7.2
CVE-2025-37174 - Authenticated Arbitrary File Write Vulnerability in AOS 10 and AOS-8 Web-Based Management Interface
Authenticated arbitrary file write vulnerability exists in the web-based management interface of mobility conductors running either AOS-10 or AOS-8 operating systems. Successful exploitation could allow an authenticated malicious actor to create or modify arbitrary files and execute arbitrary commaโฆ
7.2
CVE-2025-37173 - Improper Input Handling Vulnerability in Authenticated Configuration API Endpoint (AOS-10/AOS-8 Webโฆ
An improper input handling vulnerability exists in the web-based management interface of mobility conductors running either AOS-10 or AOS-8 operating systems. Successful exploitation could allow an authenticated malicious actor with valid credentials to trigger unintended behavior on the affected sโฆ
7.2
CVE-2025-37172 - Authenticated Command Injection Vulnerabilities in AOS-8 Web-Based Management Interface
Authenticated command injection vulnerabilities exist in the web-based management interface of mobility conductors running AOS-8 operating system. Successful exploitation could allow an authenticated malicious actor to execute arbitrary commands as a privileged user on the underlying operating systโฆ
7.2
CVE-2025-37171 - Authenticated Command Injection Vulnerabilities in AOS-8 Web-Based Management Interface
Authenticated command injection vulnerabilities exist in the web-based management interface of mobility conductors running AOS-8 operating system. Successful exploitation could allow an authenticated malicious actor to execute arbitrary commands as a privileged user on the underlying operating systโฆ
7.2
CVE-2025-37170 - Authenticated Command Injection Vulnerabilities in AOS-8 Web-Based Management Interface
Authenticated command injection vulnerabilities exist in the web-based management interface of mobility conductors running AOS-8 operating system. Successful exploitation could allow an authenticated malicious actor to execute arbitrary commands as a privileged user on the underlying operating systโฆ
7.2
CVE-2025-37169 - Stack Overflow Vulnerability in AOS-10 Web-Based Management Interface
A stack overflow vulnerability exists in the AOS-10 web-based management interface of a Mobility Gateway. Successful exploitation could allow an authenticated malicious actor to execute arbitrary code as a privileged user on the underlying operating system.
0.0
CVE-2026-0921 -
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been removed to prevent accidental usage.
8.2
CVE-2025-37168 - Unauthenticated Arbitrary File Deletion Vulnerability in AOS-8 Operating System
Arbitrary file deletion vulnerability have been identified in a system function of mobility conductors running AOS-8 operating system. Successful exploitation of this vulnerability could allow an unauthenticated remote malicious actor to delete arbitrary files within the affected system and potentiโฆ
7.8
CVE-2026-21306 - Substance3D - Sampler | Out-of-bounds Write (CWE-787)
Substance3D - Sampler versions 5.1.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
8.2
CVE-2026-22817 - JWT Algorithm Confusion via Unsafe Default (HS256) in Hono JWT Middleware Allows Token Forgery and โฆ
Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.11.4, there is a flaw in Honoโs JWK/JWKS JWT verification middleware allowed the JWT headerโs alg value to influence signature verification when the selected JWK did not explicitly specify an algorithm.โฆ