CVE Database

36500+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2026-44870
7.2 HIGH

Command injection vulnerabilities exist in the command line interface (CLI) service accessed by the PAPI protocol of AOS-8 and AOS-10 Operating Systems. Successful exploitation of …

May 12, 2026
CVE-2026-44869
7.2 HIGH

Command injection vulnerabilities exist in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Successful exploitation of these vulnerabilities could allow an authenticated remote …

May 12, 2026
CVE-2026-44868
7.2 HIGH

Command injection vulnerabilities exist in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Successful exploitation of these vulnerabilities could allow an authenticated remote …

May 12, 2026
CVE-2026-44867
7.2 HIGH

Command injection vulnerabilities exist in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Successful exploitation of these vulnerabilities could allow an authenticated remote …

May 12, 2026
CVE-2026-44866
7.2 HIGH

Command injection vulnerabilities exist in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Successful exploitation of these vulnerabilities could allow an authenticated remote …

May 12, 2026
CVE-2026-44865
7.2 HIGH

Command injection vulnerabilities exist in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Successful exploitation of these vulnerabilities could allow an authenticated remote …

May 12, 2026
CVE-2026-44864
7.2 HIGH

SQL injection vulnerabilities exist in several underlying service components accessible through the AOS-8 and AOS-10 command-line interface and management protocol. An authenticated attacker with administrative …

May 12, 2026
CVE-2026-44863
7.2 HIGH

SQL injection vulnerabilities exist in several underlying service components accessible through the AOS-8 and AOS-10 command-line interface and management protocol. An authenticated attacker with administrative …

May 12, 2026
CVE-2026-44862
7.2 HIGH

SQL injection vulnerabilities exist in several underlying service components accessible through the AOS-8 and AOS-10 command-line interface and management protocol. An authenticated attacker with administrative …

May 12, 2026
CVE-2026-44861
7.2 HIGH

SQL injection vulnerabilities exist in several underlying service components accessible through the AOS-8 and AOS-10 command-line interface and management protocol. An authenticated attacker with administrative …

May 12, 2026
CVE-2026-44860
7.2 HIGH

SQL injection vulnerabilities exist in several underlying service components accessible through the AOS-8 and AOS-10 command-line interface and management protocol. An authenticated attacker with administrative …

May 12, 2026
CVE-2026-44859
7.2 HIGH

Stack-based buffer overflow vulnerabilities exist in several underlying management service components accessed through the command-line interface of the AOS-8 and AOS-10 Operating Systems. An authenticated …

May 12, 2026
CVE-2026-44858
7.2 HIGH

Stack-based buffer overflow vulnerabilities exist in several underlying management service components accessed through the command-line interface of the AOS-8 and AOS-10 Operating Systems. An authenticated …

May 12, 2026
CVE-2026-44857
7.2 HIGH

Stack-based buffer overflow vulnerabilities exist in several underlying management service components accessed through the command-line interface of the AOS-8 and AOS-10 Operating Systems. An authenticated …

May 12, 2026
CVE-2026-44856
7.2 HIGH

Stack-based buffer overflow vulnerabilities exist in several underlying management service components accessed through the command-line interface of the AOS-8 and AOS-10 Operating Systems. An authenticated …

May 12, 2026
CVE-2026-44855
7.2 HIGH

Stack-based buffer overflow vulnerabilities exist in several underlying management service components accessed through the command-line interface of the AOS-8 and AOS-10 Operating Systems. An authenticated …

May 12, 2026
CVE-2026-44854
7.2 HIGH

Command injection vulnerabilities exist in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Successful exploitation could allow an authenticated remote attacker to upload …

May 12, 2026
CVE-2026-44853
7.2 HIGH

Command injection vulnerabilities exist in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Successful exploitation could allow an authenticated remote attacker to upload …

May 12, 2026
CVE-2026-44852
7.2 HIGH

An authenticated remote code execution vulnerability exists in the AOS-8 and AOS-10 web-based management interface. A vulnerability in the certificate download functionality could allow an …

May 12, 2026
CVE-2026-34690
7.8 HIGH

After Effects versions 26.0, 25.6.4 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context …

May 12, 2026
CVE-2026-34686
8.7 HIGH

Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by …

May 12, 2026
CVE-2026-34665
7.5 HIGH

CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affected by an Uncontrolled Resource Consumption vulnerability that could lead to application denial-of-service. An attacker could …

May 12, 2026
CVE-2026-34653
8.7 HIGH

Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path …

May 12, 2026
CVE-2026-34652
7.5 HIGH

Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by a Dependency on Vulnerable Third-Party Component vulnerability that could result in …

May 12, 2026
CVE-2026-34651
7.5 HIGH

Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by an Uncontrolled Resource Consumption vulnerability that could lead to application denial-of-service. …

