7.2
CVE-2026-23815 - Authenticated Command Injection found in AOS-CX Administrative CLI Command
A vulnerability in a custom binary used in AOS-CX Switches' CLI could allow an authenticated remote attacker with high privileges to perform command injection. Successful exploitation could allow an attacker to execute unauthorized commands.
8.8
CVE-2026-23814 - Authenticated Command Injection found in AOS-CX CLI Command
A vulnerability in the command parameters of a certain AOS-CX CLI command could allow a low-privilege authenticated remote attacker to inject malicious commands resulting in unwanted behavior.
9.8
CVE-2026-23813 - Authentication Bypass in Web Interface allows Unauthenticated Admin Password Reset
A vulnerability has been identified in the web-based management interface of AOS-CX switches that could potentially allow an unauthenticated remote actor to circumvent existing authentication controls. In some cases this could enable resetting the admin password.
8.1
CVE-2026-3453 - ProfilePress <= 4.16.11 - Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitraryβ¦
The ProfilePress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.16.11. This is due to missing ownership validation on the change_plan_sub_id parameter in the process_checkout() function. The ppress_process_checkout AJAX handler acceptsβ¦
4.8
CVE-2026-21291 - Adobe Commerce | Cross-site Scripting (Stored XSS) (CWE-79)
Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a high-privileged attacker to inject malicious scripts into vulnerable form fields. Exploitation of this isβ¦
5.5
CVE-2026-21293 - Adobe Commerce | Server-Side Request Forgery (SSRF) (CWE-918)
Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by a Server-Side Request Forgery (SSRF) vulnerability that could result in a Security feature bypass. A high-privileged attacker could exploit this vulnerability to manipulate server-sβ¦
5.3
CVE-2026-21282 - Adobe Commerce | Improper Input Validation (CWE-20)
Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by an Improper Input Validation vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability by providing specially crafted input, causiβ¦
5.3
CVE-2026-21286 - Adobe Commerce | Incorrect Authorization (CWE-863)
Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by an Incorrect Authorization vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain limited uβ¦
5.5
CVE-2026-21294 - Adobe Commerce | Server-Side Request Forgery (SSRF) (CWE-918)
Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by a Server-Side Request Forgery (SSRF) vulnerability that could result in a Security feature bypass. A high-privileged attacker could exploit this vulnerability to manipulate server-sβ¦
8.1
CVE-2026-21284 - Adobe Commerce | Cross-site Scripting (Stored XSS) (CWE-79)
Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a high-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript maβ¦