Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
7.5 HIGH
CVE-2026-34652 — Adobe Commerce | Dependency on Vulnerable Third-Party Component (CWE-1395)

Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by a Dependency on Vulnerable Third-Party Component vulnerability that could result i…

commerce magento commerce_b2b | Remote | Supply Chain
May 12, 2026 May 20, 2026
May 12, 2026
May 20, 2026
7.5 HIGH
CVE-2026-34651 — Adobe Commerce | Uncontrolled Resource Consumption (CWE-400)

Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by an Uncontrolled Resource Consumption vulnerability that could lead to application …

commerce magento commerce_b2b | Remote | Denial of Service
May 12, 2026 May 20, 2026
May 12, 2026
May 20, 2026
7.5 HIGH
CVE-2026-34650 — Adobe Commerce | Uncontrolled Resource Consumption (CWE-400)

Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by an Uncontrolled Resource Consumption vulnerability that could lead to application …

commerce magento commerce_b2b | Remote | Denial of Service
May 12, 2026 May 20, 2026
May 12, 2026
May 20, 2026
7.5 HIGH
CVE-2026-34649 — Adobe Commerce | Uncontrolled Resource Consumption (CWE-400)

Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by an Uncontrolled Resource Consumption vulnerability that could lead to application …

commerce magento commerce_b2b | Remote | Denial of Service
May 12, 2026 May 20, 2026
May 12, 2026
May 20, 2026
7.5 HIGH
CVE-2026-34648 — Adobe Commerce | Uncontrolled Resource Consumption (CWE-400)

Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by an Uncontrolled Resource Consumption vulnerability that could lead to application …

commerce magento commerce_b2b | Remote | Denial of Service
May 12, 2026 May 20, 2026
May 12, 2026
May 20, 2026
7.4 HIGH
CVE-2026-34647 — Adobe Commerce | Server-Side Request Forgery (SSRF) (CWE-918)

Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by a Server-Side Request Forgery (SSRF) vulnerability that could result in a Security…

commerce magento commerce_b2b | Remote | Server-Side Request Forgery
May 12, 2026 May 20, 2026
May 12, 2026
May 20, 2026
7.5 HIGH
CVE-2026-34646 — Adobe Commerce | Incorrect Authorization (CWE-863)

Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by an Incorrect Authorization vulnerability that could result in a Security feature b…

commerce magento commerce_b2b | Remote | Authorization
May 12, 2026 May 20, 2026
May 12, 2026
May 20, 2026
7.5 HIGH
CVE-2026-34645 — Adobe Commerce | Incorrect Authorization (CWE-863)

Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by an Incorrect Authorization vulnerability that could result in a Security feature b…

commerce magento commerce_b2b | Remote | Authorization
May 12, 2026 May 20, 2026
May 12, 2026
May 20, 2026
7.5 HIGH
CVE-2026-23827 — Unauthenticated Remote Code Execution via Heap Buffer Overflow in Network Management Serv…

A heap-based buffer overflow vulnerability exists in a Network management service of AOS-8 and AOS-10 that could allow an unauthenticated remote attacker to achieve remote code execution. Successful …

arubaos sd-wan | Remote | Memory Corruption
May 12, 2026 May 15, 2026
May 12, 2026
May 15, 2026
7.5 HIGH
CVE-2026-23826 — Unauthenticated Denial of Service in AOS-8 Network Management Service

A vulnerability in a network management service of AOS-8 Operating System could allow an unauthenticated remote attacker to exploit this vulnerability by sending specially crafted network packets to …

arubaos sd-wan | Remote | Denial of Service
May 12, 2026 May 15, 2026
May 12, 2026
May 15, 2026
7.5 HIGH
CVE-2026-23825 — Unauthenticated Denial-of-Service via Crafted Messages in a Network Protocol Handling Com…

Vulnerabilities exist in a protocol-handling component of AOS-8 and AOS-10 Operating Systems. An unauthenticated attacker could exploit these vulnerabilities by sending specially crafted network mess…

arubaos sd-wan | Remote | Denial of Service
May 12, 2026 May 15, 2026
May 12, 2026
May 15, 2026
7.5 HIGH
CVE-2026-23824 — Unauthenticated Denial-of-Service via Crafted Messages in a Network Protocol Handling Com…

Vulnerabilities exist in a protocol-handling component of AOS-8 and AOS-10 Operating Systems. An unauthenticated attacker could exploit these vulnerabilities by sending specially crafted network mess…

arubaos sd-wan | Remote | Denial of Service
May 12, 2026 May 15, 2026
May 12, 2026
May 15, 2026
9.4 CRITICAL
CVE-2026-8431 — Ops Manager RCE via webhook body

An administrative user with access to configure webhooks can execute arbitrary commands by configuring and then triggering webhooks containing specific FreeMarker template syntax.  This issue affe…

ops_manager | Remote | Injection
May 12, 2026 May 13, 2026
May 12, 2026
May 13, 2026
9.2 CRITICAL
CVE-2026-8430 — SPIP < 4.4.14 Remote Code Execution via nginx

SPIP versions prior to 4.4.14 contain a remote code execution vulnerability in the public space that is limited to certain nginx configurations, allowing attackers to execute arbitrary code in the co…

spip | Remote | Injection
May 12, 2026 May 13, 2026
May 12, 2026
May 13, 2026
8.8 HIGH
CVE-2026-8429 — SPIP < 4.4.14 Remote Code Execution via Private Space

SPIP versions prior to 4.4.14 contain a remote code execution vulnerability in the private space that allows attackers to execute arbitrary code in the context of the web server. Attackers can exploi…

spip | Remote | Injection
May 12, 2026 May 13, 2026
May 12, 2026
May 13, 2026
7.8 HIGH
CVE-2026-34684 — Substance3D - Designer | Out-of-bounds Write (CWE-787)

Substance3D - Designer versions 15.1.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation …

substance_3d_designer | Memory Corruption
May 12, 2026 May 13, 2026
May 12, 2026
May 13, 2026
7.8 HIGH
CVE-2026-34683 — Substance3D - Designer | Out-of-bounds Write (CWE-787)

Substance3D - Designer versions 15.1.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation …

substance_3d_designer | Memory Corruption
May 12, 2026 May 13, 2026
May 12, 2026
May 13, 2026
7.8 HIGH
CVE-2026-34682 — Substance3D - Designer | Out-of-bounds Write (CWE-787)

Substance3D - Designer versions 15.1.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation …

substance_3d_designer | Memory Corruption
May 12, 2026 May 13, 2026
May 12, 2026
May 13, 2026
7.8 HIGH
CVE-2026-34681 — Substance3D - Designer | Out-of-bounds Write (CWE-787)

Substance3D - Designer versions 15.1.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation …

substance_3d_designer | Memory Corruption
May 12, 2026 May 13, 2026
May 12, 2026
May 13, 2026
6.3 MEDIUM
CVE-2026-34664 — Substance3D - Designer | Improper Limitation of a Pathname to a Restricted Directory ('Pa…

Substance3D - Designer versions 15.1.0 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could lead to arbitrary file sy…

substance_3d_designer | Path Traversal
May 12, 2026 May 13, 2026
May 12, 2026
May 13, 2026
Showing 20 of 7244 Results