffer overflow vulnerability in the image module. Impact: Successful exploitation of this vulnerability may affect availability. [CVSS 7.3 HIGH]

Buffer Overflow Heap Overflow Harmonyos
NVD
EPSS 0% CVSS 6.3
MEDIUM This Month

Harmonyos versions up to 6.0.0 is affected by permissions, privileges, and access controls (CVSS 6.3).

Privilege Escalation Harmonyos
NVD
EPSS 0% CVSS 6.9
MEDIUM This Month

Buffer overflow vulnerability in the HDC module. Impact: Successful exploitation of this vulnerability may affect availability. [CVSS 6.9 MEDIUM]

Buffer Overflow Harmonyos
NVD
EPSS 0% CVSS 4.8
MEDIUM This Month

Address read vulnerability in the HDC module. Impact: Successful exploitation of this vulnerability will affect availability and confidentiality. [CVSS 4.8 MEDIUM]

Buffer Overflow Information Disclosure Harmonyos
NVD
EPSS 0% CVSS 6.0
MEDIUM This Month

Out-of-bounds write vulnerability in the DFX module. Impact: Successful exploitation of this vulnerability may affect availability. [CVSS 6.0 MEDIUM]

Buffer Overflow Emui Harmonyos
NVD
EPSS 0% CVSS 6.8
MEDIUM This Month

Address read vulnerability in the communication module. Impact: Successful exploitation of this vulnerability may affect availability. [CVSS 6.8 MEDIUM]

Denial Of Service Harmonyos Emui
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

UAF vulnerability in the security module. Impact: Successful exploitation of this vulnerability may affect availability. [CVSS 6.5 MEDIUM]

Use After Free Emui Harmonyos
NVD
EPSS 0% CVSS 5.9
MEDIUM This Month

Identity authentication bypass vulnerability in the window module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. [CVSS 5.9 MEDIUM]

Authentication Bypass Harmonyos
NVD
EPSS 0% CVSS 6.2
MEDIUM This Month

Out-of-bounds read issue in the media subsystem. Impact: Successful exploitation of this vulnerability will affect availability and confidentiality. [CVSS 6.2 MEDIUM]

Buffer Overflow Information Disclosure Harmonyos
NVD
EPSS 0% CVSS 4.0
MEDIUM This Month

Type confusion vulnerability in the camera module. Impact: Successful exploitation of this vulnerability may affect availability. [CVSS 4.0 MEDIUM]

Use After Free Harmonyos
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

Permission verification bypass vulnerability in the media library module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. [CVSS 6.1 MEDIUM]

Code Injection Emui Harmonyos
NVD
EPSS 0% CVSS 6.8
MEDIUM This Month

Multi-thread race condition vulnerability in the thermal management module. Impact: Successful exploitation of this vulnerability may affect availability. [CVSS 6.8 MEDIUM]

Race Condition Harmonyos
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Double free vulnerability in the multi-mode input module. Impact: Successful exploitation of this vulnerability may affect the input function. [CVSS 7.8 HIGH]

Information Disclosure Harmonyos
NVD
EPSS 0% CVSS 5.7
MEDIUM This Month

Harmonyos versions up to 6.0.0 is affected by permissions, privileges, and access controls (CVSS 5.7).

Privilege Escalation Harmonyos
NVD
EPSS 0% CVSS 5.1
MEDIUM This Month

Permission control vulnerability in the Notepad module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. [CVSS 5.1 MEDIUM]

Information Disclosure Harmonyos
NVD
EPSS 0% CVSS 4.7
MEDIUM This Month

Permission control vulnerability in the Notepad module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. [CVSS 4.7 MEDIUM]

Information Disclosure Harmonyos
NVD
EPSS 0% CVSS 6.2
MEDIUM This Month

Data verification vulnerability in the HiView module. Impact: Successful exploitation of this vulnerability may affect availability. [CVSS 6.2 MEDIUM]

