6.5
CVE-2025-37176 - Authenticated Command Injection Vulnerability in an AOS-8 operating system's internal workflow
A command injection vulnerability in AOS-8 allows an authenticated privileged user to alter a package header to inject shell commands, potentially affecting the execution of internal operations. Successful exploit could allow an authenticated malicious actor to execute commands with the privileges β¦
7.2
CVE-2025-37175 - Authenticated Arbitrary File Upload Vulnerability in AOS-10 or AOS-8 Web-Based Management Interface
Arbitrary file upload vulnerability exists in the web-based management interface of mobility conductors running either AOS-10 or AOS-8 operating systems. Successful exploitation could allow an authenticated malicious actor to upload arbitrary files as a privilege user and execute arbitrary commandsβ¦
5.5
CVE-2026-21308 - Substance3D - Designer | Out-of-bounds Read (CWE-125)
Substance3D - Designer versions 15.0.3 and earlier are affected by an Out-of-bounds Read vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to disclose sensitive information stored in memory. Exploitation of this issue requires user interaction in that aβ¦
7.8
CVE-2026-21307 - Substance3D - Designer | Out-of-bounds Write (CWE-787)
Substance3D - Designer versions 15.0.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
7.2
CVE-2025-37174 - Authenticated Arbitrary File Write Vulnerability in AOS 10 and AOS-8 Web-Based Management Interface
Authenticated arbitrary file write vulnerability exists in the web-based management interface of mobility conductors running either AOS-10 or AOS-8 operating systems. Successful exploitation could allow an authenticated malicious actor to create or modify arbitrary files and execute arbitrary commaβ¦
7.2
CVE-2025-37173 - Improper Input Handling Vulnerability in Authenticated Configuration API Endpoint (AOS-10/AOS-8 Webβ¦
An improper input handling vulnerability exists in the web-based management interface of mobility conductors running either AOS-10 or AOS-8 operating systems. Successful exploitation could allow an authenticated malicious actor with valid credentials to trigger unintended behavior on the affected sβ¦
7.2
CVE-2025-37172 - Authenticated Command Injection Vulnerabilities in AOS-8 Web-Based Management Interface
Authenticated command injection vulnerabilities exist in the web-based management interface of mobility conductors running AOS-8 operating system. Successful exploitation could allow an authenticated malicious actor to execute arbitrary commands as a privileged user on the underlying operating systβ¦
7.2
CVE-2025-37171 - Authenticated Command Injection Vulnerabilities in AOS-8 Web-Based Management Interface
Authenticated command injection vulnerabilities exist in the web-based management interface of mobility conductors running AOS-8 operating system. Successful exploitation could allow an authenticated malicious actor to execute arbitrary commands as a privileged user on the underlying operating systβ¦
7.2
CVE-2025-37170 - Authenticated Command Injection Vulnerabilities in AOS-8 Web-Based Management Interface
Authenticated command injection vulnerabilities exist in the web-based management interface of mobility conductors running AOS-8 operating system. Successful exploitation could allow an authenticated malicious actor to execute arbitrary commands as a privileged user on the underlying operating systβ¦
7.2
CVE-2025-37169 - Stack Overflow Vulnerability in AOS-10 Web-Based Management Interface
A stack overflow vulnerability exists in the AOS-10 web-based management interface of a Mobility Gateway. Successful exploitation could allow an authenticated malicious actor to execute arbitrary code as a privileged user on the underlying operating system.