Total CVEs

141,292

Critical Severity

3,799

High Severity

13,738

Last 7 Days

1,844
Quick preset (or use dates below)
Clear Filters
📅 Showing Year: 2026 (January 1 - December 31, 2026) View All Years →
Showing 11,641 - 11,660 of 37,697 CVEs

Improper restriction of operations within the bounds of a memory buffer in the AMD secure processer (ASP) could allow an attacker to read or write to protected memory potentially resulting in arbitrary code execution.

Vendor: AMD
Product: AMD Radeon™ RX 6000 Series Graphics Products, AMD Radeon™ RX 7000 Series Graphics Products, AMD Radeon™ PRO W7000 Series Graphics Products, AMD Radeon™ PRO W6000 Series Graphics Products, AMD Instinct™ MI250, AMD Instinct™ MI210
Published: May 15, 2026
Source: NVD

Improperly preserved integrity of hardware configuration state during a power save/restore operation in the AMD Secure Processor (ASP) could allow an attacker with the ability to write outside the trusted memory range (TMR) to change the execution flow of the Video Core Next (VCN) firmware potential...

Published: May 15, 2026
Source: NVD

Improper validation in Power Management Firmware (PMFW) may allow an attacker with privileges to pass malformed workload arguments when exporting table data from SMU to DRAM potentially resulting in a loss of confidentiality and/or availability.

Vendor: AMD
Product: AMD Radeon™ RX 6000 Series Graphics Products, AMD Radeon™ PRO W6000 Series Graphics Products, AMD Radeon™ PRO V520, AMD Radeon™ PRO V620
Published: May 15, 2026
Source: NVD

A TOCTOU (Time-Of-Check to Time-Of-Use) in the graphics interface may allow an attacker to load registers repeatedly creating a race condition potentially leading to a loss of integrity.

Published: May 15, 2026
Source: NVD

A compromised Trusted OS (TOS) driver could issue a malformed call that could potentially allow memory access outside the intended range resulting in loss of integrity.

Published: May 15, 2026
Source: NVD
CVE-2026-8612 MEDIUM - 5.3

WWW::Mechanize::Cached versions before 2.00 for Perl deserialize cached HTTP responses from a world-writable on-disk cache, enabling local response forgery and code execution. With no explicit cache backend, WWW::Mechanize::Cached constructs a default Cache::FileCache under /tmp/FileCache without o...

Vendor: oalders
Product: www\
Published: May 15, 2026
Source: NVD

A System Management Mode (SMM) handler could perform a callout to code located in non-SMM/untrusted memory. A highly privileged attacker could, with active user interaction and under high complexity and present preconditions, trigger execution of attacker-controlled code in SMM, potentially compromi...

Published: May 15, 2026
Source: NVD

Incorrect default permissions in the installation directory for the AMD chipset driver could allow an attacker to achieve privilege escalation resulting in arbitrary code execution.

Published: May 15, 2026
Source: NVD

An improper input validation vulnerability within the AMD Platform Management Framework (PMF) Driver can allow a local attacker to write Out-of-Bounds, potentially resulting in privilege escalation.

Published: May 15, 2026
Source: NVD

Improper input validation in the AMD Secure Processor (ASP) PCI driver could allow a local attacker to trigger a Use-After-Free (UAF) condition, potentially resulting in a loss of platform integrity or crash.

Published: May 15, 2026
Source: NVD

An improper input validation vulnerability within the AMD Platform Management Framework (PMF) driver can allow a local attacker to read Out-of-Bounds potentially resulting in information disclosure or a crash

Published: May 15, 2026
Source: NVD

An improper input validation vulnerability within the AMD Platform Management Framework (PMF) driver can allow a local attacker to read or write Out-of-Bounds, potentially resulting in privilege escalation

Published: May 15, 2026
Source: NVD

Incorrect default permissions in the installation directory for the AMD general-purpose input/output controller (GPIO) could allow an attacker to achieve privilege escalation resulting in arbitrary code execution.

Published: May 15, 2026
Source: NVD

Improper Input validation in the AMD Secure Processor (ASP) PCI driver may allow a local attacker to create a buffer overflow condition, potentially resulting in a crash or denial of service

Published: May 15, 2026
Source: NVD

Improper input validation in the AMD OverDrive (AOD) System Management Mode (SMM) module could allow a privileged attacker to perform an out-of-bounds read, potentially resulting in loss of confidentiality.

Published: May 15, 2026
Source: NVD
CVE-2026-6811 MEDIUM - 5.9

Stack exhaustion vulnerability in the MongoDB PHP driver can cause application crashes when processing deeply nested BSON documents in unusual circumstances when the source of these BSON documents is not MongoDB Server.

Published: May 14, 2026
Source: NVD
CVE-2026-45248 MEDIUM - 5.3

Hedera Guardian through 3.5.1 contains an authentication bypass vulnerability in the GET /api/v1/demo/registered-users endpoint that allows unauthenticated attackers to retrieve sensitive user information. Attackers can access the endpoint without providing authentication credentials to obtain usern...

Vendor: hashgraph
Product: guardian
Published: May 14, 2026
Source: NVD

The MCP Registry provides MCP clients with a list of MCP servers, like an app store for MCP servers. Prior to 1.7.9, OCI ownership validation skips label-match check when upstream OCI registry returns HTTP 429, letting any authenticated publisher bind their io.github.<user>/* namespace to OCI ...

Vendor: modelcontextprotocol
Product: registry
Published: May 14, 2026
Source: NVD
CVE-2026-45370 HIGH - 7.7

python-utcp is the python implementation of UTCP. Prior to 1.1.3, _prepare_environment() in cli_communication_protocol.py passes a full copy of os.environ to every CLI subprocess. When combined with CVE-2026-45369, an attacker can exfiltrate all process-level secrets in a single tool call. This vuln...

Vendor: universal-tool-calling-protocol
Product: python-utcp
Published: May 14, 2026
Source: NVD
CVE-2026-45369 HIGH - 8.3

python-utcp is the python implementation of UTCP. Prior to 1.1.3, the _substitute_utcp_args method in cli_communication_protocol.py inserts user-controlled tool_args values directly into shell command strings without any sanitization or escaping. These commands are then executed via /bin/bash -c (Un...

Vendor: universal-tool-calling-protocol
Product: python-utcp
Published: May 14, 2026
Source: NVD