Search
Search Results (1071 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-31317 | 1 Amd | 6 Instinct Mi210, Instinct Mi250, Radeon Pro W6000 Series and 3 more | 2026-05-15 | N/A |
| Improper restriction of operations within the bounds of a memory buffer in the AMD secure processer (ASP) could allow an attacker to read or write to protected memory potentially resulting in arbitrary code execution. | ||||
| CVE-2024-36323 | 1 Amd | 6 Instinct Mi300a, Instinct Mi300x, Instinct Mi308x and 3 more | 2026-05-15 | N/A |
| Improper isolation of VCN-JPEG HW register space could allow a malicious Guest Virtual Machine (VM) or a process to perform unauthorized access to the register space of the JPEG cores assigned a victim VM/process, potentially gaining arbitrary read/write access to the victim VM/process data. | ||||
| CVE-2025-52532 | 1 Amd | 8 Instinct Mi210, Instinct Mi250, Instinct Mi300a and 5 more | 2026-05-15 | N/A |
| A race condition in the MxGPU-Virtualization driver’s ioctl path caused by concurrent unsynchronized access to the global variable amdgv_cmd in an unlocked ioctl handler could be exploited by an attacker to trigger a heap-based buffer overflow, potentially resulting in denial-of-service within the vulnerable system context. | ||||
| CVE-2024-21950 | 1 Amd | 4 Instinct Mi300a, Instinct Mi300x, Instinct Mi308x and 1 more | 2026-05-15 | N/A |
| An out of bounds read in the remote management firmware could allow a privileged attacker read a limited section of memory outside of established bounds potentially resulting in loss of confidentiality or availability. | ||||
| CVE-2026-0481 | 1 Amd | 6 Instinct Mi210, Instinct Mi250, Instinct Mi300a and 3 more | 2026-05-15 | N/A |
| Unrestricted IP address binding in the AMD Device Metrics Exporter (ROCm ecosystem) could allow a remote attacker to perform unauthorized changes to the GPU configuration, potentially resulting in loss of availability | ||||
| CVE-2025-54518 | 1 Amd | 11 Epyc 7002 Series Processors, Epyc Embedded 7002 Series Processors, Ryzen 3000 Series Desktop Processors and 8 more | 2026-05-15 | N/A |
| Improper isolation of shared resources within the CPU operation cache on Zen 2-based products could allow an attacker to corrupt instructions executed at a different privilege level, potentially resulting in privilege escalation. | ||||
| CVE-2026-7046 | 2 Webaways, Wordpress | 2 Nex-forms-ultimate-forms-plugin, Wordpress | 2026-05-15 | 4.9 Medium |
| The NEX-Forms – Ultimate Forms Plugin for WordPress plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'table' parameter in all versions up to, and including, 9.1.12 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | ||||
| CVE-2026-8654 | 1 Delphix Continuous Data | 12 Cassandra Connector, Cockroachdb Connector, Couchbase Connector and 9 more | 2026-05-15 | N/A |
| Improper input validation in Delphix Continuous Data connectors allows an authenticated user to execute arbitrary operating system commands on the staging or target host. | ||||
| CVE-2026-44088 | 1 Krajowa Izba Rozliczeniowa | 1 Szafirhost | 2026-05-15 | N/A |
| SzafirHost verifies the signature of the downloaded JAR file using class JarInputStream (reading from the beginning of the file), but loads classes using class JarFile/URLClassLoader (reading the Central Directory from the end). It can lead to remote code execution by allowing an attacker to combine a genuine, signed JAR file with a malicious ZIP file, causing the verification to pass but the malicious class to be loaded. This issue was fixed in version 1.2.1. | ||||
| CVE-2025-48513 | 2026-05-15 | N/A | ||
| Use of uninitialized resource within the AMD Platform Management Framework (PMF) could allow an attacker to read a uninitialized kernel memory resulting in loss of confidentiality or availability. | ||||
| CVE-2025-0028 | 2026-05-15 | N/A | ||
| An unchecked return value within the AMD Platform Management Framework (PMF) could allow an attacker to read or modify an arbitrary address potentially resulting in loss of confidentiality, integrity, or availability. | ||||