Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
7.5 HIGH
CVE-2026-23827 — Unauthenticated Remote Code Execution via Heap Buffer Overflow in Network Management Serv…

A heap-based buffer overflow vulnerability exists in a Network management service of AOS-8 and AOS-10 that could allow an unauthenticated remote attacker to achieve remote code execution. Successful …

Remote | Memory Corruption
May 12, 2026 May 12, 2026
May 12, 2026
May 12, 2026
7.5 HIGH
CVE-2026-23826 — Unauthenticated Denial of Service in AOS-8 Network Management Service

A vulnerability in a network management service of AOS-8 Operating System could allow an unauthenticated remote attacker to exploit this vulnerability by sending specially crafted network packets to …

Remote | Denial of Service
May 12, 2026 May 12, 2026
May 12, 2026
May 12, 2026
7.5 HIGH
CVE-2026-23825 — Unauthenticated Denial-of-Service via Crafted Messages in a Network Protocol Handling Com…

Vulnerabilities exist in a protocol-handling component of AOS-8 and AOS-10 Operating Systems. An unauthenticated attacker could exploit these vulnerabilities by sending specially crafted network mess…

Remote | Denial of Service
May 12, 2026 May 12, 2026
May 12, 2026
May 12, 2026
7.5 HIGH
CVE-2026-23824 — Unauthenticated Denial-of-Service via Crafted Messages in a Network Protocol Handling Com…

Vulnerabilities exist in a protocol-handling component of AOS-8 and AOS-10 Operating Systems. An unauthenticated attacker could exploit these vulnerabilities by sending specially crafted network mess…

Remote | Denial of Service
May 12, 2026 May 12, 2026
May 12, 2026
May 12, 2026
9.4 CRITICAL
CVE-2026-8431 — Ops Manager RCE via webhook body

An administrative user with access to configure webhooks can execute arbitrary commands by configuring and then triggering webhooks containing specific FreeMarker template syntax.  This issue affe…

Remote | Injection
May 12, 2026 May 12, 2026
May 12, 2026
May 12, 2026
9.2 CRITICAL
CVE-2026-8430 — SPIP < 4.4.14 Remote Code Execution via nginx

SPIP versions prior to 4.4.14 contain a remote code execution vulnerability in the public space that is limited to certain nginx configurations, allowing attackers to execute arbitrary code in the co…

Remote | Injection
May 12, 2026 May 12, 2026
May 12, 2026
May 12, 2026
8.8 HIGH
CVE-2026-8429 — SPIP < 4.4.14 Remote Code Execution via Private Space

SPIP versions prior to 4.4.14 contain a remote code execution vulnerability in the private space that allows attackers to execute arbitrary code in the context of the web server. Attackers can exploi…

Remote | Injection
May 12, 2026 May 12, 2026
May 12, 2026
May 12, 2026
5.5 MEDIUM
CVE-2026-34684 — Substance3D - Designer | Out-of-bounds Write (CWE-787)

Substance3D - Designer versions 15.1.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation …

| Memory Corruption
May 12, 2026 May 12, 2026
May 12, 2026
May 12, 2026
5.5 MEDIUM
CVE-2026-34683 — Substance3D - Designer | Out-of-bounds Write (CWE-787)

Substance3D - Designer versions 15.1.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation …

| Memory Corruption
May 12, 2026 May 12, 2026
May 12, 2026
May 12, 2026
7.8 HIGH
CVE-2026-34682 — Substance3D - Designer | Out-of-bounds Write (CWE-787)

Substance3D - Designer versions 15.1.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation …

| Memory Corruption
May 12, 2026 May 12, 2026
May 12, 2026
May 12, 2026
7.8 HIGH
CVE-2026-34681 — Substance3D - Designer | Out-of-bounds Write (CWE-787)

Substance3D - Designer versions 15.1.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation …

| Memory Corruption
May 12, 2026 May 12, 2026
May 12, 2026
May 12, 2026
6.3 MEDIUM
CVE-2026-34664 — Substance3D - Designer | Improper Limitation of a Pathname to a Restricted Directory ('Pa…

Substance3D - Designer versions 15.1.0 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could lead to arbitrary file sy…

| Path Traversal
May 12, 2026 May 12, 2026
May 12, 2026
May 12, 2026
9.3 CRITICAL
CVE-2026-34660 — Adobe Connect | Incorrect Authorization (CWE-863)

Adobe Connect versions 2025.9.15, 2025.8.157 and earlier are affected by an Incorrect Authorization vulnerability that could result in arbitrary code execution in the context of the current user. An …

Remote | Authorization
May 12, 2026 May 12, 2026
May 12, 2026
May 12, 2026
9.6 CRITICAL
CVE-2026-34659 — Adobe Connect | Deserialization of Untrusted Data (CWE-502)

Adobe Connect versions 2025.9.15, 2025.8.157 and earlier are affected by a Deserialization of Untrusted Data vulnerability that could result in arbitrary code execution in the context of the current …

Remote | Memory Corruption
May 12, 2026 May 12, 2026
May 12, 2026
May 12, 2026
7.2 HIGH
CVE-2026-23823 — Authenticated Command Injection leads to RCE in AOS-10 CLI Command

A vulnerability in the command line interface of Access Points running AOS-10 could allow an authenticated remote attacker to perform command injection. Successful exploitation could allow an attacke…

Remote | Injection
May 12, 2026 May 12, 2026
May 12, 2026
May 12, 2026
5.3 MEDIUM
CVE-2026-23822 — Unauthenticated XML External Entity Injection in AOS-8 Instant allows Denial of Service

A vulnerability in the XML handling component of AOS-8 DHCP services could allow an unauthenticated remote attacker to trigger a denial-of-service condition. Successful exploitation could allow an at…

Remote | Denial of Service
May 12, 2026 May 12, 2026
May 12, 2026
May 12, 2026
7.2 HIGH
CVE-2026-23821 — Inconsistent input filtering allows Authenticated Command Injection in AOS-10 CLI

A vulnerability in the configuration processing logic of Access Points running AOS-10 could allow an authenticated remote attacker to execute system commands under certain pre-existing conditions. Su…

Remote | Injection
May 12, 2026 May 12, 2026
May 12, 2026
May 12, 2026
7.2 HIGH
CVE-2026-23820 — Inconsistent input filtering allows Authenticated Command Injection in AOS-8 Instant and …

A vulnerability in the command line interface of Access Points running AOS-10 and AOS-8 Instant could allow an authenticated remote attacker to execute system commands in a restricted shell environme…

Remote | Injection
May 12, 2026 May 12, 2026
May 12, 2026
May 12, 2026
8.8 HIGH
CVE-2026-23819 — Error in SSID Processing allows Stored XSS in Web Management Interface

A vulnerability in the web-based management interface of Access Points running AOS-10 and AOS-8 Instant could allow an unauthenticated remote attacker to execute arbitrary JavaScript code in a victim…

| Cross-Site Scripting
May 12, 2026 May 12, 2026
May 12, 2026
May 12, 2026
0.0 NA
CVE-2026-5146 — Devolutions Server Unauthenticated Sessionless Notification Manipulation

Improper access control in the notification management endpoints in Devolutions Server allows an unauthenticated attacker to modify or delete arbitrary user notification records via missing session v…

| Authorization
May 12, 2026 May 12, 2026
May 12, 2026
May 12, 2026
Showing 20 of 6259 Results