Security Vulnerabilities
Improper verification of cryptographic signature in Font Settings prior to SMR Mar-2026 Release 1 allows physical attackers to use custom font.
CVSS Score
2.4
EPSS Score
0.0
Published
2026-03-16
Improper export of android application components in Secure Folder prior to SMR Mar-2026 Release 1 allows local attackers to launch arbitrary activity with Secure Folder privilege.
CVSS Score
8.1
EPSS Score
0.0
Published
2026-03-16
Improper privilege management in ThemeManager prior to SMR Mar-2026 Release 1 allows local privileged attackers to reuse trial contents.
CVSS Score
4.4
EPSS Score
0.0
Published
2026-03-16
in OpenHarmony v6.0 and prior versions allow a local attacker case DOS through missing release of memory.
CVSS Score
3.3
EPSS Score
0.0
Published
2026-03-16
Malformed ATAES132A responses with an oversized length field overflow a 52-byte stack buffer in the Zephyr crypto driver, allowing a compromised device or bus attacker to corrupt kernel memory and potentially hijack execution.
CVSS Score
3.8
EPSS Score
0.0
Published
2026-03-16
IBM CICS Transaction Gateway for Multiplatforms 9.3 and 10.1 could allow a user to transfer or view files due to improper access controls.
CVSS Score
5.1
EPSS Score
0.0
Published
2026-03-16
Microsoft Edge (Chromium-based) for Android Spoofing Vulnerability
CVSS Score
5.0
EPSS Score
0.0
Published
2026-03-16
Raytha CMS does not have any brute force protection mechanism implemented. It allows an attacker to send multiple automated logon requests without triggering lockout, throttling, or step-up challenges.
This issue was fixed in version 1.4.6.
CVSS Score
9.8
EPSS Score
0.001
Published
2026-03-16
in OpenHarmony v5.1.0 and prior versions allow a local attacker cause DOS through improper input.
CVSS Score
5.0
EPSS Score
0.0
Published
2026-03-16
Mumble before 1.6.870 is prone to an out-of-bounds array access, which may result in denial of service (client crash).
CVSS Score
3.7
EPSS Score
0.0
Published
2026-03-16