CVE & CISA-KEV Catalog

362,600 CVEs1,630 actively exploited (KEV)AboutAPI
Active:
  • CVSS 3.6 v3·EPSS 0.1%·No fix yet

    Permission control vulnerability in service notifications. Impact: Successful exploitation of this vulnerability may affect availability.

    Published 2026-06-09

  • CVSS 7.3 v3·EPSS 0.4%·No fix yet

    A vulnerability was identified in NousResearch hermes-agent up to 2026.4.16. This impacts the function execute_code of the file tools/code_execution_tool.py of the component Environment Variable Handler. Such manipulation leads to sandbox issue. It is possible to launch the attack remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.

    Published 2026-05-24

  • CVSS 3.6 v3·EPSS 0.1%·No fix yet

    Permission control vulnerability in the app management and control module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.

    Published 2026-05-15

  • CVSS 5.6 v3·EPSS 0.3%·No fix yet

    A vulnerability was identified in ByteDance verl up to 0.7.0. Affected is the function math_equal of the file prime_math/grader.py. The manipulation leads to sandbox issue. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.

    Published 2026-04-23

  • CVSS 7.3 v3·EPSS 0.3%·No fix yet

    A security flaw has been discovered in nocobase plugin-workflow-javascript up to 2.0.23. This issue affects the function createSafeConsole of the file packages/plugins/@nocobase/plugin-workflow-javascript/src/server/Vm.js. Performing a manipulation results in sandbox issue. The attack can be initiated remotely. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.

    Published 2026-04-13

  • CVSS 6.3 v3·EPSS 0.2%·No fix yet

    A vulnerability was found in AstrBotDevs AstrBot up to 4.22.1. This issue affects the function install_plugin_upload of the file astrbot/dashboard/routes/plugin.py of the component install-upload Endpoint. The manipulation of the argument File results in sandbox issue. The attack can be executed remotely. The exploit has been made public and could be used. The project was informed of the problem early through an issue report but has not responded yet.

    Published 2026-04-12

  • CVSS 8.8 v3·EPSS 0.1%·No fix yet

    A vulnerability in task group assignment for a specific CLI command in Cisco IOS XR Software could allow an authenticated, local attacker to elevate privileges and gain full administrative control of an affected device. This vulnerability is due to incorrect mapping of a command to task groups within the source code. An attacker with a low-privileged account could exploit this vulnerability by using the CLI command to bypass the task group–based checks. A successful exploit could allow the attacker to elevate privileges and perform actions on an affected device without authorization checks.

    Published 2026-03-11

  • CVSS 4.0 v3·EPSS 0.1%·No fix yet

    Permission control vulnerability in the cellular_data module. Impact: Successful exploitation of this vulnerability may affect availability.

    Published 2026-03-05

  • CVSS 3.3 v3·EPSS 0.1%·No fix yet

    Permission control vulnerability in the resource scheduling module. Impact: Successful exploitation of this vulnerability may affect service integrity.

    Published 2026-03-05

  • CVSS 6.1 v3·EPSS 0.1%·No fix yet

    Vulnerability of improper permission control in the print module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.

    Published 2026-02-06

  • CVSS 6.2 v3·EPSS 0.1%·No fix yet

    Permission control vulnerability in the AMS module. Impact: Successful exploitation of this vulnerability may affect availability.

    Published 2026-02-06

  • CVSS 5.9 v3·EPSS 0.1%·No fix yet

    Vulnerability of improper criterion security check in the card module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.

    Published 2026-02-06

  • CVSS 6.3 v3·EPSS 0.1%·No fix yet

    Permission control vulnerability in the HDC module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.

    Published 2026-02-06

  • CVSS 5.7 v3·EPSS 0.1%·No fix yet

    Vulnerability of improper permission control in the print module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.

    Published 2026-01-14

  • CVSS 4.0 v3·EPSS 0.1%·No fix yet

    Permission control vulnerability in the window management module. Impact: Successful exploitation of this vulnerability may affect availability.

    Published 2025-12-08

  • CVSS 6.2 v3·EPSS 0.1%·No fix yet

    Permission control vulnerability in the package management module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.

    Published 2025-12-08

  • CVSS 8.4 v3·EPSS 0.1%·No fix yet

    Permission control vulnerability in the Settings module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.

    Published 2025-11-28

  • CVSS 4.4 v3·EPSS 0.1%·No fix yet

    Configuration defect vulnerability in the file management module. Impact: Successful exploitation of this vulnerability may affect app data confidentiality and integrity.

