ROS-20260529-73-0013

The vulnerability of HashiCorp’s Vault Community Edition and Vault Enterprise storage platforms relates to the disclosure of information during data transmission. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and accessibility of the protected...

CVE-2026-40833 Authenticated SQLi in saveDashboardLayout function

An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the dash.php files saveDashboardLayout function due to improper neutralization of special elements in a SQL INSERT command allowing for reading the whole database and inserting entries into a non...

CVE-2026-40823 Authenticated SQLi in DevSerialReset function

A high privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the DevSerialReset function due to improper neutralization of special elements in a SQL UPDATE command allowing for reading the whole database and changing values in a non critical table. This can resu...

CVE-2024-36343

CVE-2024-36343 describes improper input validation in the System Management Mode (SMM) communications buffer, enabling a privileged attacker to perform an out-of-bounds read or write in a limited portion of the Top of Memory Segment (TSEG) on AMD platforms. The issue can impact confidentiality an...

CVE-2024-36343

Improper input validation in the System Management Mode SMM communications buffer could allow a privileged attacker to perform an out of bounds read or write to a limited section of the Top of Memory Segment TSEG memory region, potentially resulting in loss of confidentiality or integrity...

CVE-2026-0427

CVE-2026-0427 is tied to AMD GPU firmware: improper cleanup of shared register resources could allow an admin-privileged attacker in one Guest VM to access shared resources from another Guest VM. The vulnerability targets the GPU firmware’s handling of shared register space, enabling potential lo...

EUVD-2025-209878

Improper handling of insufficient privileges in the AMD Secure Processor ASP could allow an attacker to provide an input value to a function without sufficient privileges and successfully write data, potentially resulting in loss of integrity of availability...

CVE-2025-54511

Improper handling of insufficient privileges in the AMD Secure Processor ASP could allow an attacker to provide an input value to a function without sufficient privileges and successfully write data, potentially resulting in loss of integrity of availability...

CVE-2022-23826

A TOCTOU Time-Of-Check to Time-Of-Use in the graphics interface may allow an attacker to load registers repeatedly creating a race condition potentially leading to a loss of integrity...

CVE-2022-23826

A TOCTOU Time-Of-Check to Time-Of-Use in the graphics interface may allow an attacker to load registers repeatedly creating a race condition potentially leading to a loss of integrity...

CVE-2021-26380

A compromised Trusted OS TOS driver could issue a malformed call that could potentially allow memory access outside the intended range resulting in loss of integrity...

EUVD-2026-30496

A System Management Mode SMM handler could perform a callout to code located in non-SMM/untrusted memory. A highly privileged attacker could, with active user interaction and under high complexity and present preconditions, trigger execution of attacker-controlled code in SMM, potentially...

AMD Graphics Driver 输入验证错误漏洞

The AMD Graphics Driver is an integrated graphics driver developed by American semiconductor company AMD. The AMD Graphics Driver has a vulnerability related to input validation errors. This vulnerability arises from the possibility of abnormal calls being made by the driver, which may lead to...

AMD多款产品 安全漏洞

The AMD Instinct MI210 and AMD Instinct MI250 are both GPU acceleration cards developed by American semiconductor company AMD. Several AMD products have security vulnerabilities. These vulnerabilities stem from improper handling of insufficient permissions, which may allow attackers to provide...

PT-2026-41247

An out of bounds write within the AMD Platform Management Framework PMF could allow an attacker to execute arbitrary code at an elevated privilege level potentially leading to loss of confidentiality integrity, or availability...

CVE-2026-44379 MISP: Improper UUID validation in MISP Collections

MISP is an open source threat intelligence and sharing platform. Prior to 2.5.37, MISP Collections did not enforce RFC 4122 UUID validation on the uuid field. As a result, a user able to create or modify Collection records could submit malformed UUID values, potentially causing integrity issues o...

CVE-2026-22924

A vulnerability has been identified in SIMATIC CN 4100 All versions V5.0. The affected application does not properly restrict unauthenticated connections and is susceptible to resource exhaustion conditions. This could allow an attacker to disrupt normal operations or perform unauthorized actions...

EUVD-2026-29364

SAP TAFAPPLAUNCHER within Business Server Pages allows an unauthenticated attacker to craft malicious links that, when clicked by a victim, redirects them to attacker?controlled sites, potentially exposing or altering sensitive information in the victim�s browser. This results in a low impact on...

D-Link M60 License Issue Vulnerability

The D-Link M60 is a wireless routing device from China-based D-Link. An authorization issue vulnerability exists in D-Link M60 version 1.20B02 and prior versions, which stems from a weak password recovery issue in the file /usr/bin/httpd, and can be exploited by an attacker to cause...

HCL DFXAnalytics 安全漏洞

HCL DFXAnalytics is a software delivery and operations analytics platform developed by the Indian company HCL. HCL DFXAnalytics has a security vulnerability, which stems from insufficient transport layer protection. Data is transmitted over the network without encryption, allowing attackers to...