Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
10192
Total
692
Critical
2939
High
3205
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-43490 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: ksmbd: validate inherited ACE SID length smb_inherit_dacl() walks the parent directory DACL loaded from the … | May 15, 2026 |
| CVE-2026-28761 | HIGH | 8.1 | Cross-site request forgery vulnerability exists in Musetheque V4 Information Disclosure for IPKNOWLEDGE V4L1 rev2203.0 and earlier. If a user views a malicious page while logged-in … | May 15, 2026 |
| CVE-2026-24662 | MEDIUM | 5.4 | Cross-site scripting vulnerability exists in Musetheque V4 Information Disclosure for IPKNOWLEDGE V4L1 rev2203.0 and earlier. If a file containing malicious contents is uploaded, an arbitrary … | May 15, 2026 |
| CVE-2026-0481 | UNKNOWN | — | Unrestricted IP address binding in the AMD Device Metrics Exporter (ROCm ecosystem) could allow a remote attacker to perform unauthorized changes to the GPU configuration, … | May 15, 2026 |
| CVE-2025-54518 | UNKNOWN | — | Improper isolation of shared resources within the CPU operation cache on Zen 2-based products could allow an attacker to corrupt instructions executed at a different … | May 15, 2026 |
| CVE-2025-52532 | UNKNOWN | — | A race condition in the MxGPU-Virtualization driver’s ioctl path caused by concurrent unsynchronized access to the global variable amdgv_cmd in an unlocked ioctl handler could … | May 15, 2026 |
| CVE-2024-36334 | UNKNOWN | — | Improper verification of cryptographic signature in the Radeon RGB tool could allow a malicious file placed in the installation directory to be run with elevated … | May 15, 2026 |
| CVE-2024-36333 | UNKNOWN | — | A DLL hijacking vulnerability in the AMD Cleanup Utility could allow an attacker to achieve privilege escalation potentially resulting in arbitrary code execution. | May 15, 2026 |
| CVE-2024-36323 | UNKNOWN | — | Improper isolation of VCN-JPEG HW register space could allow a malicious Guest Virtual Machine (VM) or a process to perform unauthorized access to the register … | May 15, 2026 |
| CVE-2024-21950 | UNKNOWN | — | An out of bounds read in the remote management firmware could allow a privileged attacker read a limited section of memory outside of established bounds … | May 15, 2026 |
| CVE-2026-7373 | UNKNOWN | — | Rapid7 Metasploit Pro is vulnerable to a local privilege escalation attack that allows users to gain SYSTEM level control of a Windows host. Upon startup … | May 15, 2026 |
| CVE-2026-2652 | HIGH | 8.6 | A vulnerability in mlflow/mlflow versions 3.9.0 and earlier allows unauthenticated access to certain FastAPI routes when the server is started with authentication enabled (`--app-name basic-auth`) … | May 15, 2026 |
| CVE-2026-0428 | UNKNOWN | — | Insufficient parameter sanitization in TEE SOC Driver could allow an attacker to issue a malformed DRV_SOC_CMD_ID_SRIOV_COPY_VF_CHIPLET_REGS to write invalid data to a remote Die, potentially … | May 15, 2026 |
| CVE-2026-0427 | UNKNOWN | — | Improper cleanup of shared register resources in GPU firmware could allow an admin-privileged attacker from a Guest Virtual machine (VM) to access these shared resources … | May 15, 2026 |
| CVE-2025-66664 | UNKNOWN | — | Insufficient parameter sanitization in AMD Secure Processor (ASP) TEE SOC Driver could allow an attacker to issue a malformed DRV_SOC_CMD_ID_LOAD_GFX_IP_FW SR-IOV command to cause out-of-bounds … | May 15, 2026 |
| CVE-2025-66660 | UNKNOWN | — | Insufficient parameter sanitization in TEE SOC Driver could allow an attacker to issue a malformed DRV_SOC_CMD_ID_SRIOV_CHECK_TA_COMPAT to cause incorrect shared memory mapping, potentially resulting in … | May 15, 2026 |
| CVE-2025-54517 | UNKNOWN | — | Out of bounds write in AMD AMDGV_CMD_GET_DIAG_DATA ioctl handler could allow a local user to escalate privileges via remote code execution. | May 15, 2026 |
| CVE-2025-54511 | UNKNOWN | — | Improper handling of insufficient privileges in the AMD Secure Processor (ASP) could allow an attacker to provide an input value to a function without sufficient … | May 15, 2026 |
| CVE-2025-48516 | UNKNOWN | — | Insecure default configuration state of DDR5 memory module by AGESA Bootloader Firmware could allow an attacker with local user privilege to abuse the unprotected PMIC … | May 15, 2026 |
| CVE-2025-48513 | UNKNOWN | — | Use of uninitialized resource within the AMD Platform Management Framework (PMF) could allow an attacker to read a uninitialized kernel memory resulting in loss of … | May 15, 2026 |
| CVE-2025-29944 | UNKNOWN | — | A buffer overflow vulnerability within AMD Sensor Fusion Hub Driver can allow a local attacker to write out of bounds, potentially resulting in denial of … | May 15, 2026 |
| CVE-2025-29938 | UNKNOWN | — | An unchecked return value within the AMD Platform Management Framework (PMF) could allow an attacker to write to an arbitrary memory address resulting in denial … | May 15, 2026 |
| CVE-2025-29937 | UNKNOWN | — | An out of bounds read within the AMD Platform Management Framework (PMF) could allow an attacker to trigger a read of an arbitrary memory location … | May 15, 2026 |
| CVE-2025-29936 | UNKNOWN | — | Improper input validation within the AMD Platform Management Framework (PMF) could allow an attacker to unmap arbitrary memory pages potentially impacting integrity and availability, or … | May 15, 2026 |
| CVE-2025-29935 | UNKNOWN | — | An out of bounds write within the AMD Platform Management Framework (PMF) could allow an attacker to execute arbitrary code at an elevated privilege level … | May 15, 2026 |