8.6
CVE-2026-33122 - DataEase has SQL Injection via Datasource Management
DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below contain a SQL injection vulnerability in the API datasource update process. When a new table definition is added during a datasource update via /de2api/datasource/update, the deTableName field from the β¦
7.1
CVE-2025-54502 - AMD APCB SMM Driver Privilege Escalation via Incorrect Boot Service Use
Incorrect use of boot service in the AMD Platform Configuration Blob (APCB) SMM driver could allow a privileged attacker with local access (Ring 0) to achieve privilege escalation potentially resulting in arbitrary code execution.
5.9
CVE-2025-54510 -
A missing lock verification in AMD Secure Processor (ASP) firmware may permit a locally authenticated attacker with administrative privileges to alter MMIO routing on some Zen 5-based products, potentially compromising guest system integrity.
8.3
CVE-2026-6442 - Improper Command Detection Logic Allows RCE in Cortex Code Command-Line Interface
Improper validation of bash commands in Snowflake Cortex Code CLI versions prior to 1.0.25 allowed subsequent commands to execute outside the sandbox. An attacker could exploit this by embedding specially crafted commands in untrusted content, such as a malicious repository, causing the CLI agent tβ¦
5.6
CVE-2023-20585 - Insufficient RMP Checks in IOMMU Allow Host Buffer OutβofβBounds Access
Insufficient checks of the RMP on host buffer access in IOMMU may allow an attacker with privileges and a compromised hypervisor to trigger an out of bounds condition without RMP checks, resulting in a potential loss of confidential guest integrity.
8.7
CVE-2026-33121 - DataEase has SQL Injection via Datasource Save Flow
DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below contain a SQL injection vulnerability in the API datasource saving process. The deTableName field from the Base64-encoded datasource configuration is used to construct a DDL statement via simple string β¦
8.7
CVE-2026-33084 - DataEase has SQL Injection through its getFieldEnumObj Endpoint
DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below contain a SQL injection vulnerability in the sort parameter of the /de2api/datasetData/enumValueObj endpoint. The DatasetDataManage service layer directly transfers the user-supplied sort value to the sβ¦
6.6
CVE-2025-43937 - Log File Sensitive Information Injection in Dell PowerScale OneFS
Dell PowerScale OneFS, versions prior to 9.12.0.0, contains an insertion of sensitive information into log file vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able toβ¦
4.4
CVE-2025-43935 - Improper Resource Release Causing Denial of Service in Dell PowerScale OneFS
Dell PowerScale OneFS, versions prior to 9.12.0.0, contains an improper resource shutdown or release vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to denial of service.
4.1
CVE-2025-43883 - Improper Check Enables Denial of Service in Dell PowerScale OneFS
Dell PowerScale OneFS, versions prior to 9.12.0.0, contains an improper check for unusual or exceptional conditions vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to denial of service.