May 12, 2026
CVE-2026-34650
7.5 HIGH

Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by an Uncontrolled Resource Consumption vulnerability that could lead to application denial-of-service. …

May 12, 2026
CVE-2026-34649
7.5 HIGH

Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by an Uncontrolled Resource Consumption vulnerability that could lead to application denial-of-service. …

May 12, 2026
CVE-2026-34648
7.5 HIGH

Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by an Uncontrolled Resource Consumption vulnerability that could lead to application denial-of-service. …

May 12, 2026
CVE-2026-34647
7.4 HIGH

Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by a Server-Side Request Forgery (SSRF) vulnerability that could result in a …

May 12, 2026
CVE-2026-34646
7.5 HIGH

Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by an Incorrect Authorization vulnerability that could result in a Security feature …

May 12, 2026
CVE-2026-34645
7.5 HIGH

Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by an Incorrect Authorization vulnerability that could result in a Security feature …

May 12, 2026
CVE-2026-23827
7.5 HIGH

A heap-based buffer overflow vulnerability exists in a Network management service of AOS-8 and AOS-10 that could allow an unauthenticated remote attacker to achieve remote …

May 12, 2026
CVE-2026-23826
7.5 HIGH

A vulnerability in a network management service of AOS-8 Operating System could allow an unauthenticated remote attacker to exploit this vulnerability by sending specially crafted …

May 12, 2026
CVE-2026-23825
7.5 HIGH

Vulnerabilities exist in a protocol-handling component of AOS-8 and AOS-10 Operating Systems. An unauthenticated attacker could exploit these vulnerabilities by sending specially crafted network messages …

May 12, 2026
CVE-2026-23824
7.5 HIGH

Vulnerabilities exist in a protocol-handling component of AOS-8 and AOS-10 Operating Systems. An unauthenticated attacker could exploit these vulnerabilities by sending specially crafted network messages …

May 12, 2026
CVE-2026-8431
7.2 HIGH

An administrative user with access to configure webhooks can execute arbitrary commands by configuring and then triggering webhooks containing specific FreeMarker template syntax. This issue …

May 12, 2026
CVE-2026-8430
8.1 HIGH

SPIP versions prior to 4.4.14 contain a remote code execution vulnerability in the public space that is limited to certain nginx configurations, allowing attackers to …

May 12, 2026
CVE-2026-8429
8.8 HIGH

SPIP versions prior to 4.4.14 contain a remote code execution vulnerability in the private space that allows attackers to execute arbitrary code in the context …

May 12, 2026
CVE-2026-34684
7.8 HIGH

Substance3D - Designer versions 15.1.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of …

May 12, 2026
CVE-2026-34683
7.8 HIGH

Substance3D - Designer versions 15.1.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of …

May 12, 2026
CVE-2026-34682
7.8 HIGH

Substance3D - Designer versions 15.1.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of …

May 12, 2026
CVE-2026-34681
7.8 HIGH

Substance3D - Designer versions 15.1.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of …

May 12, 2026
CVE-2026-23823
7.2 HIGH

A vulnerability in the command line interface of Access Points running AOS-10 could allow an authenticated remote attacker to perform command injection. Successful exploitation could …

May 12, 2026
CVE-2026-23821
7.2 HIGH

A vulnerability in the configuration processing logic of Access Points running AOS-10 could allow an authenticated remote attacker to execute system commands under certain pre-existing …

May 12, 2026
CVE-2026-23820
7.2 HIGH

A vulnerability in the command line interface of Access Points running AOS-10 and AOS-8 Instant could allow an authenticated remote attacker to execute system commands …

May 12, 2026
CVE-2026-23819
8.8 HIGH

A vulnerability in the web-based management interface of Access Points running AOS-10 and AOS-8 Instant could allow an unauthenticated remote attacker to execute arbitrary JavaScript …

May 12, 2026
CVE-2026-44184
8.0 HIGH

Cleanuparr is a tool for automating the cleanup of unwanted or blocked files in Sonarr, Radarr, and supported download clients like qBittorrent. Prior to 2.9.10, …

May 12, 2026
CVE-2026-44167
7.5 HIGH

phpseclib is a PHP secure communications library. Prior to 1.0.29, 2.0.54, and 3.0.52, anyone loading untrusted ASN1 files (eg. X509 certificates, RSA PKCS8 private or …

May 12, 2026
CVE-2026-43929
8.2 HIGH

ssrfcheck is a library that checks if a string contains a potential SSRF attack. In 1.3.0 and earlier, ssrfcheck fails to block Server-Side Request Forgery …

May 12, 2026
CVE-2026-43892
8.8 HIGH

AntSword is a cross-platform website management toolkit. Prior to 2.1.16, incomplete noxss() sanitization leads to 1-click RCE via jquery.terminal format code injection. This vulnerability is …

May 12, 2026

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.