Code Injection Harmonyos
NVD
EPSS 0% CVSS 5.7
MEDIUM This Month

Man-in-the-middle attack vulnerability in the Clone module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. [CVSS 5.7 MEDIUM]

Information Disclosure Harmonyos Emui
NVD
EPSS 0% CVSS 5.1
MEDIUM This Month

Multi-thread race condition vulnerability in the camera framework module. Impact: Successful exploitation of this vulnerability may affect availability. [CVSS 5.1 MEDIUM]

Race Condition Harmonyos
NVD
EPSS 0% CVSS 5.1
MEDIUM This Month

Multi-thread race condition vulnerability in the camera framework module. Impact: Successful exploitation of this vulnerability may affect availability. [CVSS 5.1 MEDIUM]

Race Condition Harmonyos
NVD
EPSS 0% CVSS 8.4
HIGH This Week

Multi-thread race condition vulnerability in the video framework module. Impact: Successful exploitation of this vulnerability may affect availability. [CVSS 8.4 HIGH]

Race Condition Harmonyos
NVD
EPSS 0% CVSS 6.2
MEDIUM This Month

Permission verification bypass vulnerability in the media library module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. [CVSS 6.2 MEDIUM]

Information Disclosure Harmonyos Emui
NVD
EPSS 0% CVSS 8.0
HIGH This Week

Multi-thread race condition vulnerability in the card framework module. Impact: Successful exploitation of this vulnerability may affect availability. [CVSS 8.0 HIGH]

Race Condition Harmonyos
NVD
EPSS 0% CVSS 8.4
HIGH This Week

Multi-thread race condition vulnerability in the card framework module. Impact: Successful exploitation of this vulnerability may affect availability. [CVSS 8.4 HIGH]

Race Condition Harmonyos
NVD
EPSS 0% CVSS 8.0
HIGH This Week

Multi-thread race condition vulnerability in the card framework module. Impact: Successful exploitation of this vulnerability may affect availability. [CVSS 8.0 HIGH]

Race Condition Harmonyos
NVD
EPSS 0% CVSS 8.0
HIGH This Week

Multi-thread race condition vulnerability in the card framework module. Impact: Successful exploitation of this vulnerability may affect availability. [CVSS 8.0 HIGH]

Race Condition Harmonyos
NVD
EPSS 0% CVSS 4.9
MEDIUM This Month

App lock verification bypass vulnerability in the file management app. Impact: Successful exploitation of this vulnerability may affect service confidentiality.

Information Disclosure Harmonyos
NVD
EPSS 0% CVSS 8.4
HIGH This Week

Multi-thread race condition vulnerability in the network management module. Impact: Successful exploitation of this vulnerability may affect availability.

Information Disclosure Race Condition Harmonyos
NVD
EPSS 0% CVSS 7.1
HIGH This Week

Race condition vulnerability in the network module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.

Information Disclosure Race Condition Harmonyos
NVD
EPSS 0% CVSS 6.2
MEDIUM This Month

Permission control vulnerability in the package management module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.

Privilege Escalation Harmonyos Emui
NVD
EPSS 0% CVSS 4.4
MEDIUM This Month

Permission control vulnerability in the media library module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.

Information Disclosure Harmonyos
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

Race condition vulnerability in the audio module. Impact: Successful exploitation of this vulnerability may affect availability.

Use After Free Memory Corruption Information Disclosure +1
NVD
EPSS 0% CVSS 8.4
HIGH This Week

Input verification vulnerability in the compression and decompression module. Impact: Successful exploitation of this vulnerability may affect app data integrity.

Privilege Escalation Harmonyos
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

CVE-2025-66323 is a security vulnerability (CVSS 5.3). Remediation should follow standard vulnerability management procedures.

Information Disclosure Harmonyos
NVD
EPSS 0% CVSS 5.1
MEDIUM This Month

Multi-thread race condition vulnerability in the camera framework module. Impact: Successful exploitation of this vulnerability may affect availability.

