Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Canva Canva – Design beautiful blog graphics allows Reflected XSS.This issue affects Canva – Design beautiful blog graphics: from n/a through...
7.1CVSS
7.4AI Score
0.0004EPSS
The Scalable Vector Graphics (SVG) WordPress plugin through 3.4 does not sanitize uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS...
6.2AI Score
0.0004EPSS
Improper Access Control in the AMD SPI protection feature may allow a user with Ring0 (kernel mode) privileged access to bypass protections potentially resulting in loss of integrity and...
7.3AI Score
0.0004EPSS
Improper input validation in the AMD RadeonTM Graphics display driver may allow an attacker to corrupt the display potentially resulting in denial of...
7.5CVSS
7.3AI Score
0.0005EPSS
Improper input validation in the SMM Supervisor may allow an attacker with a compromised SMI handler to gain Ring0 access potentially leading to arbitrary code...
9.8CVSS
8AI Score
0.001EPSS
Insufficient protections in System Management Mode (SMM) code may allow an attacker to potentially enable escalation of privilege via local...
7.8CVSS
7.7AI Score
0.0004EPSS
TOCTOU in the ASP Bootloader may allow an attacker with physical access to tamper with SPI ROM records after memory content verification, potentially leading to loss of confidentiality or a denial of...
5.7CVSS
5.3AI Score
0.0005EPSS
Improper signature verification of RadeonTM RX Vega M Graphics driver for Windows may allow an attacker with admin privileges to launch RadeonInstaller.exe without validating the file signature potentially leading to arbitrary code...
6.7CVSS
7.7AI Score
0.0004EPSS
Improper signature verification of RadeonTM RX Vega M Graphics driver for Windows may allow an attacker with admin privileges to launch AMDSoftwareInstaller.exe without validating the file signature potentially leading to arbitrary code...
6.7CVSS
7.7AI Score
0.0004EPSS
Insufficient protections in System Management Mode (SMM) code may allow an attacker to potentially enable escalation of privilege via local...
7.8CVSS
7.7AI Score
0.0004EPSS
A race condition in System Management Mode (SMM) code may allow an attacker using a compromised user space to leverage CVE-2018-8897 potentially resulting in privilege...
8.1CVSS
7.5AI Score
0.001EPSS
Improper access control in System Management Mode (SMM) may allow an attacker to write to SPI ROM potentially leading to arbitrary code...
9.8CVSS
7.8AI Score
0.001EPSS
Insufficient bounds checking in the ASP (AMD Secure Processor) may allow an attacker to access memory outside the bounds of what is permissible to a TA (Trusted Application) resulting in a potential denial of...
5.5CVSS
7.3AI Score
0.0004EPSS
Insufficient validation of SPI flash addresses in the ASP (AMD Secure Processor) bootloader may allow an attacker to read data in memory mapped beyond SPI flash resulting in a potential loss of availability and...
6.1CVSS
7.2AI Score
0.0004EPSS
Failure to validate the AMD SMM communication buffer may allow an attacker to corrupt the SMRAM potentially leading to arbitrary code...
9.8CVSS
7.4AI Score
0.013EPSS
An improper privilege management in the AMD Radeon™ Graphics driver may allow an authenticated attacker to craft an IOCTL request to gain I/O control over arbitrary hardware ports or physical addresses resulting in a potential arbitrary code...
7.8CVSS
7AI Score
0.0004EPSS
7.8CVSS
7.3AI Score
0.001EPSS
Improper initialization of variables in the DXE driver may allow a privileged user to leak sensitive information via local...
5.5CVSS
5AI Score
0.0004EPSS
Improper initialization of variables in the DXE driver may allow a privileged user to leak sensitive information via local...
4.4CVSS
5.1AI Score
0.0004EPSS
Server-Side Request Forgery (SSRF) vulnerability in Apache Software Foundation Apache XML Graphics Batik.This issue affects Apache XML Graphics Batik: 1.16. A malicious SVG can probe user profile / data and send it directly as parameter to a...
4.4CVSS
5.1AI Score
0.001EPSS
Server-Side Request Forgery (SSRF) vulnerability in Apache Software Foundation Apache XML Graphics Batik.This issue affects Apache XML Graphics Batik: 1.16. On version 1.16, a malicious SVG could trigger loading external resources by default, causing resource consumption or in some cases even...
7.1CVSS
6.6AI Score
0.001EPSS
A division-by-zero error on some AMD processors can potentially return speculative data resulting in loss of...
5.5CVSS
5.4AI Score
0.001EPSS
An attacker with specialized hardware and physical access to an impacted device may be able to perform a voltage fault injection attack resulting in compromise of the ASP secure boot potentially leading to arbitrary code...
6.8CVSS
6.7AI Score
0.001EPSS
A side channel vulnerability on some of the AMD CPUs may allow an attacker to influence the return address prediction. This may result in speculative execution at an attacker-controlled address, potentially leading to information...
4.7CVSS
6.6AI Score
0.0004EPSS
Insufficient input validation in CpmDisplayFeatureSmm may allow an attacker to corrupt SMM memory by overwriting an arbitrary bit in an attacker-controlled pointer potentially leading to arbitrary code execution in...
7.8CVSS
7.8AI Score
0.0004EPSS
An issue in “Zen 2” CPUs, under specific microarchitectural circumstances, may allow an attacker to potentially access sensitive...
5.5CVSS
6.7AI Score
0.001EPSS
Insufficient input validation in the ASP (AMD Secure Processor) bootloader may allow an attacker with a compromised Uapp or ABL to coerce the bootloader into exposing sensitive information to the SMU (System Management Unit) resulting in a potential loss of confidentiality and...
9.1CVSS
8.8AI Score
0.001EPSS
Insufficient bounds checking in ASP (AMD Secure Processor) may allow for an out of bounds read in SMI (System Management Interface) mailbox checksum calculation triggering a data abort, resulting in a potential denial of...
7.5CVSS
7.9AI Score
0.0005EPSS
Insufficient input validation in ABL may enable a privileged attacker to corrupt ASP memory, potentially resulting in a loss of integrity or code...
8.8CVSS
8.8AI Score
0.001EPSS
Insufficient input validation in ASP may allow an attacker with a compromised SMM to induce out-of-bounds memory reads within the ASP, potentially leading to a denial of...
7.5CVSS
7.7AI Score
0.0005EPSS
Improper syscall input validation in AMD TEE (Trusted Execution Environment) may allow an attacker with physical access and control of a Uapp that runs under the bootloader to reveal the contents of the ASP (AMD Secure Processor) bootloader accessible memory to a serial port, resulting in a...
6.1CVSS
6.5AI Score
0.001EPSS
Insufficient validation of inputs in SVC_MAP_USER_STACK in the ASP (AMD Secure Processor) bootloader may allow an attacker with a malicious Uapp or ABL to send malformed or invalid syscall to the bootloader resulting in a potential denial of service and loss of...
9.1CVSS
9.1AI Score
0.0005EPSS
Time-of-check Time-of-use (TOCTOU) in the BIOS2PSP command may allow an attacker with a malicious BIOS to create a race condition causing the ASP bootloader to perform out-of-bounds SRAM reads upon an S3 resume event potentially leading to a denial of...
5.9CVSS
6.4AI Score
0.0005EPSS
Failure to unmap certain SysHub mappings in error paths of the ASP (AMD Secure Processor) bootloader may allow an attacker with a malicious bootloader to exhaust the SysHub resources resulting in a potential denial of...
7.5CVSS
8.4AI Score
0.0005EPSS
Insufficient bounds checking in ASP may allow an attacker to issue a system call from a compromised ABL which may cause arbitrary memory values to be initialized to zero, potentially leading to a loss of...
5.5CVSS
7.2AI Score
0.0004EPSS
Certain size values in firmware binary headers could trigger out of bounds reads during signature validation, leading to denial of service or potentially limited leakage of information about out-of-bounds memory...
8.2CVSS
8.6AI Score
0.0005EPSS
Insufficient bounds checking in ASP (AMD Secure Processor) may allow for an out of bounds read in SMI (System Management Interface) mailbox checksum calculation triggering a data abort, resulting in a potential denial of...
7.5CVSS
7.9AI Score
0.0005EPSS
Insufficient validation in parsing Owner's Certificate Authority (OCA) certificates in SEV (AMD Secure Encrypted Virtualization) and SEV-ES user application can lead to a host crash potentially resulting in denial of...
7.5CVSS
8.5AI Score
0.0004EPSS
Failure to validate the length fields of the ASP (AMD Secure Processor) sensor fusion hub headers may allow an attacker with a malicious Uapp or ABL to map the ASP sensor fusion hub region and overwrite data structures leading to a potential loss of confidentiality and...
9.1CVSS
9AI Score
0.001EPSS
A compromised or malicious ABL or UApp could send a SHA256 system call to the bootloader, which may result in exposure of ASP memory to userspace, potentially leading to information...
5.5CVSS
7.2AI Score
0.0004EPSS
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Corel CorelDRAW Graphics Suite 23.5.0.506. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw....
5.5CVSS
5.2AI Score
0.001EPSS
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Corel CorelDRAW Graphics Suite 23.5.0.506. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw....
5.5CVSS
5.2AI Score
0.001EPSS
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Corel CorelDRAW Graphics Suite 23.5.0.506. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists.....
7.8CVSS
7.7AI Score
0.001EPSS
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Corel CorelDRAW Graphics Suite 23.5.0.506. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists.....
7.8CVSS
7.8AI Score
0.001EPSS
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Corel CorelDRAW Graphics Suite 23.5.0.506. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists.....
7.8CVSS
7.8AI Score
0.001EPSS
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Corel CorelDRAW Graphics Suite 23.5.0.506. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists.....
7.8CVSS
7.8AI Score
0.001EPSS
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Corel CorelDRAW Graphics Suite 23.5.0.506. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists.....
7.8CVSS
7.8AI Score
0.001EPSS
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Corel CorelDRAW Graphics Suite 23.5.0.506. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw....
5.5CVSS
5.2AI Score
0.001EPSS
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Corel CorelDRAW Graphics Suite 23.5.0.506. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw....
5.5CVSS
5.2AI Score
0.001EPSS
A vulnerability in Batik of Apache XML Graphics allows an attacker to run Java code from untrusted SVG via JavaScript. This issue affects Apache XML Graphics prior to 1.16. Users are recommended to upgrade to version...
7.5CVSS
7.4AI Score
0.009EPSS