Security Vulnerabilities
Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by a Server-Side Request Forgery (SSRF) vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized read access. Exploitation of this issue requires user interaction in that a victim must visit a maliciously crafted URL or interact with a compromised web page. Scope is changed.
CVSS Score
7.4
EPSS Score
0.001
Published
2026-05-12
Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by an Uncontrolled Resource Consumption vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to exhaust system resources, resulting in an application denial-of-service condition. Exploitation of this issue does not require user interaction.
CVSS Score
7.5
EPSS Score
0.0
Published
2026-05-12
Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by an Uncontrolled Resource Consumption vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to exhaust system resources, resulting in an application denial-of-service condition. Exploitation of this issue does not require user interaction.
CVSS Score
7.5
EPSS Score
0.001
Published
2026-05-12
Vulnerabilities exist in a protocol-handling component of AOS-8 and AOS-10 Operating Systems. An unauthenticated attacker could exploit these vulnerabilities by sending specially crafted network messages to the affected service. Due to insufficient input validation, successful exploitation may terminate a critical system process, resulting in a denial-of-service condition.
CVSS Score
7.5
EPSS Score
0.0
Published
2026-05-12
Vulnerabilities exist in a protocol-handling component of AOS-8 and AOS-10 Operating Systems. An unauthenticated attacker could exploit these vulnerabilities by sending specially crafted network messages to the affected service. Due to insufficient input validation, successful exploitation may terminate a critical system process, resulting in a denial-of-service condition.
CVSS Score
7.5
EPSS Score
0.001
Published
2026-05-12
A vulnerability in a network management service of AOS-8 Operating System could allow an unauthenticated remote attacker to exploit this vulnerability by sending specially crafted network packets to the affected device, potentially resulting in a denial-of-service condition. Successful exploitation could cause the affected service process to terminate unexpectedly, disrupting normal device operations.
CVSS Score
7.5
EPSS Score
0.001
Published
2026-05-12
A heap-based buffer overflow vulnerability exists in a Network management service of AOS-8 and AOS-10 that could allow an unauthenticated remote attacker to achieve remote code execution. Successful exploitation could allow an unauthenticated attacker to execute arbitrary code as a privileged user on the underlying operating system, potentially leading to a system compromise. Exploitation may also result in a denial-of-service (DoS) condition affecting the impacted system process.
CVSS Score
7.5
EPSS Score
0.002
Published
2026-05-12
Substance3D - Designer versions 15.1.0 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access sensitive files and directories outside the intended access scope. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Scope is changed.
CVSS Score
6.3
EPSS Score
0.0
Published
2026-05-12
Substance3D - Designer versions 15.1.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVSS Score
7.8
EPSS Score
0.0
Published
2026-05-12
Substance3D - Designer versions 15.1.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVSS Score
7.8
EPSS Score
0.0
Published
2026-05-12