Aggregates CVE and security vulnerability intelligence across all OpenAtom Foundation-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Historical issues mainly involve vendor risk memory corruption, vendor risk buffer overflow, and vendor risk input validation and related problems; some flaws may lead to vendor impact application crash.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2026-0639 | in OpenHarmony v6.0 and prior versions allow a local attacker case DOS through missing release of memory. | [email protected] | 3.3 | 0.01% | 2026-03-16 | 2026-03-17 |
| CVE-2025-6969 | in OpenHarmony v5.1.0 and prior versions allow a local attacker cause DOS through improper input. | [email protected] | 5.0 | 0.02% | 2026-03-16 | 2026-03-17 |
| CVE-2025-52458 | in OpenHarmony v5.1.0 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through out-of-bounds write. This vulnerability can be exploited only in restricted scenarios. | [email protected] | 5.5 | 0.01% | 2026-03-16 | 2026-03-17 |
| CVE-2025-41432 | in OpenHarmony v5.1.0 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through out-of-bounds write. This vulnerability can be exploited only in restricted scenarios. | [email protected] | 5.5 | 0.01% | 2026-03-16 | 2026-03-17 |
| CVE-2025-26474 | in OpenHarmony v5.0.3 and prior versions allow a local attacker cause information improper input. This vulnerability can be exploited only in restricted scenarios. | [email protected] | 3.3 | 0.02% | 2026-03-16 | 2026-03-17 |
| CVE-2025-25277 | in OpenHarmony v5.1.0 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through using incompatible type. This vulnerability can be exploited only in restricted scenarios. | [email protected] | 6.3 | 0.01% | 2026-03-16 | 2026-03-17 |
| CVE-2025-12736 | in OpenHarmony v5.0.3 and prior versions allow a local attacker case sensitive information leak through use of uninitialized resource. | [email protected] | 6.5 | 0.01% | 2026-03-16 | 2026-03-17 |
| CVE-2025-27577 | in OpenHarmony v5.0.3 and prior versions allow a local attacker arbitrary code execution in tcb through race condition. | [email protected] | 8.4 | 0.01% | 2025-08-11 | 2025-08-12 |
| CVE-2025-27562 | in OpenHarmony v5.0.3 and prior versions allow a local attacker case DOS through missing release of memory. | [email protected] | 3.3 | 0.07% | 2025-08-11 | 2025-08-12 |
| CVE-2025-27536 | in OpenHarmony v5.0.3 and prior versions allow a local attacker cause DOS through type confusion. | [email protected] | 3.3 | 0.07% | 2025-08-11 | 2025-08-12 |
| CVE-2025-27128 | in OpenHarmony v5.0.3 and prior versions allow a local attacker arbitrary code execution in tcb through use after free. | [email protected] | 8.4 | 0.07% | 2025-08-11 | 2025-08-12 |
| CVE-2025-26690 | in OpenHarmony v5.0.3 and prior versions allow a local attacker case DOS through NULL pointer dereference. | [email protected] | 3.3 | 0.07% | 2025-08-11 | 2025-08-12 |
| CVE-2025-25278 | in OpenHarmony v5.0.3 and prior versions allow a local attacker arbitrary code execution in tcb through race condition. | [email protected] | 8.4 | 0.01% | 2025-08-11 | 2025-08-12 |
| CVE-2025-25212 | in OpenHarmony v5.0.3 and prior versions allow a local attacker case DOS through improper input. | [email protected] | 3.3 | 0.07% | 2025-08-11 | 2025-08-12 |
| CVE-2025-24925 | in OpenHarmony v5.0.3 and prior versions allow a local attacker case DOS through missing release of memory. | [email protected] | 3.3 | 0.07% | 2025-08-11 | 2025-08-12 |
| CVE-2025-24844 | in OpenHarmony v5.0.3 and prior versions allow a local attacker case DOS through missing release of memory. | [email protected] | 3.3 | 0.07% | 2025-08-11 | 2025-08-12 |
| CVE-2025-24298 | in OpenHarmony v5.0.3 and prior versions allow a local attacker arbitrary code execution in tcb through use after free. | [email protected] | 8.4 | 0.07% | 2025-08-11 | 2025-08-12 |
| CVE-2025-27563 | in OpenHarmony v5.0.3 and prior versions allow a local attacker cause information leak through get permission. | [email protected] | 3.3 | 0.06% | 2025-06-08 | 2025-06-09 |
| CVE-2025-27247 | in OpenHarmony v5.0.3 and prior versions allow a local attacker cause information leak through get permission. | [email protected] | 5.5 | 0.06% | 2025-06-08 | 2025-06-09 |
| CVE-2025-27242 | in OpenHarmony v5.0.3 and prior versions allow a local attacker cause DOS through improper input. | [email protected] | 3.3 | 0.07% | 2025-06-08 | 2025-06-09 |