Information Disclosure Race Condition Harmonyos
NVD
EPSS 0% CVSS 5.1
MEDIUM This Month

Multi-thread race condition vulnerability in the camera framework module. Impact: Successful exploitation of this vulnerability may affect availability.

Information Disclosure Race Condition Harmonyos
NVD
EPSS 0% CVSS 5.1
MEDIUM This Month

Multi-thread race condition vulnerability in the camera framework module. Impact: Successful exploitation of this vulnerability may affect availability.

Information Disclosure Race Condition Harmonyos
NVD
EPSS 0% CVSS 4.9
MEDIUM This Month

Permission control vulnerability in the file management module. Rated medium severity (CVSS 4.9), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Harmonyos
NVD
EPSS 0% CVSS 5.8
MEDIUM This Month

UAF vulnerability in the USB driver module. Rated medium severity (CVSS 5.8). No vendor patch available.

Memory Corruption Information Disclosure Use After Free +2
NVD
EPSS 0% CVSS 7.3
HIGH This Week

Vulnerability of improper criterion security check in the call module. Rated high severity (CVSS 7.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Harmonyos
NVD
EPSS 0% CVSS 6.2
MEDIUM This Month

Identity authentication bypass vulnerability in the Gallery app. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Authentication Bypass Harmonyos
NVD
EPSS 0% CVSS 4.9
MEDIUM This Month

Permission control vulnerability in the file management module. Rated medium severity (CVSS 4.9), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Harmonyos
NVD
EPSS 0% CVSS 8.4
HIGH This Week

Permission control vulnerability in the Settings module. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Emui Harmonyos
NVD
EPSS 0% CVSS 4.4
MEDIUM This Month

Configuration defect vulnerability in the file management module. Rated medium severity (CVSS 4.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Harmonyos
NVD
EPSS 0% CVSS 9.3
CRITICAL Act Now

Permission control vulnerability in the memory management module. Rated critical severity (CVSS 9.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Information Disclosure Harmonyos
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

Denial of service (DoS) vulnerability in the office service. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Race Condition Microsoft +1
NVD
EPSS 0% CVSS 5.1
MEDIUM This Month

Permission control vulnerability in the Notepad module. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required. No vendor patch available.

Information Disclosure Harmonyos
NVD
EPSS 0% CVSS 7.3
HIGH This Week

DoS vulnerability in the video-related system service module. Rated high severity (CVSS 7.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Race Condition Information Disclosure Harmonyos
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Permission control vulnerability in the Wi-Fi module. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Harmonyos
NVD
EPSS 0% CVSS 6.6
MEDIUM This Month

Vulnerability of accessing invalid memory in the component driver module. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Emui +1
NVD
EPSS 0% CVSS 5.1
MEDIUM This Month

Permission control vulnerability in the App Lock module. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required. No vendor patch available.

Privilege Escalation Harmonyos
NVD
EPSS 0% CVSS 8.0
HIGH This Week

Permission control vulnerability in the distributed component. Rated high severity (CVSS 8.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Information Disclosure Harmonyos
NVD
EPSS 0% CVSS 6.8
MEDIUM This Month

Permission control vulnerability in the startup recovery module. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Harmonyos
NVD
EPSS 0% CVSS 6.4
MEDIUM This Month

UAF vulnerability in the screen recording framework module. Rated medium severity (CVSS 6.4). No vendor patch available.

Memory Corruption Information Disclosure Use After Free +1
NVD
EPSS 0% CVSS 8.4
HIGH This Week

UAF vulnerability in the screen recording framework module. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Race Condition Information Disclosure Harmonyos
NVD
EPSS 0% CVSS 6.2
MEDIUM This Month

Permission control vulnerability in the print module. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Harmonyos
NVD
EPSS 0% CVSS 5.1
MEDIUM This Month

Race condition vulnerability in the device standby module. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required. No vendor patch available.

Information Disclosure Race Condition Harmonyos
NVD
Page 1 of 9 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy