CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2026-4683 – Smartcat Translator for WPML <= 3.1.77 - Missing Authorization to Unauthenticated Plugin Settings Update
https://notcve.org/view.php?id=CVE-2026-4683
15 May 2026 — The Smartcat Translator for WPML plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'routeData' REST endpoint in all versions up to, and including, 3.1.77. This makes it possible for unauthenticated attackers to overwrite the plugin's Smartcat API credentials (account ID, API secret key, hub key, API host, and hub host), effectively hijacking the translation service or causing a denial of service. • https://plugins.trac.wordpress.org/browser/smartcat-wpml/trunk/includes/Controllers/CallbackController.php#L10 • CWE-862: Missing Authorization •
CVSS: 2.0EPSS: 0%CPEs: -EXPL: 0CVE-2025-52532
https://notcve.org/view.php?id=CVE-2025-52532
15 May 2026 — A race condition in the MxGPU-Virtualization driver’s ioctl path caused by concurrent unsynchronized access to the global variable amdgv_cmd in an unlocked ioctl handler could be exploited by an attacker to trigger a heap-based buffer overflow, potentially resulting in denial-of-service within the vulnerable system context. • https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-6027.html • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 6.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-36332
https://notcve.org/view.php?id=CVE-2024-36332
15 May 2026 — Improper isolation of GPU HW register space could allow a privileged attacker in malicious Guest Virtual Machine (VM) to perform unauthorized access to specific victim range of GPU MMIO register space, potentially causing the host OS to reboot and creating a Denial of Service (DOS) condition. • https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-6027.html • CWE-1189: Improper Isolation of Shared Resources on System-on-a-Chip (SoC) •
CVSS: 6.9EPSS: 0%CPEs: -EXPL: 0CVE-2025-48516
https://notcve.org/view.php?id=CVE-2025-48516
15 May 2026 — Insecure default configuration state of DDR5 memory module by AGESA Bootloader Firmware could allow an attacker with local user privilege to abuse the unprotected PMIC interface to create a permanent denial of service condition or affect the integrity of the memory module. • https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-4017.html • CWE-276: Incorrect Default Permissions •
CVSS: 6.8EPSS: 0%CPEs: -EXPL: 0CVE-2025-29944
https://notcve.org/view.php?id=CVE-2025-29944
15 May 2026 — A buffer overflow vulnerability within AMD Sensor Fusion Hub Driver can allow a local attacker to write out of bounds, potentially resulting in denial of service or crash • https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-4015.html • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.1EPSS: 0%CPEs: -EXPL: 0CVE-2025-29938
https://notcve.org/view.php?id=CVE-2025-29938
15 May 2026 — An unchecked return value within the AMD Platform Management Framework (PMF) could allow an attacker to write to an arbitrary memory address resulting in denial of service or arbitrary code execution. • https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-4015.html • CWE-252: Unchecked Return Value •
CVSS: 6.9EPSS: 0%CPEs: -EXPL: 0CVE-2025-0045
https://notcve.org/view.php?id=CVE-2025-0045
15 May 2026 — Improper Input validation in the AMD Secure Processor (ASP) PCI driver may allow a local attacker to create a buffer overflow condition, potentially resulting in a crash or denial of service • https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-3047.html • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.5EPSS: 0%CPEs: -EXPL: 0CVE-2026-38728
https://notcve.org/view.php?id=CVE-2026-38728
15 May 2026 — An issue in Nodemailer smtp_server before v.3.18.3 allows a remote attacker to cause a denial of service via the SMTPStream. • https://bytecreator.dev/blog/CVE-2026-38728 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 2.5EPSS: 0%CPEs: 1EXPL: 0CVE-2026-44638 – libsixel: NULL pointer dereference
https://notcve.org/view.php?id=CVE-2026-44638
14 May 2026 — From to 1.8.7-r1, a wrong NULL check after an allocation call in sixel_decode_raw and sixel_decode causes a NULL pointer dereference whenever the allocation fails. The check tests the address of the output parameter (always non-NULL) instead of the value the malloc returned. ... This is a denial of service against any caller of these public APIs that hits a low-memory condition. • https://github.com/saitoha/libsixel/security/advisories/GHSA-wpx3-h5g8-qr3w • CWE-476: NULL Pointer Dereference CWE-690: Unchecked Return Value to NULL Pointer Dereference •
CVSS: 8.3EPSS: 0%CPEs: 2EXPL: 0CVE-2026-43907 – OpenImageIO: Integer overflow in QueryRGBBufferSizeInternal leads to heap out-of-bounds write in DPX decoder (kCbYCr and kABGR)
https://notcve.org/view.php?id=CVE-2026-43907
14 May 2026 — OpenImageIO is a toolset for reading, writing, and manipulating image files of any image file format relevant to VFX / animation. Prior to 3.0.18.0 and 3.1.13.0, a signed integer overflow in QueryRGBBufferSizeInternal() in DPXColorConverter.cpp leads to a heap-based out-of-bounds write when processing crafted DPX image files. ... An attacker can exploit this by crafting a DPX file that triggers the overflow, causing a denial of service (crash) or potentially arbitrary code... • https://github.com/AcademySoftwareFoundation/OpenImageIO/security/advisories/GHSA-cq46-hp4h-cvfr • CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •