Lucene search
K

368484 matches found

CVE
CVE
added yesterday8 views

CVE-2026-46467

Dell PowerProtect Data Domain (versions 7.7.1.0–8.7; LTS2026 8.6.1.0–8.6.1.10; LTS2025 8.3.1.0–8.3.1.30; LTS2024 7.13.1.0–7.13.1.70) contains an insertion of sensitive information into log files. A low-privileged, local attacker could exploit this to cause information exposure. The CVE is documen...

5.8CVSS5.9AI score
Exploits0References1
CVE
CVE
added yesterday11 views

CVE-2026-46468

CVE-2026-46468 affects Dell PowerProtect Data Domain: affected versions include 7.7.1.0–8.7, and specific LTS2024/2025/2026 ranges. The issue is an improper link resolution before file access (link following) that can be exploited by a high-privilege, local attacker to cause information exposure....

4.4CVSS5.9AI score
Exploits0References1
CVE
CVE
added yesterday8 views

CVE-2026-56015

CVE-2026-56015 affects Net::IP::LPM versions up to 1.10 for Perl and causes a heap out-of-bounds read when a prefix length is unbounded. The vulnerable path occurs in add() -> addPrefixToTrie() where the prefix is not validated against the IPv4/IPv6 address width before walking the buffer by p...

6AI score
Exploits0References3
CVE
CVE
added yesterday6 views

CVE-2026-46730

CVE-2026-46730 affects Dell PowerProtect Data Domain: versions 7.7.1.0 through 8.7, LTS2026 8.6.1.0–8.6.1.10, LTS2025 8.3.1.0–8.3.1.30, and LTS2024 7.13.1.0–7.13.1.70 contain an incorrect authorization vulnerability . A high-privileged attacker with local access could potentially exploit this to ...

4.2CVSS6AI score
Exploits0References1
CVE
CVE
added yesterday6 views

CVE-2026-59234

This CVE affects Prospero Flow CRM prior to version 5.5.3. The vulnerability lies in the CalendarDeleteEventController (app/Http/Controllers/Calendar/CalendarDeleteEventController.php), exposed at the GET endpoint /calendar/event/delete/{id} . The delete logic uses Calendar::find($id)->delete(...

6.9CVSS6AI score
Exploits0References3
CVE
CVE
added yesterday7 views

CVE-2026-56085

Dell PowerProtect Data Domain is affected by CVE-2026-56085. The description indicates an use of uninitialized resource vulnerability in versions 7.7.1.0–8.7, LTS2026 8.6.1.0–8.6.1.10, LTS2025 8.3.1.0–8.3.1.30, and LTS2024 7.13.1.0–7.13.1.70, with a low-privileged, local attacker potentially caus...

3.3CVSS5.9AI score
Exploits0References1
CVE
CVE
added yesterday8 views

CVE-2026-26355

Dell PowerProtect Data Domain: OS command injection vulnerability affects 7.7.1.0–8.7, LTS2026 8.6.1.0–8.6.1.10, LTS2025 8.3.1.0–8.3.1.30, LTS2024 7.13.1.0–7.13.1.70. A high-privilege attacker with remote access could potentially achieve command execution. No explicit remediation details are prov...

6.5CVSS6AI score
Exploits0References1
CVE
CVE
added yesterday7 views

CVE-2026-54483

CVE-2026-54483 affects Dell PowerProtect Data Domain: versions 7.7.1.0–8.6, LTS2026 8.6.1.0–8.6.1.10, LTS2025 8.3.1.0–8.3.1.30, and LTS2024 7.13.1.0–7.13.1.70. The vulnerability is described as OS command injection caused by improper neutralization of special elements in certain OS commands. A hi...

6.7CVSS6AI score
Exploits0References1
CVE
CVE
added yesterday5 views

CVE-2026-41123

Dell PowerProtect Data Domain (versions 7.7.1.0–8.6; LTS2026 8.6.1.0–8.6.1.10; LTS2025 8.3.1.0–8.3.1.30; LTS2024 7.13.1.0–7.13.1.70) contains an improper RBAC access control vulnerability. The issue allows a low-privileged, remote attacker to cause information tampering due to RBAC misconfigurati...

4.3CVSS6AI score
Exploits0References1
CVE
CVE
added yesterday11 views

CVE-2026-41124

Affected product: Dell PowerProtect Data Domain (versions 7.7.1.0–8.6; LTS2026 8.6.1.0–8.6.1.10; LTS2025 8.3.1.0–8.3.1.30; LTS2024 7.13.1.0–7.13.1.70). Vulnerability: Improper restriction of a pathname to a restricted directory (path traversal) allowing a high-privileged, locally authenticated at...

2.3CVSS5.9AI score
Exploits0References1
CVE
CVE
added yesterday7 views

CVE-2026-44268

Dell PowerProtect Data Domain (versions 7.7.1.0–8.6, plus LTS2026 8.6.1.0–8.6.1.10, LTS2025 8.3.1.0–8.3.1.30, LTS2024 7.13.1.0–7.13.1.70) contains an incorrect permission assignment for a critical resource vulnerability. A high-privileged attacker with local access could potentially exploit this ...

4.4CVSS6AI score
Exploits0References1
CVE
CVE
added yesterday10 views

CVE-2026-44269

CVE-2026-44269 affects Dell PowerProtect Data Domain (versions 7.7.1.0 through 8.6; LTS2026 8.6.1.0–8.6.1.10; LTS2025 8.3.1.0–8.3.1.30; LTS2024 7.13.1.0–7.13.1.70) and is due to an improper link resolution before file access (link following). A high-privilege attacker with local access could pote...

4.4CVSS5.9AI score
Exploits0References1
CVE
CVE
added yesterday10 views

CVE-2026-10055

CVE-2026-10055 affects Eclipse Theia (since 1.26.0). The issue arises in the backend /services/request-service RPC, which accepts an attacker-controlled URL from any client connected to the standard /services messaging endpoint, then performs the HTTP request server-side and returns the full resp...

8.5CVSS6AI score
Exploits0References2
CVE
CVE
added yesterday9 views

CVE-2026-13341

Kong Konnect MCP server (before 1.0.0) is affected. A remote attacker could perform an indirect prompt injection and cause unintended API requests due to the MCP component. Impact aligns with high-severity potential exposure (CVSS 7.4); exploit details are not provided in the sources. Remediation...

7.4CVSS6.1AI score
Exploits0References1
CVE
CVE
added yesterday5 views

CVE-2026-12154

Technical details for CVE-2026-12154 are not publicly available in the provided documents. No affected products, root cause, or remediation are specified. Monitor for updates.

Exploits0References1
CVE
CVE
added yesterday10 views

CVE-2026-10054

The CVE-2026-10054 entry concerns Eclipse Theia (1.8.1 and later) where the browser backend exposes privileged terminal RPC over WebSocket (/services/shell-terminal, /services/terminals/:id) without proper service-level authentication. The vulnerability stems from fail-open WebSocket origin valid...

8.8CVSS6.2AI score
Exploits0References2
CVE
CVE
added yesterday13 views

CVE-2026-5137

The RTMKit (rometheme-for-elementor) WordPress plugin is affected by a Local File Inclusion in versions up to 2.0.7 due to insufficient path validation on the template parameter in the render_templates AJAX endpoint, which is used directly in a require/include statement without sanitization. Auth...

4.3CVSS6.2AI score
Exploits0References5
CVE
CVE
added yesterday12 views

CVE-2026-4322

CVE-2026-4322 describes a Reflected XSS in Raera Destekz (Raera – Ankara Web Design and Digital Advertising Agency) due to improper neutralization of input during web page generation. Affected through 02062026; vendor reports product no longer supported. CVSSv3.1 base score 6.1 (Medium): AV:N/AC:...

6.1CVSS5.9AI score
Exploits0References1
CVE
CVE
added yesterday9 views

CVE-2026-4321

CVE-2026-4321 describes a SQL injection in Raera’s Destekz product (Destekz: through 02062026). Root cause: improper neutralization of special elements used in SQL commands. Impacted properties include confidentiality, integrity, and availability (CVSS 3.1 base score 9.8). Exploitation details fr...

9.8CVSS6AI score
Exploits0References1
CVE
CVE
added yesterday11 views

CVE-2026-35159

Dell Client Platform BIOS contains an Authentication Bypass by Primary Weakness vulnerability. An unauthenticated attacker with physical access could potentially exploit this vulnerability, leading to Information Disclosure. Affects Dell Client Platform BIOS; root cause and remediation details ar...

5.3CVSS6AI score
Exploits0References1
Rows per page
Query Builder