99 matches found
CVE-2026-41123
Dell PowerProtect Data Domain (versions 7.7.1.0–8.6; LTS2026 8.6.1.0–8.6.1.10; LTS2025 8.3.1.0–8.3.1.30; LTS2024 7.13.1.0–7.13.1.70) contains an improper RBAC access control vulnerability. The issue allows a low-privileged, remote attacker to cause information tampering due to RBAC misconfigurati...
CVE-2026-44268
Dell PowerProtect Data Domain (versions 7.7.1.0–8.6, plus LTS2026 8.6.1.0–8.6.1.10, LTS2025 8.3.1.0–8.3.1.30, LTS2024 7.13.1.0–7.13.1.70) contains an incorrect permission assignment for a critical resource vulnerability. A high-privileged attacker with local access could potentially exploit this ...
CVE-2026-46730
CVE-2026-46730 affects Dell PowerProtect Data Domain: versions 7.7.1.0 through 8.7, LTS2026 8.6.1.0–8.6.1.10, LTS2025 8.3.1.0–8.3.1.30, and LTS2024 7.13.1.0–7.13.1.70 contain an incorrect authorization vulnerability . A high-privileged attacker with local access could potentially exploit this to ...
CVE-2025-43905
CVE-2025-43905 affects Dell PowerProtect Data Domain running DD OS Feature Release 7.7.1.0–8.3.0.15, LTS2025 8.3.1.0, LTS2024 7.13.1.0–7.13.1.30, and LTS2023 7.10.1.0–7.10.1.60. The issue is an Improper Neutralization of Argument Delimiters in a Command (Argument Injection) which could allow a lo...
CVE-2026-23774
Dell PowerProtect Data Domain running DD OS Feature Release 7.7.1.0–8.5, LTS2025 8.3.1.0–8.3.1.10, LTS2024 7.13.1.0–7.13.1.40 contains an OS command injection vulnerability. A high-privilege attacker with remote access could achieve arbitrary command execution. Affected component: DD OS (OS-level...
CVE-2026-35074
CVE-2026-35074 affects Dell PowerProtect Data Domain products: 7.7.1.0–8.7.0.0, LTS2025 8.3.1.0–8.3.1.20, and LTS2024 7.13.1.0–7.13.1.60. The issue is an improper neutralization of special elements used in an OS command injection vulnerability, enabling a high-privilege local attacker to execute ...
CVE-2026-53481
Dell PowerProtect Data Domain is affected by a Path Traversal vulnerability (CVE-2026-53481) in versions 7.7.1.0–8.7, including LTS2026 (8.6.1.0–8.6.1.10), LTS2025 (8.3.1.0–8.3.1.30), and LTS2024 (7.13.1.0–7.13.1.70). An unauthenticated, remotely accessible attacker could exploit this to gain una...
CVE-2025-36565
Dell PowerProtect Data Domain running DD OS on Feature Release 7.7.1.0–8.1.0.10, LTS2024 7.13.1.0–7.13.1.25, and LTS 2023 7.10.1.0–7.10.1.50 is affected by an Improper Neutralization of Argument Delimiters (Argument Injection) vulnerability. A local attacker with high privileges could exploit thi...
CVE-2025-36566
Dell PowerProtect Data Domain running DD OS Feature Release versions 7.7.1.0–8.1.0.10, LTS2024 7.13.1.0–7.13.1.25, and LTS2023 7.10.1.0–7.10.1.50 contains an OS Command Injection due to improper neutralization of special elements. A high-privilege, local attacker could execute arbitrary commands ...
CVE-2025-43727
Dell PowerProtect Data Domain (DD OS) versions 7.7.1.0–8.1.0.10, 7.13.1.0–7.13.1.25, and 7.10.1.0–7.10.1.50 contain an incorrect implementation of the RestAPI authentication algorithm, enabling an unauthenticated remote attacker to gain unauthorized access. No exploitation details are provided in...
CVE-2025-43913
Dell PowerProtect Data Domain (DD OS) feature releases 7.7.1.0–8.3.0.15, LTS2025 8.3.1.0, LTS2024 7.13.1.0–7.13.1.30, and LTS 2023 7.10.1.0–7.10.1.60 contain a vulnerability described as Use of a Broken or Risky Cryptographic Algorithm. An unauthenticated, remote attacker could potentially cause ...
CVE-2025-45375
Dell PowerProtect Data Domain and the Data Domain Operating System (DD OS) Feature Release 7.7.1.0–8.3.0.15, LTS2025 8.3.1.0, LTS2024 7.13.1.0–7.13.1.30, and LTS2023 7.10.1.0–7.10.1.60 contain a stack-based buffer overflow. A high-privilege user with local access could exploit this to cause a Den...
