Amd

Vendor security scorecard – 3 CVEs in the selected period

Period: 30d 90d 6m 1y All

Risk 12

3

CVEs

0

Critical

3

High

0

KEV

0

PoC

2

Unpatched C/H

33.3%

Patch Rate

0.0%

Avg EPSS

Severity Breakdown

CRITICAL

0

HIGH

3

MEDIUM

0

LOW

0

Monthly CVE Trend

Affected Products (14)

Linux Kernel 56 Null Pointer Dereference 17 Debian Linux 12 Memory Corruption 7 Uprof 5 Integer Overflow 3 Use After Free 2 Jwt Attack 1 Poweredge R7425 Firmware 1 Poweredge R7415 Firmware 1 Node.js 1 Windows 1 Race Condition 1 Poweredge R6415 Firmware 1

Top Risky CVEs

CVE	Summary	Severity	CVSS	EPSS	Priority	Signals
CVE-2026-33941	The Handlebars npm package precompiler (bin/handlebars) allows arbitrary JavaScript injection through unsanitized string concatenation in four distinct code paths: template filenames, namespace option (-n), CommonJS path option (-c), and AMD path option (-h). Attackers who can control template filenames or CLI arguments can inject code that executes when the generated JavaScript bundle is loaded in Node.js or browser environments. Publicly available exploit code exists with multiple proof-of-concept vectors demonstrated, including file system manipulation via require('fs'). CVSS 8.3 reflects local attack vector requiring low privileges and user interaction, with changed scope allowing high confidentiality, integrity, and availability impact.	HIGH	8.2	0.0%	41
CVE-2026-33697	Attested TLS relay attacks in Cocos AI confidential computing system versions 0.4.0 through 0.8.2 enable attackers to impersonate genuine TEE-protected services on AMD SEV-SNP and Intel TDX platforms by extracting ephemeral TLS private keys and redirecting authenticated sessions. The architectural flaw allows an attacker with physical access or side-channel capabilities to relay attestation evidence to a different endpoint, breaking the authentication binding between the TEE and the client. No vendor-released patch is available; the vulnerability affects a specialized confidential computing platform with low EPSS probability (formal EPSS score not provided in input) and no public exploit identified at time of analysis, though formal ProVerif verification confirms the attack feasibility.	HIGH	7.5	0.0%	38	No patch
CVE-2025-54601	Race condition in Samsung Exynos Wi-Fi drivers enables local privilege escalation to kernel execution via double-free memory corruption. Affects 11 mobile and wearable processors (Exynos 980, 850, 1080, 1280, 1330, 1380, 1480, 1580, W920, W930, W1000). Local attackers with low privileges can trigger memory corruption by racing ioctl calls across threads, achieving high confidentiality, integrity, and availability impact. EPSS score of 0.02% (5th percentile) suggests minimal real-world exploitation likelihood despite CVSS 7.0 severity. No public exploit identified at time of analysis.	HIGH	7.0	0.0%	35	No patch

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy