Cleo Harmony < 5.8.0.24 - File Upload Vulnerability

In Cleo Harmony before 5.8.0.24, VLTrader before 5.8.0.24, and LexiCom before 5.8.0.24, an unauthenticated user can import and execute arbitrary Bash or PowerShell commands on the host system by leveraging the default settings of the Autorun directory. id: CVE-2024-55956 info: name: Cleo Harmony...

Cleo Harmony < 5.8.0.21 - Arbitary File Read

In Cleo Harmony before 5.8.0.21, VLTrader before 5.8.0.21, and LexiCom before 5.8.0.21, there is an unrestricted file upload and download that could lead to remote code execution. id: CVE-2024-50623 info: name: Cleo Harmony 5.8.0.21 - Arbitary File Read author: DhiyaneshDK severity: high...

CVE-2026-33565

in OpenHarmony v6.0 and prior versions allow a local attacker cause DOS...

Malicious code in harmony-enablers-test-2026 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 521750de73af036add5d962dbfcb9433e4ca0dff123313be9e4d30d0893edac4 On npm install, the package.json preinstall hook runs node telemetry.js, which performs a DNS lookup against test-callback.d87u1z3.oast.live — an...

MAL-2026-4251 Malicious code in harmony-enablers-test-2026 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 521750de73af036add5d962dbfcb9433e4ca0dff123313be9e4d30d0893edac4 On npm install, the package.json preinstall hook runs node telemetry.js, which performs a DNS lookup against test-callback.d87u1z3.oast.live — an...

CVE-2026-24792

in OpenHarmony v6.0 and prior versions allow a remote attacker arbitrary code execution in pre-installed apps...

CVE-2026-33565 kernel_linux_common_modules has a Race Condition vulnerability

in OpenHarmony v6.0 and prior versions allow a local attacker cause DOS...

CVE-2026-28733

The CVE-2026-28733 entry concerns a use-after-free vulnerability in the OpenHarmony filemanagement_storage_service affecting OpenHarmony v6.0 and earlier. The weakness enables a local attacker to achieve arbitrary code execution, as described in the CVE entry. The provided metrics indicate a medi...

EUVD-2026-30834

in OpenHarmony v6.0 and prior versions allow a local attacker arbitrary code execution...

CVE-2026-27766

Technical details about CVE-2026-27766 are not publicly available in the provided documents. Monitor for updates from OpenHarmony security disclosures and the CVE record.

CVE-2026-27781 kernel_liteos_a has an integer overflow vulnerability

in OpenHarmony v6.0 and prior versions allow a local attacker cause DOS...

CVE-2026-27781

CVE-2026-27781 affects OpenHarmony v6.0 and earlier, targeting the kernel_liteos_a component. The connected data indicate an integer overflow vulnerability that can be exploited by a local attacker to cause a denial of service . The CVSS v3.1 vector (AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L) and base ...

CVE-2026-25110 Sensors_medical_sensor has a NULL pointer dereference vulnerability

in OpenHarmony v6.0 and prior versions allow a local attacker cause DOS...

CVE-2026-25110

CVE-2026-25110 affects OpenHarmony v6.0 and earlier, where the Sensors_medical_sensor contains a NULL pointer dereference vulnerability that can be triggered locally to cause a denial of service. The description indicates a local attacker can induce a crash/DOS, but the connected documents do not...

Huawei EMUI和Huawei HarmonyOS 安全漏洞

Huawei EMUI and Huawei HarmonyOS are both products of the Chinese company Huawei. Huawei EMUI is a mobile operating system developed based on Android. Huawei HarmonyOS is an operating system that provides a full-scenario distributed operating system based on a microkernel. Both Huawei EMUI and...

Huawei EMUI和Huawei HarmonyOS 缓冲区错误漏洞

Huawei EMUI and Huawei HarmonyOS are both products of the Chinese company Huawei. Huawei EMUI is a mobile operating system developed based on Android. Huawei HarmonyOS is an operating system that provides a full-scenario distributed operating system based on a microkernel. Both Huawei EMUI and...

MAL-2026-2689 Malicious code in @pnc-ref/harmony-core-v18 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e9af3593ce67756288a2b5c3d0b337f86b5dc510085895bc2d8f76629a79a350 The package @pnc-ref/harmony-core-v18 was found to contain malicious code. Source: ghsa-malware...

Malicious code in @pnc-ref/harmony-support-v18 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e3c6a47dfcf980f2cd22ec066b1f85f003d7001a45e28ee6a5541e4b18e5edc5 The package @pnc-ref/harmony-support-v18 was found to contain malicious code. Source: ghsa-malware...

Malicious code in @pnc-ref/harmony-core-v18 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e9af3593ce67756288a2b5c3d0b337f86b5dc510085895bc2d8f76629a79a350 The package @pnc-ref/harmony-core-v18 was found to contain malicious code. Source: ghsa-malware...

MAL-2026-2690 Malicious code in @pnc-ref/harmony-support-v18 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e3c6a47dfcf980f2cd22ec066b1f85f003d7001a45e28ee6a5541e4b18e5edc5 The package @pnc-ref/harmony-support-v18 was found to contain malicious code. Source: ghsa-malware...