CVE-2025-46645
Dell PowerProtect Data Domain with DD OS is affected by OS Command Injection due to improper neutralization of special elements. A high-privilege attacker with remote access could execute commands, potentially impacting confidentiality, integrity, and availability as described. Affected releases ...
CVE-2026-26355
Dell PowerProtect Data Domain: OS command injection vulnerability affects 7.7.1.0–8.7, LTS2026 8.6.1.0–8.6.1.10, LTS2025 8.3.1.0–8.3.1.30, LTS2024 7.13.1.0–7.13.1.70. A high-privilege attacker with remote access could potentially achieve command execution. No explicit remediation details are prov...
CVE-2026-28263
CVE-2026-28263 affects Dell PowerProtect Data Domain running DD OS Feature Release 7.7.1.0–8.5, LTS2025 8.3.1.0–8.3.1.20, and LTS2024 7.13.1.0–7.13.1.50. It describes a cross-site scripting vulnerability that could be exploited by a high-privilege attacker with remote access, leading to script in...
CVE-2026-35072
Dell PowerProtect Data Domain (versions 7.7.1.0–8.7.0.0; LTS2025 8.3.1.0–8.3.1.20; LTS2024 7.13.1.0–7.13.1.60) contains an OS command injection vulnerability due to improper neutralization of special elements in commands. A high-privilege local attacker could potentially execute arbitrary command...
CVE-2026-56085
Dell PowerProtect Data Domain is affected by CVE-2026-56085. The description indicates an use of uninitialized resource vulnerability in versions 7.7.1.0–8.7, LTS2026 8.6.1.0–8.6.1.10, LTS2025 8.3.1.0–8.3.1.30, and LTS2024 7.13.1.0–7.13.1.70, with a low-privileged, local attacker potentially caus...
CVE-2025-36569
Dell PowerProtect Data Domain with DD OS is affected by OS Command Injection in Feature Release 7.7.1.0–8.1.0.10, 7.13.1.0–7.13.1.25, and 7.10.1.0–7.10.1.50. The issue arises from improper neutralization of special elements in OS commands, allowing a high-privileged, local attacker to execute arb...
CVE-2025-43908
Dell PowerProtect Data Domain (DD OS) is affected by an OS Command Injection vulnerability in Feature Release 7.7.1.0–8.3.0.15, LTS2025 8.3.1.0, LTS2024 7.13.1.0–7.13.1.30, and LTS2023 7.10.1.0–7.10.1.60. The issue arises from improper neutralization of special elements in OS commands, potentiall...
CVE-2025-46606
Dell PowerProtect Data Domain with DD OS Feature Release versions 8.4–8.5 are affected by an improper restriction of excessive authentication attempts, which could allow a high-privilege attacker with remote access to gain unauthorized access. The vulnerability details, including affected product...
CVE-2026-23778
Affected product: Dell PowerProtect Data Domain with DD OS (Feature Release: 7.7.1.0–8.5; LTS2025: 8.3.1.0–8.3.1.20; LTS2024: 7.13.1.0–7.13.1.50). Issue: command injection vulnerability allowing a high-privilege, remote attacker to potentially gain root-level access. Impact: CVSS v3.1 base score ...
CVE-2026-24504
CVE-2026-24504 affects Dell PowerProtect Data Domain versions 7.7.1.0–8.6, LTS2025 8.3.1.0–8.3.1.20, and LTS2024 7.13.1.0–7.13.1.60, due to improper input validation. A high-privilege attacker with remote access could potentially exploit this to achieve arbitrary command execution with root privi...
CVE-2025-36567
Dell PowerProtect Data Domain (DD OS) is affected by an OS Command Injection vulnerability due to improper neutralization of special elements in commands. A high-privilege local attacker could execute arbitrary commands and potentially escalate to root on DD OS Feature Release 7.7.1.0–8.1.0.10, L...
CVE-2025-36568
Dell PowerProtect Data Domain BoostFS for client Feature Release versions 7.7.1.0–8.5, LTS2025 8.3.1.0–8.3.1.20, LTS2024 7.13.1.0–7.13.1.50 contains an insufficiently protected credentials vulnerability. A low‑privileged attacker with local access could exploit this to obtain credentials and acce...
CVE-2025-43909
Dell PowerProtect Data Domain (DD OS) versions 7.7.1.0–8.3.0.15, LTS2025 8.3.1.0, LTS2024 7.13.1.0–7.13.1.30, and LTS2023 7.10.1.0–7.10.1.60 contain a vulnerability in the DD boost component due to use of a broken or risky cryptographic algorithm. An unauthenticated, remote attacker could exploit...
