Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
10192
Total
692
Critical
2939
High
3205
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2025-0044 | UNKNOWN | — | An out-of-bounds read in power management firmware by a malicious local attacker with low privileges could potentially lead to a partial loss of confidentiality and … | May 15, 2026 |
| CVE-2025-0040 | UNKNOWN | — | Improper access control between the Joint Test Action Group (JTAG) and Advanced Extensible Interface (AXI) could allow an attacker with physical access to read or … | May 15, 2026 |
| CVE-2025-0028 | UNKNOWN | — | An unchecked return value within the AMD Platform Management Framework (PMF) could allow an attacker to read or modify an arbitrary address potentially resulting in … | May 15, 2026 |
| CVE-2024-36332 | UNKNOWN | — | Improper isolation of GPU HW register space could allow a privileged attacker in malicious Guest Virtual Machine (VM) to perform unauthorized access to specific victim … | May 15, 2026 |
| CVE-2024-21962 | UNKNOWN | — | Improper Input Validation in the AMD RAID driver could allow an attacker to point to an arbitrary memory location potentially resulting in privilege escalation and … | May 15, 2026 |
| CVE-2023-31317 | UNKNOWN | — | Improper restriction of operations within the bounds of a memory buffer in the AMD secure processer (ASP) could allow an attacker to read or write … | May 15, 2026 |
| CVE-2023-31316 | UNKNOWN | — | Improperly preserved integrity of hardware configuration state during a power save/restore operation in the AMD Secure Processor (ASP) could allow an attacker with the ability … | May 15, 2026 |
| CVE-2023-31309 | UNKNOWN | — | Improper validation in Power Management Firmware (PMFW) may allow an attacker with privileges to pass malformed workload arguments when exporting table data from SMU to … | May 15, 2026 |
| CVE-2022-23826 | UNKNOWN | — | A TOCTOU (Time-Of-Check to Time-Of-Use) in the graphics interface may allow an attacker to load registers repeatedly creating a race condition potentially leading to a … | May 15, 2026 |
| CVE-2021-26380 | UNKNOWN | — | A compromised Trusted OS (TOS) driver could issue a malformed call that could potentially allow memory access outside the intended range resulting in loss of … | May 15, 2026 |
| CVE-2026-8612 | MEDIUM | 5.3 | WWW::Mechanize::Cached versions before 2.00 for Perl deserialize cached HTTP responses from a world-writable on-disk cache, enabling local response forgery and code execution. With no explicit … | May 15, 2026 |
| CVE-2026-0438 | UNKNOWN | — | A System Management Mode (SMM) handler could perform a callout to code located in non-SMM/untrusted memory. A highly privileged attacker could, with active user interaction … | May 15, 2026 |
| CVE-2026-0432 | UNKNOWN | — | Incorrect default permissions in the installation directory for the AMD chipset driver could allow an attacker to achieve privilege escalation resulting in arbitrary code execution. | May 15, 2026 |
| CVE-2025-52540 | UNKNOWN | — | An improper input validation vulnerability within the AMD Platform Management Framework (PMF) Driver can allow a local attacker to write Out-of-Bounds, potentially resulting in privilege … | May 15, 2026 |
| CVE-2025-48521 | UNKNOWN | — | Improper input validation in the AMD Secure Processor (ASP) PCI driver could allow a local attacker to trigger a Use-After-Free (UAF) condition, potentially resulting in … | May 15, 2026 |
| CVE-2025-48520 | UNKNOWN | — | An improper input validation vulnerability within the AMD Platform Management Framework (PMF) driver can allow a local attacker to read Out-of-Bounds potentially resulting in information … | May 15, 2026 |
| CVE-2025-48519 | UNKNOWN | — | An improper input validation vulnerability within the AMD Platform Management Framework (PMF) driver can allow a local attacker to read or write Out-of-Bounds, potentially resulting … | May 15, 2026 |
| CVE-2025-48512 | UNKNOWN | — | Incorrect default permissions in the installation directory for the AMD general-purpose input/output controller (GPIO) could allow an attacker to achieve privilege escalation resulting in arbitrary … | May 15, 2026 |
| CVE-2025-0045 | UNKNOWN | — | Improper Input validation in the AMD Secure Processor (ASP) PCI driver may allow a local attacker to create a buffer overflow condition, potentially resulting in … | May 15, 2026 |
| CVE-2024-36345 | UNKNOWN | — | Improper input validation in the AMD OverDrive (AOD) System Management Mode (SMM) module could allow a privileged attacker to perform an out-of-bounds read, potentially resulting … | May 15, 2026 |
| CVE-2026-6811 | MEDIUM | 5.9 | Stack exhaustion vulnerability in the MongoDB PHP driver can cause application crashes when processing deeply nested BSON documents in unusual circumstances when the source of … | May 14, 2026 |
| CVE-2026-45248 | MEDIUM | 5.3 | Hedera Guardian through 3.5.1 contains an authentication bypass vulnerability in the GET /api/v1/demo/registered-users endpoint that allows unauthenticated attackers to retrieve sensitive user information. Attackers can … | May 14, 2026 |
| CVE-2026-44671 | HIGH | 7.5 | ZITADEL is an open source identity management platform. From 2.71.11 to before 3.4.10 and 4.15.0, a vulnerability was discovered in Zitadel's LDAP identity provider implementation, … | May 14, 2026 |
| CVE-2026-44428 | UNKNOWN | — | The MCP Registry provides MCP clients with a list of MCP servers, like an app store for MCP servers. Prior to 1.7.6, the client-side and … | May 14, 2026 |
| CVE-2026-44427 | UNKNOWN | — | The MCP Registry provides MCP clients with a list of MCP servers, like an app store for MCP servers. From 1.1.0 to 1.7.4, the TrailingSlashMiddleware … | May 14, 2026 |