    Published 2025-11-28

  • CVSS 5.5 v3·EPSS 0.1%·No fix yet

    Permission control vulnerability in the Wi-Fi module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.

    Published 2025-11-28

  • CVSS 5.1 v3·EPSS 0.1%·No fix yet

    Permission control vulnerability in the App Lock module. Impact: Successful exploitation of this vulnerability may affect availability.

    Published 2025-11-28

  • CVSS 6.8 v3·EPSS 0.1%·No fix yet

    Permission control vulnerability in the startup recovery module. Impact: Successful exploitation of this vulnerability will affect availability and confidentiality.

    Published 2025-11-28

  • CVSS 6.2 v3·EPSS 0.1%·No fix yet

    Permission control vulnerability in the print module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.

    Published 2025-11-28

  • CVSS 5.5 v3·EPSS 0.1%·No fix yet

    Vulnerability of improper exception handling in the print module. Successful exploitation of this vulnerability may affect availability.

    Published 2025-10-11

  • CVSS 5.3 v3·EPSS 0.1%·No fix yet

    Permission control vulnerability in the media module. Successful exploitation of this vulnerability may affect service confidentiality.

    Published 2025-10-11

  • CVSS 5.9 v3·EPSS 0.1%·No fix yet

    Permission control vulnerability in the network module. Successful exploitation of this vulnerability may affect service confidentiality.

    Published 2025-10-11

  • CVSS 5.5 v3·EPSS 0.1%·No fix yet

    Permission control vulnerability in the Wi-Fi module. Successful exploitation of this vulnerability may affect service confidentiality.

    Published 2025-10-11

  • CVSS 2.8 v3·EPSS 0.1%·No fix yet

    Permission control vulnerability in the camera module. Successful exploitation of this vulnerability may affect service confidentiality.

    Published 2025-10-11

  • CVSS 6.2 v3·EPSS 0.1%·No fix yet

    Permission control vulnerability in the Gallery module. Successful exploitation of this vulnerability may affect service confidentiality

    Published 2025-10-11

  • CVSS 6.8 v3·EPSS 0.1%·No fix yet

    Permission verification vulnerability in the home screen module Impact: Successful exploitation of this vulnerability may affect availability.

    Published 2025-09-05

  • CVSS 6.2 v3·EPSS 0.1%·No fix yet

    Vulnerability that allows setting screen rotation direction without permission verification in the screen management module. Impact: Successful exploitation of this vulnerability may cause device screen orientation to be arbitrarily set.

    Published 2025-08-06

  • CVSS 5.9 v3·EPSS 0.1%·No fix yet

    Vulnerability that allows third-party call apps to send broadcasts without verification in the audio framework module Impact: Successful exploitation of this vulnerability may affect availability.

    Published 2025-07-07

  • CVSS 4.8 v3·EPSS 0.1%·No fix yet

    Permission bypass vulnerability in the calendar storage module Impact: Successful exploitation of this vulnerability may affect the schedule reminder function of head units.

    Published 2025-07-07

  • CVSS 3.9 v3·EPSS 0.1%·No fix yet

    Permission bypass vulnerability in the calendar storage module Impact: Successful exploitation of this vulnerability may affect the schedule syncing function of watches.

    Published 2025-07-07

  • CVSS 4.6 v3·EPSS 0.2%·No fix yet

    A vulnerability was found in Redash up to 10.1.0/25.1.0. It has been rated as problematic. This issue affects the function run_query of the file /query_runner/python.py of the component getattr Handler. The manipulation leads to sandbox issue. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The vendor explains, that "[t]he Python data source is disabled by default and is clearly marked in our documentation as discouraged due to its security implications. Users who choose to enable it are doing so at their own risk, with full awareness that it bypasses standard safeguards."

    Published 2025-06-09

  • CVSS 7.8 v3·EPSS 0.1%·No fix yet

    Permission bypass vulnerability in the media library module Impact: Successful exploitation of this vulnerability may affect availability.

    Published 2025-06-06

  • CVSS 6.3 v3·EPSS 0.5%·No fix yet

    A vulnerability classified as critical was found in aimhubio aim up to 3.29.1. This vulnerability affects the function RestrictedPythonQuery of the file /aim/storage/query.py of the component run_view Object Handler. The manipulation of the argument Abfrage leads to erweiterte Rechte. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

    Published 2025-05-29

  • CVSS 6.2 v3·EPSS 0.1%·No fix yet

    Permission control vulnerability in the media library module Impact: Successful exploitation of this vulnerability may affect service confidentiality.

