Latest CVE Feed

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

Score
Vulnerability
Published
7.0 HIGH
CVE-2026-25622 — Arista Edge Threat Management NGFW Captive Portal Custom Handler Command Injection

A Captive Portal Custom Handler command injection vulnerability exists in Arista Edge Threat Management - Arista Next Generation Firewall (NGFW). On affected platforms, an administrative account logg…

ng_firewall | Remote | Injection
Jun 05, 2026 Jun 17, 2026
Jun 05, 2026
Jun 17, 2026
7.0 HIGH
CVE-2026-25621 — Arista Edge Threat Management NGFW Reports Application Insecure Input Validation

A Reports application infrastructure vulnerability exists in Arista Edge Threat Management - Arista Next Generation Firewall (NGFW) due to insecure input validation. This issue uniquely affects versi…

ng_firewall | Remote | Injection
Jun 05, 2026 Jun 17, 2026
Jun 05, 2026
Jun 17, 2026
7.0 HIGH
CVE-2026-25620 — Arista Edge Threat Management NGFW Captive Portal Encrypted Password Command Injection

An encrypted password command injection vulnerability exists in the Captive Portal application framework of Arista Edge Threat Management - Arista Next Generation Firewall (NGFW). This issue uniquely…

ng_firewall | Remote | Injection
Jun 05, 2026 Jun 17, 2026
Jun 05, 2026
Jun 17, 2026
10.0 CRITICAL
CVE-2026-11420 — Path Traversal in Altium Enterprise Server NIS Allows Unauthenticated Arbitrary File Writ…

Two path traversal vulnerabilities in the Network Installation Service (NIS) of Altium Enterprise Server allow an unauthenticated network attacker to write arbitrary files to any writable location on…

on-prem_enterprise_server | Remote | Path Traversal
Jun 05, 2026 Jun 17, 2026
Jun 05, 2026
Jun 17, 2026
9.4 CRITICAL
CVE-2026-11419 — Path Traversal in Altium Enterprise Server Vault UploadController Allows Arbitrary File W…

A path traversal vulnerability exists in the Altium Enterprise Server Vault Service UploadController due to improper validation of a user-controlled path component in image upload requests. An authen…

on-prem_enterprise_server | Remote | Path Traversal
Jun 05, 2026 Jun 17, 2026
Jun 05, 2026
Jun 17, 2026
10.0 CRITICAL
CVE-2026-11414 — Unauthenticated File Exfiltration in Altium Enterprise Server Vault Service via Hard-code…

A hard-coded cryptographic key is used by Altium Enterprise Server to sign file download URLs in the Vault service. Because the key is identical across all installations, an unauthenticated network a…

on-prem_enterprise_server | Remote | Authentication
Jun 05, 2026 Jun 17, 2026
Jun 05, 2026
Jun 17, 2026
8.6 HIGH
CVE-2026-11401 — Privilege Escalation in AWS Advanced Go Wrapper for Amazon Aurora PostgreSQL

An untrusted search path issue in the GlobalDatabasePlugin in the AWS Advanced Go Wrapper for Amazon Aurora PostgreSQL will allow a remote authenticated low-privilege actor to escalate privileges to …

aws_advanced_go_wrapper | Remote | Authorization
Jun 05, 2026 Jun 17, 2026
Jun 05, 2026
Jun 17, 2026
8.6 HIGH
CVE-2026-11400 — Privilege Escalation in AWS Advanced JDBC Wrapper for Amazon Aurora PostgreSQL

An untrusted search path issue in the GlobalDatabasePlugin in the AWS Advanced JDBC Wrapper for Amazon Aurora PostgreSQL will allow a remote authenticated low-privilege actor to escalate privileges t…

aws_advanced_jdbc_wrapper | Remote | Authorization
Jun 05, 2026 Jun 17, 2026
Jun 05, 2026
Jun 17, 2026
Showing 20 of 7408 Results