Total CVEs

143,746

Critical Severity

4,091

High Severity

14,758

Last 7 Days

1,549
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 1,721 - 1,740 of 40,151 CVEs
CVE-2026-46465 MEDIUM - 5.5

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an use of externally-controlled format string vulnerability. A high privileged ...

Vendor: Dell
Product: PowerProtect Data Domain
Published: Jul 03, 2026
Source: NVD
CVE-2026-46464 MEDIUM - 4.9

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an improper link resolution before file access ('Link following') vul...

Vendor: Dell
Product: PowerProtect Data Domain
Published: Jul 03, 2026
Source: NVD
CVE-2026-46463 MEDIUM - 6.5

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an integer overflow or wraparound vulnerability. An unauthenticated attacker wi...

Vendor: Dell
Product: PowerProtect Data Domain
Published: Jul 03, 2026
Source: NVD

Authorization Bypass Through User-Controlled Key (CWE-639) in CalendarDeleteEventController (app/Http/Controllers/Calendar/CalendarDeleteEventController.php), exposed at GET /calendar/event/delete/{id}, in Prospero Flow CRM before 5.5.3 allows a remote, authenticated attacker to delete arbitrary cal...

Vendor: Roskus
Product: Prospero Flow CRM
Published: Jul 03, 2026
Source: NVD

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an use of uninitialized resource vulnerability. A low privileged attacker with ...

Vendor: Dell
Product: PowerProtect Data Domain
Published: Jul 03, 2026
Source: NVD
CVE-2026-56015 CRITICAL - 9.1

Net::IP::LPM versions through 1.10 for Perl allow a heap out-of-bounds read via an unbounded prefix length. add() passes the prefix string to the trie builder addPrefixToTrie() without checking it against the address width. addPrefixToTrie() then walks the prefix buffer by prefix_length bits, read...

Vendor: TPODER
Product: Net::IP::LPM
Published: Jul 03, 2026
Source: NVD
CVE-2026-54483 MEDIUM - 6.7

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an improper neutralization of special elements used in an OS command ('OS ...

Vendor: Dell
Product: PowerProtect Data Domain
Published: Jul 03, 2026
Source: NVD
CVE-2026-46730 MEDIUM - 4.2

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an incorrect authorization vulnerability. A high privileged attacker with local...

Vendor: Dell
Product: PowerProtect Data Domain
Published: Jul 03, 2026
Source: NVD
CVE-2026-46468 MEDIUM - 4.4

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an improper link resolution before file access ('Link following') vul...

Vendor: Dell
Product: PowerProtect Data Domain
Published: Jul 03, 2026
Source: NVD
CVE-2026-46467 MEDIUM - 5.8

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an insertion of sensitive information into log file vulnerability. A low privil...

Vendor: Dell
Product: PowerProtect Data Domain
Published: Jul 03, 2026
Source: NVD
CVE-2026-44269 MEDIUM - 4.4

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an improper link resolution before file access ('link following') vul...

Vendor: Dell
Product: PowerProtect Data Domain
Published: Jul 03, 2026
Source: NVD
CVE-2026-44268 MEDIUM - 4.4

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an incorrect permission Assignment for critical resource vulnerability. A high ...

Vendor: Dell
Product: PowerProtect Data Domain
Published: Jul 03, 2026
Source: NVD

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an Improper limitation of a pathname to a restricted directory ('path trav...

Vendor: Dell
Product: PowerProtect Data Domain
Published: Jul 03, 2026
Source: NVD
CVE-2026-41123 MEDIUM - 4.3

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an improper access control vulnerability in the RBAC. A low privileged attacker...

Vendor: Dell
Product: PowerProtect Data Domain
Published: Jul 03, 2026
Source: NVD
CVE-2026-26355 MEDIUM - 6.5

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an improper neutralization of special Elements used in an OS command ('OS ...

Vendor: Dell
Product: PowerProtect Data Domain
Published: Jul 03, 2026
Source: NVD

Rejected reason: Red Hat Product Security has concluded that this CVE is not required. The reported issue has been classified as a regular bug and will be addressed through the standard bug-fixing process.

Published: Jul 03, 2026
Source: NVD
CVE-2026-13341 HIGH - 7.4

A vulnerability exists in the Kong Konnect Model Context Protocol (MCP) server prior to version 1.0.0, which could allow a remote attacker to perform an indirect prompt injection attack and execute unintended API requests.

Vendor: KongHQ
Product: mcp-konnect
Published: Jul 03, 2026
Source: NVD
CVE-2026-10055 HIGH - 8.5

In Eclipse Theia since version 1.26.0, the backend /services/request-service RPC accepts an attacker-controlled URL from any client connected to the standard /services messaging endpoint, performs the HTTP request server-side, and returns the full response body to the caller. Because the destina...

Vendor: Eclipse Foundation
Product: Eclipse Theia
Published: Jul 03, 2026
Source: NVD
CVE-2026-10054 HIGH - 8.8

In affected versions of Eclipse Theia (1.8.1 and later), the browser backend exposes privileged terminal RPC over WebSocket (/services/shell-terminal, /services/terminals/:id) without service-level authentication. WebSocket origin validation in @theia/core is fail-open: connections are accepted ...

Vendor: Eclipse Foundation
Product: Eclipse Theia
Published: Jul 03, 2026
Source: NVD
CVE-2026-5137 MEDIUM - 4.3

The RTMKit (rometheme-for-elementor) plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 2.0.7 This is due to insufficient path validation on the 'template' parameter in the render_templates AJAX endpoint, which is used directly in a require/include...

Published: Jul 03, 2026
Source: NVD