Total CVEs

144,714

Critical Severity

4,191

High Severity

15,264

Last 7 Days

1,966
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 21,301 - 21,320 of 41,119 CVEs
CVE-2026-23777 MEDIUM - 4.3

Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.5, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.50, contain an exposure of sensitive information to an unauthorized actor vulner...

Vendor: Dell
Product: PowerProtect Data Domain
Published: Apr 17, 2026
Source: NVD
CVE-2025-46641 MEDIUM - 6.6

Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 8.4 through 8.5 contain an improper authentication vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to unauthorized access.

Vendor: Dell
Product: PowerProtect Data Domain
Published: Apr 17, 2026
Source: NVD
CVE-2025-46607 MEDIUM - 6.6

Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 8.4 through 8.5 contain an improper authentication vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to unauthorized access.

Vendor: Dell
Product: PowerProtect Data Domain
Published: Apr 17, 2026
Source: NVD
CVE-2025-46606 MEDIUM - 6.2

Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 8.4 through 8.5 contain an improper restriction of excessive authentication attempts vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading ...

Vendor: Dell
Product: PowerProtect Data Domain
Published: Apr 17, 2026
Source: NVD
CVE-2025-46605 MEDIUM - 6.2

Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 8.4 through 8.5 contain a session fixation vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to unauthorized access.

Vendor: Dell
Product: PowerProtect Data Domain
Published: Apr 17, 2026
Source: NVD
CVE-2026-6483 HIGH - 7.2

A vulnerability was found in Wavlink WL-WN530H4 20220721. This vulnerability affects the function strcat/snprintf of the file /cgi-bin/internet.cgi. The manipulation results in os command injection. It is possible to launch the attack remotely. The exploit has been made public and could be used. Upg...

Published: Apr 17, 2026
Source: NVD

GREENmod uses named pipes for communication between plugins, the web portal, and the system service, but the access control lists for these pipes are configured incorrectly. This allows an attacker to communicate with the stream and upload any XML or JSON file, which will be processed by the named p...

Published: Apr 17, 2026
Source: NVD
CVE-2026-35153 MEDIUM - 6.7

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7.0.0, LTS2025 release versions 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60 contain an improper neutralization of argument delimiters in a command ('argument injection') vulnerability. A high privil...

Vendor: Dell
Product: PowerProtect Data Domain
Published: Apr 17, 2026
Source: NVD
CVE-2026-35074 MEDIUM - 6.7

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7.0.0, LTS2025 release versions 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60 contain an improper neutralization of special elements used in an OS Command Injection vulnerability. A high privileged attacker wit...

Vendor: Dell
Product: PowerProtect Data Domain
Published: Apr 17, 2026
Source: NVD
CVE-2026-35073 MEDIUM - 6.7

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7.0.0, LTS2025 release versions 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60 contain an improper neutralization of special elements used in an OS command injection vulnerability. A high privileged attacker wit...

Vendor: Dell
Product: PowerProtect Data Domain
Published: Apr 17, 2026
Source: NVD
CVE-2026-35072 MEDIUM - 6.7

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7.0.0, LTS2025 release versions 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60 contain an improper neutralization of special elements used in an OS command ('OS command injection') vulnerability. A hig...

Vendor: Dell
Product: PowerProtect Data Domain
Published: Apr 17, 2026
Source: NVD
CVE-2026-23779 MEDIUM - 6.7

Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.5, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.50, contain a command injection vulnerability. A high privileged attacker with l...

Vendor: Dell
Product: PowerProtect Data Domain
Published: Apr 17, 2026
Source: NVD
CVE-2026-23776 HIGH - 7.2

Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.5, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60, contain(s) an Improper Certificate Validation vulnerability in certificate-b...

Vendor: Dell
Product: PowerProtect Data Domain
Published: Apr 17, 2026
Source: NVD
CVE-2026-6494 MEDIUM - 5.3

A flaw was found in the AAP MCP server. An unauthenticated remote attacker can exploit a log injection vulnerability by sending specially crafted input to the `toolsetroute` parameter. This parameter is not properly sanitized before being written to logs, allowing the attacker to inject control char...

Published: Apr 17, 2026
Source: NVD
CVE-2026-6439 MEDIUM - 4.4

The VideoZen plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 1.0.1. This is due to insufficient input sanitization and output escaping in the videozen_conf() function. The 'lang' POST parameter is stored directly via update_option() without...

Published: Apr 17, 2026
Source: NVD
CVE-2026-23778 HIGH - 7.2

Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.5, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.50, contain a command injection vulnerability. A high privileged attacker with r...

Vendor: Dell
Product: PowerProtect Data Domain
Published: Apr 17, 2026
Source: NVD
CVE-2026-23775 HIGH - 7.6

Dell PowerProtect Data Domain appliances with Data Domain Operating System (DD OS) of Feature Release versions 8.0 through 8.5, LTS2025 release version 8.3.1.0 through 8.3.1.10 contain an insertion of sensitive information into log file vulnerability. A low privileged attacker with remote access cou...

Vendor: Dell
Product: PowerProtect Data Domain appliances
Published: Apr 17, 2026
Source: NVD
CVE-2025-36568 HIGH - 7.8

Dell PowerProtect Data Domain BoostFS for client of Feature Release versions 7.7.1.0 through 8.5, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.50, contain an insufficiently protected credentials vulnerability. A low privileged attacker with local...

Vendor: Dell
Product: PowerProtect Data Domain BoostFS
Published: Apr 17, 2026
Source: NVD

Unauthenticated user is able toย execute arbitrary SQL commands in Sparx Pro Cloud Server database in certain cases.

Vendor: Sparx Systems Pty Ltd.
Product: Sparx Pro Cloud Server
Published: Apr 17, 2026
Source: NVD

Plaintext Storage of a Password vulnerability in Sparx Systems Pty Ltd. Sparx Pro Cloud Server.ย  In a setup where OpenID is used as the primary method of authentication to authenticate to Sparx EA, Pro Cloud Server creates local passwords to the users and stores them in plaintext.

Vendor: Sparx Systems Pty Ltd.
Product: Sparx Pro Cloud Server
Published: Apr 17, 2026
Source: NVD