CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CNNVD•added 2026/04/20 12:0 a.m.•6 views

Dell PowerProtect Data Domain（Dell PowerProtect DD）安全漏洞

Dell PowerProtect Data Domain Dell PowerProtect DD is a set of hardware devices developed by the American company Dell, used for data protection, backup, storage, and de-duplication. There are security vulnerabilities in versions 8.5 to 8.6 of the Dell PowerProtect Data Domain. These...

7.2CVSS6.1AI score0.00033EPSS

Positive Technologies•added 2026/04/20 12:0 a.m.•2 views

PT-2026-33833

Name of the Vulnerable Software and Affected Versions Rclone versions 1.48.0 through 1.73.4 Description The RC endpoint "operations/fsinfo" is exposed without authentication and accepts attacker-controlled fs input. Since the rc.GetFs function supports inline backend definitions, an unauthenticat...

9.8CVSS5.9AI score0.06827EPSS

Exploits1References33

ATTACKERKB•added 2026/04/19 7:0 p.m.•2 views

CVE-2026-6576

A vulnerability was determined in liangliangyy DjangoBlog up to 2.1.0.0. The affected element is the function CommandHandler of the file servermanager/api/commonapi.py of the component WeChat Bot Interface. Executing a manipulation of the argument Source can lead to command injection. It is...

6.5CVSS5.4AI score0.00421EPSS

Exploits0References4Affected Software1

Positive Technologies•added 2026/04/19 12:0 a.m.•2 views

PT-2026-33641

6.5CVSS5.4AI score0.00421EPSS

GithubExploit•added 2026/04/18 7:39 p.m.•139 views

Exploit for CVE-2026-4257

⚡ WordPress - Contact Form 7 - Unauthenticated SSTI To Remote...

9.8CVSS6.5AI score0.86931EPSS

Exploits7

NVD•added 2026/04/17 9:16 p.m.•0 views

CVE-2026-33145

xrdp is an open source RDP server. Versions through 0.10.5 allow an authenticated remote user to execute arbitrary commands on the server due to unsafe handling of the AlternateShell parameter in xrdp-sesman. When the AllowAlternateShell setting is enabled which is the default when not explicitly...

6.3CVSS0.00079EPSS

OSV•added 2026/04/17 9:16 p.m.•1 views

DEBIAN-CVE-2026-33145

6.3CVSS6.3AI score0.00079EPSS

Cvelist•added 2026/04/17 8:14 p.m.•15 views

CVE-2026-33145 xrdp: Authenticated RCE via unsanitized AlternateShell execution in xrdp-sesman

6.3CVSS0.00079EPSS

Vulnrichment•added 2026/04/17 8:14 p.m.•0 views

CVE-2026-33145 xrdp: Authenticated RCE via unsanitized AlternateShell execution in xrdp-sesman

6.3CVSS6.2AI score0.00079EPSS

AlpineLinux•added 2026/04/17 8:14 p.m.•3 views

CVE-2026-33145

6.3CVSS6.3AI score0.00079EPSS

Exploits0

ATTACKERKB•added 2026/04/17 8:14 p.m.•1 views

CVE-2026-33145

6.3CVSS6.2AI score0.00079EPSS

Exploits0References3Affected Software1

NVD•added 2026/04/17 11:16 a.m.•0 views

CVE-2026-6483

A vulnerability was found in Wavlink WL-WN530H4 20220721. This vulnerability affects the function strcat/snprintf of the file /cgi-bin/internet.cgi. The manipulation results in os command injection. It is possible to launch the attack remotely. The exploit has been made public and could be used...

8.6CVSS0.00038EPSS

OSV•added 2026/04/17 10:53 a.m.•0 views

MAL-2026-2841 Malicious code in lixxyly (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 e3c0a4fef6764ec743cc96d88d10dbc9a33197300a3b916746ab5f5391ad6e96 Starting the module activates a hardcoded telegram bot allowing remote code execution, data exfiltration, collecting webcam photos, clipboard data, etc. ---...

6.2AI score

Vulnrichment•added 2026/04/17 10:30 a.m.•2 views

CVE-2026-6483 Wavlink WL-WN530H4 internet.cgi snprintf os command injection

8.6CVSS6.7AI score0.00038EPSS

Cvelist•added 2026/04/17 10:30 a.m.•28 views

CVE-2026-6483 Wavlink WL-WN530H4 internet.cgi snprintf os command injection

8.6CVSS0.00038EPSS

CVE•added 2026/04/17 10:30 a.m.•10 views

CVE-2026-6483

CVE-2026-6483 affects Wavlink WL-WN530H4 (firmware 20220721). The flaw is in the strcat/snprintf usage in /cgi-bin/internet.cgi, enabling remote, unauthenticated command injection with high impact (confidentiality, integrity, availability). Exploitation is feasible over the network; public exploi...

8.6CVSS6.7AI score0.00038EPSS

EUVD•added 2026/04/17 9:31 a.m.•2 views

EUVD-2026-23396

Dell PowerProtect Data Domain with Data Domain Operating System DD OS of Feature Release versions 7.7.1.0 through 8.5, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.50, contain a command injection vulnerability. A high privileged attacker with...

7.2CVSS5.8AI score0.00043EPSS

CVE•added 2026/04/17 8:33 a.m.•5 views

CVE-2026-23778

Affected product: Dell PowerProtect Data Domain with DD OS (Feature Release: 7.7.1.0–8.5; LTS2025: 8.3.1.0–8.3.1.20; LTS2024: 7.13.1.0–7.13.1.50). Issue: command injection vulnerability allowing a high-privilege, remote attacker to potentially gain root-level access. Impact: CVSS v3.1 base score ...

7.2CVSS5.8AI score0.00043EPSS

Exploits0References1Affected Software2

CNNVD•added 2026/04/17 12:0 a.m.•5 views

Dell PowerProtect Data Domain 安全漏洞

Dell PowerProtect Data Domain is a data protection specialized storage device whose main function is to provide efficient data de-duplication, backup and recovery. A command injection vulnerability exists in Dell PowerProtect Data Domain. The vulnerability stems from a failure of the Data Domain...

7.2CVSS5.8AI score0.00043EPSS