Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
10338
Total
705
Critical
2973
High
3268
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-34654 | MEDIUM | 5.3 | Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by a Dependency on Vulnerable Third-Party Component vulnerability that could result in … | May 12, 2026 |
| CVE-2026-34653 | HIGH | 8.7 | Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path … | May 12, 2026 |
| CVE-2026-34652 | HIGH | 7.5 | Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by a Dependency on Vulnerable Third-Party Component vulnerability that could result in … | May 12, 2026 |
| CVE-2026-34651 | HIGH | 7.5 | Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by an Uncontrolled Resource Consumption vulnerability that could lead to application denial-of-service. … | May 12, 2026 |
| CVE-2026-34650 | HIGH | 7.5 | Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by an Uncontrolled Resource Consumption vulnerability that could lead to application denial-of-service. … | May 12, 2026 |
| CVE-2026-34649 | HIGH | 7.5 | Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by an Uncontrolled Resource Consumption vulnerability that could lead to application denial-of-service. … | May 12, 2026 |
| CVE-2026-34648 | HIGH | 7.5 | Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by an Uncontrolled Resource Consumption vulnerability that could lead to application denial-of-service. … | May 12, 2026 |
| CVE-2026-34647 | HIGH | 7.4 | Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by a Server-Side Request Forgery (SSRF) vulnerability that could result in a … | May 12, 2026 |
| CVE-2026-34646 | HIGH | 7.5 | Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by an Incorrect Authorization vulnerability that could result in a Security feature … | May 12, 2026 |
| CVE-2026-34645 | HIGH | 7.5 | Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by an Incorrect Authorization vulnerability that could result in a Security feature … | May 12, 2026 |
| CVE-2026-23827 | HIGH | 7.5 | A heap-based buffer overflow vulnerability exists in a Network management service of AOS-8 and AOS-10 that could allow an unauthenticated remote attacker to achieve remote … | May 12, 2026 |
| CVE-2026-23826 | HIGH | 7.5 | A vulnerability in a network management service of AOS-8 Operating System could allow an unauthenticated remote attacker to exploit this vulnerability by sending specially crafted … | May 12, 2026 |
| CVE-2026-23825 | HIGH | 7.5 | Vulnerabilities exist in a protocol-handling component of AOS-8 and AOS-10 Operating Systems. An unauthenticated attacker could exploit these vulnerabilities by sending specially crafted network messages … | May 12, 2026 |
| CVE-2026-23824 | HIGH | 7.5 | Vulnerabilities exist in a protocol-handling component of AOS-8 and AOS-10 Operating Systems. An unauthenticated attacker could exploit these vulnerabilities by sending specially crafted network messages … | May 12, 2026 |
| CVE-2026-8431 | HIGH | 7.2 | An administrative user with access to configure webhooks can execute arbitrary commands by configuring and then triggering webhooks containing specific FreeMarker template syntax. This issue … | May 12, 2026 |
| CVE-2026-8430 | HIGH | 8.1 | SPIP versions prior to 4.4.14 contain a remote code execution vulnerability in the public space that is limited to certain nginx configurations, allowing attackers to … | May 12, 2026 |
| CVE-2026-8429 | HIGH | 8.8 | SPIP versions prior to 4.4.14 contain a remote code execution vulnerability in the private space that allows attackers to execute arbitrary code in the context … | May 12, 2026 |
| CVE-2026-34684 | MEDIUM | 5.5 | Substance3D - Designer versions 15.1.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of … | May 12, 2026 |
| CVE-2026-34683 | MEDIUM | 5.5 | Substance3D - Designer versions 15.1.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of … | May 12, 2026 |
| CVE-2026-34682 | HIGH | 7.8 | Substance3D - Designer versions 15.1.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of … | May 12, 2026 |
| CVE-2026-34681 | HIGH | 7.8 | Substance3D - Designer versions 15.1.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of … | May 12, 2026 |
| CVE-2026-34664 | MEDIUM | 6.3 | Substance3D - Designer versions 15.1.0 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could … | May 12, 2026 |
| CVE-2026-34660 | CRITICAL | 9.3 | Adobe Connect versions 2025.9.15, 2025.8.157 and earlier are affected by an Incorrect Authorization vulnerability that could result in arbitrary code execution in the context of … | May 12, 2026 |
| CVE-2026-34659 | CRITICAL | 9.6 | Adobe Connect versions 2025.9.15, 2025.8.157 and earlier are affected by a Deserialization of Untrusted Data vulnerability that could result in arbitrary code execution in the … | May 12, 2026 |
| CVE-2026-23823 | HIGH | 7.2 | A vulnerability in the command line interface of Access Points running AOS-10 could allow an authenticated remote attacker to perform command injection. Successful exploitation could … | May 12, 2026 |