7.2
CVE-2025-37170 - Authenticated Command Injection Vulnerabilities in AOS-8 Web-Based Management Interface
Authenticated command injection vulnerabilities exist in the web-based management interface of mobility conductors running AOS-8 operating system. Successful exploitation could allow an authenticated malicious actor to execute arbitrary commands as a privileged user on the underlying operating systβ¦
7.2
CVE-2025-37169 - Stack Overflow Vulnerability in AOS-10 Web-Based Management Interface
A stack overflow vulnerability exists in the AOS-10 web-based management interface of a Mobility Gateway. Successful exploitation could allow an authenticated malicious actor to execute arbitrary code as a privileged user on the underlying operating system.
0.0
CVE-2026-0921 -
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been removed to prevent accidental usage.
8.2
CVE-2025-37168 - Unauthenticated Arbitrary File Deletion Vulnerability in AOS-8 Operating System
Arbitrary file deletion vulnerability have been identified in a system function of mobility conductors running AOS-8 operating system. Successful exploitation of this vulnerability could allow an unauthenticated remote malicious actor to delete arbitrary files within the affected system and potentiβ¦
7.8
CVE-2026-21306 - Substance3D - Sampler | Out-of-bounds Write (CWE-787)
Substance3D - Sampler versions 5.1.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
8.2
CVE-2026-22817 - JWT Algorithm Confusion via Unsafe Default (HS256) in Hono JWT Middleware Allows Token Forgery and β¦
Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.11.4, there is a flaw in Honoβs JWK/JWKS JWT verification middleware allowed the JWT headerβs alg value to influence signature verification when the selected JWK did not explicitly specify an algorithm.β¦
8.2
CVE-2026-22818 - JWT algorithm confusion in Hono JWK Auth Middleware when JWK lacks "alg" (untrusted header.alg fallβ¦
Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.11.4, there is a flaw in Honoβs JWK/JWKS JWT verification middleware allowed the algorithm specified in the JWT header to influence signature verification when the selected JWK did not explicitly defineβ¦
7.8
CVE-2026-21287 - Substance3D - Stager | Use After Free (CWE-416)
Substance3D - Stager versions 3.1.5 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
8.2
CVE-2026-22814 - Mass Assignment in AdonisJS Lucid Allows Overwriting Internal ORM State
@adonisjs/lucid is an SQL ORM for AdonisJS built on top of Knex. Prior to 21.8.2 and 22.0.0-next.6, there is a Mass Assignment vulnerability in AdonisJS Lucid which may allow a remote attacker who can influence data that is passed into Lucid model assignments to overwrite the internal ORM state. Thβ¦
4.4
CVE-2026-22809 - tarteaucitron.js has Regular Expression Denial of Service (ReDoS) vulnerability
tarteaucitron.js is a compliant and accessible cookie banner. Prior to 1.29.0, a Regular Expression Denial of Service (ReDoS) vulnerability was identified in tarteaucitron.js in the handling of the issuu_id parameter. This vulnerability is fixed in 1.29.0.