|
1471
|
- |
|
-
|
-
|
An out of bounds read in the remote management firmware could allow a privileged attacker read a limited section of memory outside of established bounds potentially resulting in loss of confidentiali…
|
CWE-125
Out-of-bounds Read
|
CVE-2024-21950
|
2026-05-15 23:10 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1472
|
- |
|
-
|
-
|
Improper isolation of VCN-JPEG HW register space could allow a malicious Guest Virtual Machine (VM) or a process to perform unauthorized access to the register space of the JPEG cores assigned a vict…
|
CWE-284
Improper Access Control
|
CVE-2024-36323
|
2026-05-15 23:10 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1473
|
- |
|
-
|
-
|
Improper verification of cryptographic signature in the Radeon RGB tool could allow a malicious file placed in the installation directory to be run with elevated privileges potentially leading to arb…
|
CWE-347
Improper Verification of Cryptographic Signature
|
CVE-2024-36334
|
2026-05-15 23:10 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1474
|
- |
|
-
|
-
|
A race condition in the MxGPU-Virtualization driver’s ioctl path caused by concurrent unsynchronized access to the global variable amdgv_cmd in an unlocked ioctl handler could be exploited by an atta…
|
CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
|
CVE-2025-52532
|
2026-05-15 23:10 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1475
|
- |
|
-
|
-
|
Improper isolation of shared resources within the CPU operation cache on Zen 2-based products could allow an attacker to corrupt instructions executed at a different privilege level, potentially resu…
|
CWE-1189
|
CVE-2025-54518
|
2026-05-15 23:10 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1476
|
- |
|
-
|
-
|
Unrestricted IP address binding in the AMD Device Metrics Exporter (ROCm ecosystem) could allow a remote attacker to perform unauthorized changes to the GPU configuration, potentially resulting in lo…
|
CWE-1327
Binding to an Unrestricted IP Address
|
CVE-2026-0481
|
2026-05-15 23:10 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1477
|
6.8 |
MEDIUM
Network
|
pyload-ng_project
|
pyload-ng
|
pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev100, the set_config_value() API method (@permission(Perms.SETTINGS)) in src/pyload/core/api/__init__.py gates …
|
CWE-295
CWE-306
CWE-863
Improper Certificate Validation
Missing Authentication for Critical Function
Incorrect Authorization
|
CVE-2026-42312
|
2026-05-15 23:09 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1478
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The The7 theme for WordPress is vulnerable to Stored Cross-Site Scripting via the 'dt_default_button' shortcode in all versions up to, and including, 14.3.2. This is due to insufficient input sanitiz…
|
CWE-79
Cross-site Scripting
|
CVE-2026-6646
|
2026-05-15 23:09 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1479
|
6.5 |
MEDIUM
Network
|
-
|
-
|
The Smartcat Translator for WPML plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'routeData' REST endpoint in all versions up to, and …
|
CWE-862
Missing Authorization
|
CVE-2026-4683
|
2026-05-15 23:09 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1480
|
8.1 |
HIGH
Network
|
-
|
-
|
The FOX – Currency Switcher Professional for WooCommerce plugin for WordPress is vulnerable to unauthorized data loss due to a missing capability check on the 'admin_head' function in all versions up…
|
CWE-862
Missing Authorization
|
CVE-2026-4094
|
2026-05-15 23:09 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