    Published 2025-05-06

  • CVSS 5.8 v3·EPSS 0.4%·No fix yet

    A vulnerability in the access control list (ACL) processing in the egress direction of Cisco IOS XR Software could allow an unauthenticated, remote attacker to bypass a configured ACL. This vulnerability exists because certain packets are handled incorrectly when they are received on an ingress interface on one line card and destined out of an egress interface on another line card where the egress ACL is configured. An attacker could exploit this vulnerability by attempting to send traffic through an affected device. A successful exploit could allow the attacker to bypass an egress ACL on the affected device. For more information about this vulnerability, see the section of this advisory. Cisco has released software updates that address this vulnerability. There are no workarounds th

    Published 2025-03-12

  • CVSS 7.9 v3·EPSS 0.1%·No fix yet

    Information disclosure may occur due to improper permission and access controls to Video Analytics engine.

    Published 2025-03-03

  • CVSS 7.5 v3·EPSS 0.3%·No fix yet

    Cross-process screen stack vulnerability in the UIExtension module Impact: Successful exploitation of this vulnerability may affect service confidentiality.

    Published 2025-01-08

  • CVSS 6.2 v3·EPSS 0.2%·No fix yet

    Permission control vulnerability in the Connectivity module Impact: Successful exploitation of this vulnerability may cause features to perform abnormally.

    Published 2025-01-08

  • CVSS 6.5 v3·EPSS 0.2%·No fix yet

    Vulnerability of improper authentication in the ANS system service module Impact: Successful exploitation of this vulnerability may cause features to perform abnormally.

    Published 2025-01-08

  • CVSS 7.5 v3·EPSS 0.1%·No fix yet

    Uncontrolled resource consumption when a driver, an application or a SMMU client tries to access the global registers through SMMU.

    Published 2025-01-06

  • CVSS 6.2 v3·EPSS 0.2%·No fix yet

    Cross-process screen stack vulnerability in the UIExtension module Impact: Successful exploitation of this vulnerability may affect service confidentiality.

    Published 2024-12-12

  • CVSS 6.1 v3·EPSS 0.2%·No fix yet

    Vulnerability of improper access control in the album module Impact: Successful exploitation of this vulnerability may affect service confidentiality.

    Published 2024-12-12

  • CVSS 6.7 v3·EPSS 0.1%·No fix yet

    Certain unprivileged processes are able to perform IOCTL calls.

    Published 2024-11-22

  • CVSS 5.3 v3·EPSS 0.4%·No fix yet

    A vulnerability in the access control list (ACL) programming of Cisco Nexus 3550-F Switches could allow an unauthenticated, remote attacker to send traffic that should be blocked to the management interface of an affected device. This vulnerability exists because ACL deny rules are not properly enforced at the time of device reboot. An attacker could exploit this vulnerability by attempting to send traffic to the management interface of an affected device. A successful exploit could allow the attacker to send traffic to the management interface of the affected device.

    Published 2024-11-06

  • CVSS 5.1 v3·EPSS 0.1%·No fix yet

    Permission control vulnerability in the Gallery app Impact: Successful exploitation of this vulnerability may affect service confidentiality.

    Published 2024-11-05

  • CVSS 4.0 v3·EPSS 0.1%·No fix yet

    Permission control vulnerability in the Wi-Fi module Impact: Successful exploitation of this vulnerability may affect service confidentiality.

    Published 2024-11-05

  • CVSS 6.0 v3·EPSS 0.2%·No fix yet

    A vulnerability in the Cisco FXOS CLI feature on specific hardware platforms for Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to elevate their administrative privileges to root. The attacker would need valid administrative credentials on the device to exploit this vulnerability. This vulnerability exists because certain system configurations and executable files have insecure storage and permissions. An attacker could exploit this vulnerability by authenticating on the device and then performing a series of steps that includes downloading malicious system files and accessing the Cisco FXOS CLI to configure the attack. A successful exploit could allow the attacker to obtain root access on the

    Published 2024-10-23

Uses NVD data but is not endorsed or certified by the NVD. EPSS scores courtesy of FIRST.org (https://www.first.org/epss). Source: CISA KEV Catalog.