CVE-2025-43911
Dell PowerProtect Data Domain (DD OS) feature releases and LTS lines are affected by an OS command injection vulnerability in multiple versions, caused by improper neutralization of special elements in OS commands. A high-privilege attacker with local access could achieve arbitrary command execut...
CVE-2025-46605
Dell PowerProtect Data Domain (DD OS Feature Release 8.4–8.5) contains a session fixation vulnerability that could allow a high-privilege attacker with remote access to gain unauthorized access. A Dell security update (DSA-2026-060) has been released to address this issue; apply the Dell patch to...
CVE-2025-46607
Dell PowerProtect Data Domain running DD OS Feature Release versions 8.4–8.5 contains an improper authentication vulnerability. A high-privileged attacker with remote access could potentially achieve unauthorized access to the system. The available documents do not specify affected versions beyon...
CVE-2026-22761
CVE-2026-22761 affects Dell PowerProtect Data Domain, versions 8.5–8.6. A vulnerability described as a command injection could allow a high-privileged, remote attacker to execute arbitrary commands with root privileges. The issue is documented across multiple sources (NVD/Red Hat/EUVD/NVD mirrors...
CVE-2025-43890
Dell PowerProtect Data Domain with DD OS feature releases from 7.7.1.0–8.3.0.15, LTS2025 8.3.1.0, LTS2024 7.13.1.0–7.13.1.30, and LTS2023 7.10.1.0–7.10.1.60 contains an OS command injection vulnerability (Improper Neutralization of Special Elements used in an OS Command). A high-privilege local a...
CVE-2025-43891
CVE-2025-43891 affects Dell PowerProtect Data Domain products running DD OS Feature Release 7.7.1.0–8.3.0.15, LTS2025 8.3.1.0, LTS2024 7.13.1.0–7.13.1.30, and LTS2023 7.10.1.0–7.10.1.60. The vulnerability is a use of a Broken or Risky Cryptographic Algorithm in the Authentication process, allowin...
CVE-2025-43910
Dell PowerProtect Data Domain products running DD OS Feature Release 7.7.1.0–8.3.0.15, LTS2025 8.3.1.0, LTS2024 7.13.1.0–7.13.1.30, and LTS 2023 7.10.1.0–7.10.1.60 contain a Stack-based Buffer Overflow in the DDSH CLI. The vulnerability allows a high-privileged, local attacker to trigger a Denial...
CVE-2025-43912
Dell PowerProtect Data Domain and DD OS versions are affected by a heap-based buffer overflow vulnerability. Affected releases include Feature Release 7.7.1.0–8.3.0.15, LTS2025 8.3.1.0, LTS2024 7.13.1.0–7.13.1.30, and LTS 2023 7.10.1.0–7.10.1.60. The issue can be triggered by an unauthenticated, ...
CVE-2025-43914
Dell PowerProtect Data Domain BoostFS for Linux is affected on multiple releases (Ubuntu Feature Releases 7.7.1.0–8.3.0.15; LTS 2025: 8.3.1.0; LTS 2024: 7.13.1.0–7.13.1.30; LTS 2023: 7.10.1.0–7.10.1.60). Issue: Incorrect Privilege Allocation allowing a local, low-privilege attacker to achieve una...
CVE-2025-43906
Dell PowerProtect Data Domain (DD OS) affected releases include 7.7.1.0–8.3.0.15, 8.3.1.0 (DD OS LTS2025), 7.13.1.0–7.13.1.30 (LTS2024), and 7.10.1.0–7.10.1.60 (LTS2023). The issue is an Improper Neutralization of Special Elements used in OS Commands (OS Command Injection) that could allow a high...
CVE-2025-43907
CVE-2025-43907 affects Dell PowerProtect Data Domain with DD OS feature releases 7.7.1.0–8.3.0.15, LTS2025 8.3.1.0, LTS2024 7.13.1.0–7.13.1.30, and LTS2023 7.10.1.0–7.10.1.60. Description from PT-2025-41149 confirms a Path Traversal issue where the sequence '.../...//' can be exploited by a remot...
CVE-2025-43934
Dell PowerProtect Data Domain and DD OS (various releases) are affected by a Path Traversal vulnerability caused by an improper limitation of a pathname to a restricted directory. A high-privilege attacker with local access could trigger a denial of service and unauthorized access. Affected versi...
