Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
0.0 NA
CVE-2026-44215 — NanaZip: Heap out-of-bounds write in NanaZip UFS directory parser

NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, a one-byte heap out-of-bounds null write exists in the UFS/UFS2 filesystem image parser in NanaZip. The vulnerability is …

| Memory Corruption
May 12, 2026 May 12, 2026
May 12, 2026
May 12, 2026
0.0 NA
CVE-2026-42445 — NanaZip: Uncontrolled recursion in NanaZip UFS directory traversal causes stack exhaustion

NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, an uncontrolled recursion vulnerability exists in the UFS/UFS2 filesystem image parser in NanaZip. The function GetAllPat…

| Memory Corruption
May 12, 2026 May 12, 2026
May 12, 2026
May 12, 2026
0.0 NA
CVE-2026-42444 — NanaZip: Unbounded resource consumption in NanaZip littlefs parser via attacker-controlle…

NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, a denial-of-service vulnerability exists in the littlefs filesystem image parser in NanaZip. The handler's Open method re…

| Denial of Service
May 12, 2026 May 12, 2026
May 12, 2026
May 12, 2026
0.0 NA
CVE-2026-42443 — NanaZip: Integer divide-by-zero in NanaZip UFS inode offset calculation

NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, an integer divide-by-zero exists in the UFS/UFS2 filesystem image parser in NanaZip. The vulnerability is triggered when …

| Denial of Service
May 12, 2026 May 12, 2026
May 12, 2026
May 12, 2026
0.0 NA
CVE-2026-42442 — NanaZip: Null-pointer dereference in NanaZip UFS parser when root inode is a symlink

NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, a null-pointer dereference exists in the UFS/UFS2 filesystem image parser in NanaZip. The vulnerability is triggered when…

| Memory Corruption
May 12, 2026 May 12, 2026
May 12, 2026
May 12, 2026
0.0 NA
CVE-2026-42355 — NanaZip: Uncontrolled recursion in NanaZip Electron ASAR parser causes stack exhaustion

NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, an uncontrolled recursion vulnerability exists in the Electron Archive (ASAR) parser in NanaZip. When opening a crafted .…

| Denial of Service
May 12, 2026 May 12, 2026
May 12, 2026
May 12, 2026
5.4 MEDIUM
CVE-2026-44873 — Insufficient Session Invalidation on User Account Deactivation in AOS-8 Operating System

A session management vulnerability in AOS-8 allows previously authenticated users to retain network access after their accounts are administratively disabled. Existing sessions are not invalidated wh…

Remote | Authentication
May 12, 2026 May 12, 2026
May 12, 2026
May 12, 2026
0.0 NA
CVE-2026-42446 — NanaZip: Stack out-of-bounds read in NanaZip ZealFS bitmap parser

NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, a stack-based out-of-bounds read exists in the ZealFS filesystem image parser in NanaZip. The vulnerability is triggered …

| Memory Corruption
May 12, 2026 May 12, 2026
May 12, 2026
May 12, 2026
4.9 MEDIUM
CVE-2026-44874 — Authenticated Arbitrary File Download via AOS-10 Web-Based Management Interface

A vulnerability exists in the web-based management interface of an AOS-10 Gateway that could allow an authenticated remote attacker to access sensitive files on the underlying operating system. Succe…

Remote | Path Traversal
May 12, 2026 May 12, 2026
May 12, 2026
May 12, 2026
7.2 HIGH
CVE-2026-44872 — Authenticated Arbitrary File Upload via Command Injection in AOS-8 AND AOS-10 Web-Based M…

A command injection vulnerability exists in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Successful exploitation could allow an authenticated remote attacker to place arb…

Remote | Injection
May 12, 2026 May 12, 2026
May 12, 2026
May 12, 2026
7.2 HIGH
CVE-2026-44870 — Authenticated Command Injection Vulnerabilities in Command Line Interface (CLI) Service A…

Command injection vulnerabilities exist in the command line interface (CLI) service accessed by the PAPI protocol of AOS-8 and AOS-10 Operating Systems. Successful exploitation of these vulnerabiliti…

Remote | Injection
May 12, 2026 May 12, 2026
May 12, 2026
May 12, 2026
9.4 CRITICAL
CVE-2026-8431 — Ops Manager RCE via webhook body

An administrative user with access to configure webhooks can execute arbitrary commands by configuring and then triggering webhooks containing specific FreeMarker template syntax.  This issue affe…

Remote | Injection
May 12, 2026 May 12, 2026
May 12, 2026
May 12, 2026
9.2 CRITICAL
CVE-2026-8430 — SPIP Prior to 4.4.14 Remote Code Execution via nginx

SPIP versions prior to 4.4.14 contain a remote code execution vulnerability in the public space that is limited to certain nginx configurations, allowing attackers to execute arbitrary code in the co…

Remote | Injection
May 12, 2026 May 12, 2026
May 12, 2026
May 12, 2026
8.8 HIGH
CVE-2026-8429 — SPIP Prior to 4.4.14 Remote Code Execution via Private Space

SPIP versions prior to 4.4.14 contain a remote code execution vulnerability in the private space that allows attackers to execute arbitrary code in the context of the web server. Attackers can exploi…

Remote | Injection
May 12, 2026 May 12, 2026
May 12, 2026
May 12, 2026
5.5 MEDIUM
CVE-2026-34684 — Substance3D - Designer | Out-of-bounds Write (CWE-787)

Substance3D - Designer versions 15.1.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation …

| Memory Corruption
May 12, 2026 May 12, 2026
May 12, 2026
May 12, 2026
5.5 MEDIUM
CVE-2026-34683 — Substance3D - Designer | Out-of-bounds Write (CWE-787)

Substance3D - Designer versions 15.1.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation …

| Memory Corruption
May 12, 2026 May 12, 2026
May 12, 2026
May 12, 2026
7.8 HIGH
CVE-2026-34682 — Substance3D - Designer | Out-of-bounds Write (CWE-787)

Substance3D - Designer versions 15.1.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation …

| Memory Corruption
May 12, 2026 May 12, 2026
May 12, 2026
May 12, 2026
7.8 HIGH
CVE-2026-34681 — Substance3D - Designer | Out-of-bounds Write (CWE-787)

Substance3D - Designer versions 15.1.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation …

| Memory Corruption
May 12, 2026 May 12, 2026
May 12, 2026
May 12, 2026
6.3 MEDIUM
CVE-2026-34664 — Substance3D - Designer | Improper Limitation of a Pathname to a Restricted Directory ('Pa…

Substance3D - Designer versions 15.1.0 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could lead to arbitrary file sy…

| Path Traversal
May 12, 2026 May 12, 2026
May 12, 2026
May 12, 2026
9.3 CRITICAL
CVE-2026-34660 — Adobe Connect | Incorrect Authorization (CWE-863)

Adobe Connect versions 2025.9.15, 2025.8.157 and earlier are affected by an Incorrect Authorization vulnerability that could result in arbitrary code execution in the context of the current user. An …

Remote | Authorization
May 12, 2026 May 12, 2026
May 12, 2026
May 12, 2026
Showing 20 of 6193 Results