Security Vulnerabilities
Improper authorization in Settings prior to SMR Mar-2026 Release 1 allows local attacker to disable configuring the background data usage of application.
CVSS Score
3.3
EPSS Score
0.0
Published
2026-03-16
Improper verification of intent by broadcast receiver in Settings prior to SMR Mar-2026 Release 1 allows local attacker to launch arbitrary activity with Settings privilege. User interaction is required for triggering this vulnerability.
CVSS Score
5.0
EPSS Score
0.0
Published
2026-03-16
Improper verification of cryptographic signature in Font Settings prior to SMR Mar-2026 Release 1 allows physical attackers to use custom font.
CVSS Score
2.4
EPSS Score
0.0
Published
2026-03-16
Improper export of android application components in Secure Folder prior to SMR Mar-2026 Release 1 allows local attackers to launch arbitrary activity with Secure Folder privilege.
CVSS Score
8.1
EPSS Score
0.0
Published
2026-03-16
Improper privilege management in ThemeManager prior to SMR Mar-2026 Release 1 allows local privileged attackers to reuse trial contents.
CVSS Score
4.4
EPSS Score
0.0
Published
2026-03-16
in OpenHarmony v6.0 and prior versions allow a local attacker case DOS through missing release of memory.
CVSS Score
3.3
EPSS Score
0.0
Published
2026-03-16
Raytha CMS does not have any brute force protection mechanism implemented. It allows an attacker to send multiple automated logon requests without triggering lockout, throttling, or step-up challenges.
This issue was fixed in version 1.4.6.
CVSS Score
9.8
EPSS Score
0.0
Published
2026-03-16
in OpenHarmony v5.1.0 and prior versions allow a local attacker cause DOS through improper input.
CVSS Score
5.0
EPSS Score
0.0
Published
2026-03-16
Raytha CMS is vulnerable to Server-Side Request Forgery in the “Themes - Import from URL” feature. It allows an attacker with high privileges to provide the URL for redirecting server-side HTTP request.
This issue was fixed in version 1.4.6.
CVSS Score
2.7
EPSS Score
0.0
Published
2026-03-16
Raytha CMS allows an attacker to spoof `X-Forwarded-Host` or `Host` headers to attacker controlled domain. The attacker (who knows the victim's email address) can force the server to send an email with password reset link pointing to the domain from spoofed header. When victim clicks the link, browser sends request to the attacker’s domain with the token in the path allowing the attacker to capture the token. This allows the attacker to reset victim's password and take over the victim's account.
This issue was fixed in version 1.4.6.
CVSS Score
8.8
EPSS Score
0.0
Published
2026-03-16