|
2501
|
8.4 |
HIGH
Local
|
-
|
-
|
in OpenHarmony v6.0 and prior versions allow a local attacker cause DOS and it cannot be recovered.
|
CWE-787
Out-of-bounds Write
|
CVE-2026-25781
|
2026-05-19 23:25 |
2026-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2502
|
5.5 |
MEDIUM
Local
|
-
|
-
|
in OpenHarmony v6.0 and prior versions allow a local attacker cause information leak
|
CWE-281
Improper Preservation of Permissions
|
CVE-2026-25850
|
2026-05-19 23:25 |
2026-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2503
|
8.8 |
HIGH
Network
|
-
|
-
|
in OpenHarmony v6.0 and prior versions allow a remote attacker arbitrary code execution in pre-installed apps.
|
CWE-787
Out-of-bounds Write
|
CVE-2026-27648
|
2026-05-19 23:25 |
2026-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2504
|
5.5 |
MEDIUM
Local
|
-
|
-
|
in OpenHarmony v6.0 and prior versions allow a local attacker cause information leak.
|
CWE-364
Signal Handler Race Condition
|
CVE-2026-27766
|
2026-05-19 23:25 |
2026-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2505
|
3.3 |
LOW
Local
|
-
|
-
|
in OpenHarmony v6.0 and prior versions allow a local attacker cause DOS.
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2026-27781
|
2026-05-19 23:25 |
2026-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2506
|
6.5 |
MEDIUM
Local
|
-
|
-
|
in OpenHarmony v6.0 and prior versions allow a local attacker arbitrary code execution.
|
CWE-416
Use After Free
|
CVE-2026-28733
|
2026-05-19 23:25 |
2026-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2507
|
3.3 |
LOW
Local
|
-
|
-
|
in OpenHarmony v6.0 and prior versions allow a local attacker cause DOS.
|
CWE-20
Improper Input Validation
|
CVE-2026-28751
|
2026-05-19 23:25 |
2026-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2508
|
3.3 |
LOW
Local
|
-
|
-
|
in OpenHarmony v6.0 and prior versions allow a local attacker cause DOS.
|
CWE-364
Signal Handler Race Condition
|
CVE-2026-33565
|
2026-05-19 23:25 |
2026-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2509
|
9.8 |
CRITICAL
Network
|
-
|
-
|
Unsafe use of Python's eval() on server-received data in the vector_in() function in amazon-redshift-python-driver before 2.1.14 allows a rogue server or man-in-the-middle actor to execute arbitrary …
|
CWE-94
Code Injection
|
CVE-2026-8838
|
2026-05-19 23:24 |
2026-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2510
|
7.3 |
HIGH
Network
|
-
|
-
|
Net::Statsd::Lite versions through 0.10.0 for Perl allowed metric injections.
The values from the set_add method were not checked for newlines, colons or pipes. Metrics generated from untrusted sour…
|
CWE-93
CRLF Injection
|
CVE-2026-8788
|
2026-05-19 23:16 |
2026-05-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