CVE-2026-26951
CVE-2026-26951 affects Dell PowerProtect Data Domain. The advisory states a stack-based buffer overflow in the product affecting: 7.7.1.0–8.6, LTS2025 8.3.1.0–8.3.1.20, and LTS2024 7.13.1.0–7.13.1.60. The vulnerability could be exploited by a high-privilege attacker with local access to achieve a...
CVE-2026-53479
Dell PowerProtect Data Domain is affected: versions 7.7.1.0–8.7, LTS2026 8.6.1.0–8.6.1.10, LTS2025 8.3.1.0–8.3.1.30, and LTS2024 7.13.1.0–7.13.1.70 contain an OS command injection due to improper neutralization of special elements. A remote high-privileged attacker could exploit this to bypass pr...
CVE-2025-43889
Dell PowerProtect Data Domain (DD OS) components are affected across Feature Release 7.7.1.0–8.4, LTS2024 7.13.1.0–7.13.1.30, and LTS2023 7.10.1.0–7.10.1.60 by an Unauthenticated Path Traversal in the UI that can expose information via remote access. The issue is described as an improper limitati...
CVE-2025-46644
Dell PowerProtect Data Domain (DD OS) affected ranges: Feature Release 7.7.1.0–8.4.0.0, LTS2025 8.3.1.10, LTS2024 7.13.1.0–7.13.1.40, LTS2023 7.10.1.0–7.10.1.70. Description: OS Command Injection vulnerability due to improper neutralization of special elements in commands. Impact: a highly privil...
CVE-2025-46676
Dell PowerProtect Data Domain (DD OS) versions 7.7.1.0–8.4.0.0; LTS2025 8.3.1.10; LTS2024 7.13.1.0–7.13.1.40; LTS2023 7.10.1.0–7.10.1.70 contain an Exposure of Sensitive Information to an Unauthorized Actor vulnerability. A high-privilege attacker with remote access could disclose information. Re...
CVE-2026-23775
Affected product/versions: Dell PowerProtect Data Domain appliances running DD OS Feature Release 8.0–8.5 and LTS2025 8.3.1.0–8.3.1.10. Vulnerability and root cause: In DD OS, an insertion of sensitive information into a log file. The provided documents do not specify the exact code path but indi...
CVE-2026-23779
CVE-2026-23779 affects Dell PowerProtect Data Domain running DD OS. Versions: Feature Release 7.7.1.0–8.5, LTS2025 8.3.1.0–8.3.1.20, LTS2024 7.13.1.0–7.13.1.50. Description: a command injection vulnerability where a high-privileged attacker with local access could potentially obtain root-level ac...
CVE-2025-46643
Dell PowerProtect Data Domain running DD OS Feature Releases 7.7.1.0–8.4.0.0, LTS2025 8.3.1.10, LTS2024 7.13.1.0–7.13.1.40, and LTS 2023 7.10.1.0–7.10.1.70 contains a Heap-based Buffer Overflow. A high-privilege attacker with local access could exploit this to cause a Denial of Service. Remediati...
CVE-2026-53482
Dell PowerProtect Data Domain (versions 7.7.1.0–8.7, LTS2026 8.6.1.0–8.6.1.10, LTS2025 8.3.1.0–8.3.1.30, LTS2024 7.13.1.0–7.13.1.70) contains an Integer overflow or wraparound vulnerability. An unauthenticated attacker with remote access could exploit this to cause a denial of service . Exploitat...
CVE-2026-56086
Dell PowerProtect Data Domain is affected (versions 7.7.1.0–8.6, LTS2026 8.6.1.0–8.6.1.10, LTS2025 8.3.1.0–8.3.1.30, LTS2024 7.13.1.0–7.13.1.70) by an Incorrect Authorization vulnerability. A low-privileged, remote attacker could potentially gain unauthorized access. The CVE description provides ...
CVE-2026-41122
CVE-2026-41122 affects Dell PowerProtect Data Domain: versions 7.7.1.0–8.7, LTS2026 8.6.1.0–8.6.1.10, LTS2025 8.3.1.0–8.3.1.30, and LTS2024 7.13.1.0–7.13.1.70 contain a stored cross-site scripting vulnerability. An unauthenticated attacker with remote access could exploit this to cause informatio...
CVE-2026-53480
Dell PowerProtect Data Domain (versions 7.7.1.0–8.7, LTS2026 8.6.1.0–8.6.1.10, LTS2025 8.3.1.0–8.3.1.30, LTS2024 7.13.1.0–7.13.1.70) contains a path traversal vulnerability due to an improper limitation of a pathname to a restricted directory. A high-privilege attacker with remote access could po...