CVE-2025-37171 Authenticated Command Injection Vulnerabilities in AOS-8 Web-Based Management Interface

Authenticated command injection vulnerabilities exist in the web-based management interface of mobility conductors running AOS-8 operating system. Successful exploitation could allow an authenticated malicious actor to execute arbitrary commands as a privileged user on the underlying operating...

CVE-2025-37171 Authenticated Command Injection Vulnerabilities in AOS-8 Web-Based Management Interface

Authenticated command injection vulnerabilities exist in the web-based management interface of mobility conductors running AOS-8 operating system. Successful exploitation could allow an authenticated malicious actor to execute arbitrary commands as a privileged user on the underlying operating...

CVE-2025-37169

CVE-2025-37169 affects the AOS-10 web-based management interface of a Mobility Gateway; a stack overflow could allow an authenticated attacker to execute arbitrary code as a privileged OS user. Evidence across connected advisories confirms the issue is in ArubaOS (AOS-10) web management, with rem...

CVE-2025-37168

CVE-2025-37168 describes an arbitrary file deletion vulnerability in Aruba Networks ArubaOS AOS-8 mobility conductors. The weakness allows an unauthenticated remote attacker to delete arbitrary files in the affected system, potentially causing denial‑of‑service conditions. Affected component: AOS...

CVE-2025-37168 Unauthenticated Arbitrary File Deletion Vulnerability in AOS-8 Operating System

Arbitrary file deletion vulnerability have been identified in a system function of mobility conductors running AOS-8 operating system. Successful exploitation of this vulnerability could allow an unauthenticated remote malicious actor to delete arbitrary files within the affected system and...

CVE-2026-21267

Dreamweaver Desktop versions 21.6 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability that could lead in arbitrary code execution by an attacker. Exploitation of this issue requires user interaction in that a victim...

CVE-2026-22791

openCryptoki is a PKCS11 library and tools for Linux and AIX. In 3.25.0 and 3.26.0, there is a heap buffer overflow vulnerability in the CKMECDHAESKEYWRAP implementation allows an attacker with local access to cause out-of-bounds writes in the host process by supplying a compressed EC public key...

CVE-2026-21267 Dreamweaver Desktop | Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') (CWE-78)

Dreamweaver Desktop versions 21.6 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability that could lead in arbitrary code execution by an attacker. Exploitation of this issue requires user interaction in that a victim...

CVE-2026-21267 Dreamweaver Desktop | Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') (CWE-78)

Dreamweaver Desktop versions 21.6 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability that could lead in arbitrary code execution by an attacker. Exploitation of this issue requires user interaction in that a victim...

CVE-2026-20925

External control of file name or path in Windows NTLM allows an unauthorized attacker to perform spoofing over a network...

CVE-2026-20854

Use after free in Windows Local Security Authority Subsystem Service LSASS allows an authorized attacker to execute code over a network...

CVE-2026-20854

Use after free in Windows Local Security Authority Subsystem Service LSASS allows an authorized attacker to execute code over a network...

2026-01 Cumulative Update for Microsoft server operating system version 21H2 for x64-based Systems (KB5073457)

Install this update to resolve issues in Windows. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article for more information. After you install this item, you may have to restart your computer...

CVE-2026-20936 Windows NDIS Information Disclosure Vulnerability

...

CVE-2026-20854 Windows Local Security Authority Subsystem Service (LSASS) Remote Code Execution Vulnerability

...

CVE-2026-20859 Windows Kernel-Mode Driver Elevation of Privilege Vulnerability

...

CVE-2026-20839 Windows Client-Side Caching (CSC) Service Information Disclosure Vulnerability

...

CVE-2026-20827 Tablet Windows User Interface (TWINUI) Subsystem Information Disclosure Vulnerability

...

CVE-2025-46684

Dell SupportAssist OS Recovery, versions prior to 5.5.15.1, contain a Creation of Temporary File With Insecure Permissions vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information Tampering...

CVE-2025-8090 Vulnerability in the QNX Neutrino Kernel impacts the QNX Software Development Platform and QNX OS for Safety

Null pointer dereference in the MsgRegisterEvent system call could allow an attacker with local access and code execution abilities to crash the QNX Neutrino kernel...