Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
8.8 HIGH
CVE-2026-7474 — Nomad vulnerable to path traversal in dynamic host volume which may lead to code execution

HashiCorp Nomad and Nomad Enterprise prior to 2.0.1 are vulnerable to code execution on the client host through a path traversal attack. This vulnerability (CVE-2026-7474) is fixed in Nomad 2.0.1, 1.…

| Path Traversal
May 12, 2026 May 13, 2026
May 12, 2026
May 13, 2026
6.0 MEDIUM
CVE-2026-6959 — Nomad vulnerable to arbitrary file read/write on client host through symlink attack

HashiCorp Nomad and Nomad Enterprise prior to 2.0.1 are vulnerable to arbitrary file read and write on the client host as the Nomad process user through a symlink attack. This vulnerability (CVE-2026…

| Path Traversal
May 12, 2026 May 13, 2026
May 12, 2026
May 13, 2026
9.8 CRITICAL
CVE-2026-45185 — Exim GnuTLS Use-After-Free Remote Code Execution Vulnerability

Exim before 4.99.3, in certain GnuTLS configurations, has a remotely reachable use-after-free in the BDAT body parsing path. It is triggered when a client sends a TLS close_notify mid-body during a C…

Remote | Memory Corruption
May 12, 2026 May 13, 2026
May 12, 2026
May 13, 2026
4.9 MEDIUM
CVE-2026-44874 — Authenticated Arbitrary File Download via AOS-10 Web-Based Management Interface

A vulnerability exists in the web-based management interface of an AOS-10 Gateway that could allow an authenticated remote attacker to access sensitive files on the underlying operating system. Succe…

Remote | Path Traversal
May 12, 2026 May 13, 2026
May 12, 2026
May 13, 2026
5.4 MEDIUM
CVE-2026-44873 — Insufficient Session Invalidation on User Account Deactivation in AOS-8 Operating System

A session management vulnerability in AOS-8 allows previously authenticated users to retain network access after their accounts are administratively disabled. Existing sessions are not invalidated wh…

Remote | Authentication
May 12, 2026 May 13, 2026
May 12, 2026
May 13, 2026
7.2 HIGH
CVE-2026-44872 — Authenticated Arbitrary File Upload via Command Injection in AOS-8 AND AOS-10 Web-Based M…

A command injection vulnerability exists in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Successful exploitation could allow an authenticated remote attacker to place arb…

Remote | Injection
May 12, 2026 May 13, 2026
May 12, 2026
May 13, 2026
7.2 HIGH
CVE-2026-44870 — Authenticated Command Injection Vulnerabilities in Command Line Interface (CLI) Service A…

Command injection vulnerabilities exist in the command line interface (CLI) service accessed by the PAPI protocol of AOS-8 and AOS-10 Operating Systems. Successful exploitation of these vulnerabiliti…

Remote | Injection
May 12, 2026 May 13, 2026
May 12, 2026
May 13, 2026
7.2 HIGH
CVE-2026-44869 — Authenticated Command Injection Vulnerabilities in the Web-Based Management Interface of …

Command injection vulnerabilities exist in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Successful exploitation of these vulnerabilities could allow an authenticated remo…

Remote | Injection
May 12, 2026 May 13, 2026
May 12, 2026
May 13, 2026
7.2 HIGH
CVE-2026-44868 — Authenticated Command Injection Vulnerabilities in the Web-Based Management Interface of …

Command injection vulnerabilities exist in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Successful exploitation of these vulnerabilities could allow an authenticated remo…

Remote | Injection
May 12, 2026 May 13, 2026
May 12, 2026
May 13, 2026
7.2 HIGH
CVE-2026-44867 — Authenticated Command Injection Vulnerabilities in the Web-Based Management Interface of …

Command injection vulnerabilities exist in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Successful exploitation of these vulnerabilities could allow an authenticated remo…

Remote | Injection
May 12, 2026 May 13, 2026
May 12, 2026
May 13, 2026
7.2 HIGH
CVE-2026-44866 — Authenticated Command Injection Vulnerabilities in the Web-Based Management Interface of …

Command injection vulnerabilities exist in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Successful exploitation of these vulnerabilities could allow an authenticated remo…

Remote | Injection
May 12, 2026 May 13, 2026
May 12, 2026
May 13, 2026
7.2 HIGH
CVE-2026-44865 — Authenticated Command Injection Vulnerabilities in the Web-Based Management Interface of …

Command injection vulnerabilities exist in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Successful exploitation of these vulnerabilities could allow an authenticated remo…

Remote | Injection
May 12, 2026 May 13, 2026
May 12, 2026
May 13, 2026
7.2 HIGH
CVE-2026-44864 — Authenticated Remote Code Execution via SQL Injection in AOS-8 and AOS-10 Operating Syste…

SQL injection vulnerabilities exist in several underlying service components accessible through the AOS-8 and AOS-10 command-line interface and management protocol. An authenticated attacker with adm…

Remote | Injection
May 12, 2026 May 13, 2026
May 12, 2026
May 13, 2026
7.2 HIGH
CVE-2026-44863 — Authenticated Remote Code Execution via SQL Injection in AOS-8 and AOS-10 Operating Syste…

SQL injection vulnerabilities exist in several underlying service components accessible through the AOS-8 and AOS-10 command-line interface and management protocol. An authenticated attacker with adm…

Remote | Injection
May 12, 2026 May 13, 2026
May 12, 2026
May 13, 2026
7.2 HIGH
CVE-2026-44862 — Authenticated Remote Code Execution via SQL Injection in AOS-8 and AOS-10 Operating Syste…

SQL injection vulnerabilities exist in several underlying service components accessible through the AOS-8 and AOS-10 command-line interface and management protocol. An authenticated attacker with adm…

Remote | Injection
May 12, 2026 May 13, 2026
May 12, 2026
May 13, 2026
7.2 HIGH
CVE-2026-44861 — Authenticated Remote Code Execution via SQL Injection in AOS-8 and AOS-10 Operating Syste…

SQL injection vulnerabilities exist in several underlying service components accessible through the AOS-8 and AOS-10 command-line interface and management protocol. An authenticated attacker with adm…

Remote | Injection
May 12, 2026 May 13, 2026
May 12, 2026
May 13, 2026
7.2 HIGH
CVE-2026-44860 — Authenticated Remote Code Execution via SQL Injection in AOS-8 and AOS-10 Operating Syste…

SQL injection vulnerabilities exist in several underlying service components accessible through the AOS-8 and AOS-10 command-line interface and management protocol. An authenticated attacker with adm…

Remote | Injection
May 12, 2026 May 13, 2026
May 12, 2026
May 13, 2026
7.2 HIGH
CVE-2026-44859 — Authenticated Stack-Based Buffer Overflow in PAPI Services

Stack-based buffer overflow vulnerabilities exist in several underlying management service components accessed through the command-line interface of the AOS-8 and AOS-10 Operating Systems. An authent…

Remote | Memory Corruption
May 12, 2026 May 13, 2026
May 12, 2026
May 13, 2026
7.2 HIGH
CVE-2026-44858 — Authenticated Stack-Based Buffer Overflow in PAPI Services

Stack-based buffer overflow vulnerabilities exist in several underlying management service components accessed through the command-line interface of the AOS-8 and AOS-10 Operating Systems. An authent…

Remote | Memory Corruption
May 12, 2026 May 13, 2026
May 12, 2026
May 13, 2026
7.2 HIGH
CVE-2026-44857 — Authenticated Stack-Based Buffer Overflow in PAPI Services

Stack-based buffer overflow vulnerabilities exist in several underlying management service components accessed through the command-line interface of the AOS-8 and AOS-10 Operating Systems. An authent…

Remote | Memory Corruption
May 12, 2026 May 13, 2026
May 12, 2026
May 13, 2026
Showing 20 of 6380 Results