Lucene search
K

368540 matches found

CVE
CVE
added 2 days ago8 views

CVE-2026-56085

Dell PowerProtect Data Domain is affected by CVE-2026-56085. The description indicates an use of uninitialized resource vulnerability in versions 7.7.1.0–8.7, LTS2026 8.6.1.0–8.6.1.10, LTS2025 8.3.1.0–8.3.1.30, and LTS2024 7.13.1.0–7.13.1.70, with a low-privileged, local attacker potentially caus...

3.3CVSS5.9AI score0.00095EPSS
Exploits0References1
CVE
CVE
added 2 days ago9 views

CVE-2026-26355

Dell PowerProtect Data Domain: OS command injection vulnerability affects 7.7.1.0–8.7, LTS2026 8.6.1.0–8.6.1.10, LTS2025 8.3.1.0–8.3.1.30, LTS2024 7.13.1.0–7.13.1.70. A high-privilege attacker with remote access could potentially achieve command execution. No explicit remediation details are prov...

6.5CVSS6AI score0.01052EPSS
Exploits0References1
CVE
CVE
added 2 days ago8 views

CVE-2026-54483

CVE-2026-54483 affects Dell PowerProtect Data Domain: versions 7.7.1.0–8.6, LTS2026 8.6.1.0–8.6.1.10, LTS2025 8.3.1.0–8.3.1.30, and LTS2024 7.13.1.0–7.13.1.70. The vulnerability is described as OS command injection caused by improper neutralization of special elements in certain OS commands. A hi...

6.7CVSS6AI score0.00482EPSS
Exploits0References1
CVE
CVE
added 2 days ago7 views

CVE-2026-41123

Dell PowerProtect Data Domain (versions 7.7.1.0–8.6; LTS2026 8.6.1.0–8.6.1.10; LTS2025 8.3.1.0–8.3.1.30; LTS2024 7.13.1.0–7.13.1.70) contains an improper RBAC access control vulnerability. The issue allows a low-privileged, remote attacker to cause information tampering due to RBAC misconfigurati...

4.3CVSS6AI score0.00152EPSS
Exploits0References1
CVE
CVE
added 2 days ago13 views

CVE-2026-41124

Affected product: Dell PowerProtect Data Domain (versions 7.7.1.0–8.6; LTS2026 8.6.1.0–8.6.1.10; LTS2025 8.3.1.0–8.3.1.30; LTS2024 7.13.1.0–7.13.1.70). Vulnerability: Improper restriction of a pathname to a restricted directory (path traversal) allowing a high-privileged, locally authenticated at...

2.3CVSS5.9AI score0.00124EPSS
Exploits0References1
CVE
CVE
added 2 days ago8 views

CVE-2026-44268

Dell PowerProtect Data Domain (versions 7.7.1.0–8.6, plus LTS2026 8.6.1.0–8.6.1.10, LTS2025 8.3.1.0–8.3.1.30, LTS2024 7.13.1.0–7.13.1.70) contains an incorrect permission assignment for a critical resource vulnerability. A high-privileged attacker with local access could potentially exploit this ...

4.4CVSS6AI score0.00104EPSS
Exploits0References1
CVE
CVE
added 2 days ago11 views

CVE-2026-44269

CVE-2026-44269 affects Dell PowerProtect Data Domain (versions 7.7.1.0 through 8.6; LTS2026 8.6.1.0–8.6.1.10; LTS2025 8.3.1.0–8.3.1.30; LTS2024 7.13.1.0–7.13.1.70) and is due to an improper link resolution before file access (link following). A high-privilege attacker with local access could pote...

4.4CVSS5.9AI score0.00133EPSS
Exploits0References1
CVE
CVE
added 2 days ago12 views

CVE-2026-10055

CVE-2026-10055 affects Eclipse Theia (since 1.26.0). The issue arises in the backend /services/request-service RPC, which accepts an attacker-controlled URL from any client connected to the standard /services messaging endpoint, then performs the HTTP request server-side and returns the full resp...

8.5CVSS6AI score0.00297EPSS
Exploits0References2
CVE
CVE
added 2 days ago11 views

CVE-2026-13341

Kong Konnect MCP server (before 1.0.0) is affected. A remote attacker could perform an indirect prompt injection and cause unintended API requests due to the MCP component. Impact aligns with high-severity potential exposure (CVSS 7.4); exploit details are not provided in the sources. Remediation...

7.4CVSS6.1AI score0.00258EPSS
Exploits0References1
CVE
CVE
added 2 days ago7 views

CVE-2026-12154

Technical details for CVE-2026-12154 are not publicly available in the provided documents. No affected products, root cause, or remediation are specified. Monitor for updates.

Exploits0References1
CVE
CVE
added 2 days ago11 views

CVE-2026-10054

The CVE-2026-10054 entry concerns Eclipse Theia (1.8.1 and later) where the browser backend exposes privileged terminal RPC over WebSocket (/services/shell-terminal, /services/terminals/:id) without proper service-level authentication. The vulnerability stems from fail-open WebSocket origin valid...

8.8CVSS6.2AI score0.00159EPSS
Exploits0References2
CVE
CVE
added 2 days ago14 views

CVE-2026-5137

The RTMKit (rometheme-for-elementor) WordPress plugin is affected by a Local File Inclusion in versions up to 2.0.7 due to insufficient path validation on the template parameter in the render_templates AJAX endpoint, which is used directly in a require/include statement without sanitization. Auth...

4.3CVSS6.2AI score0.00266EPSS
Exploits0References5
CVE
CVE
added 2 days ago16 views

CVE-2026-4322

CVE-2026-4322 describes a Reflected XSS in Raera Destekz (Raera – Ankara Web Design and Digital Advertising Agency) due to improper neutralization of input during web page generation. Affected through 02062026; vendor reports product no longer supported. CVSSv3.1 base score 6.1 (Medium): AV:N/AC:...

6.1CVSS5.9AI score0.00149EPSS
Exploits0References1
CVE
CVE
added 2 days ago10 views

CVE-2026-4321

CVE-2026-4321 describes a SQL injection in Raera’s Destekz product (Destekz: through 02062026). Root cause: improper neutralization of special elements used in SQL commands. Impacted properties include confidentiality, integrity, and availability (CVSS 3.1 base score 9.8). Exploitation details fr...

9.8CVSS6AI score0.00266EPSS
Exploits0References1
CVE
CVE
added 2 days ago13 views

CVE-2026-35159

Dell Client Platform BIOS contains an Authentication Bypass by Primary Weakness vulnerability. An unauthenticated attacker with physical access could potentially exploit this vulnerability, leading to Information Disclosure. Affects Dell Client Platform BIOS; root cause and remediation details ar...

5.3CVSS6AI score0.0016EPSS
Exploits0References1
CVE
CVE
added 2 days ago11 views

CVE-2026-11398

The CVE concerns LatePoint for WordPress, affecting all versions up to 5.6.1. It allows unauthenticated users to bypass authorization and modify PII (first name, last name, phone, notes) of any customer record by submitting a booking form with a known email when guest bookings are enabled (is_cus...

5.3CVSS6AI score0.00338EPSS
Exploits0References10
CVE
CVE
added 2 days ago9 views

CVE-2026-9756

CVE-2026-9756 (GenerateBlocks for WordPress) : The WordPress GenerateBlocks plugin is vulnerable to a Stored Cross-Site Scripting (XSS) via the Headline Block’s dynamic link attribute (linkMetaFieldType) in all versions up to 2.2.1. Root cause: insufficient input sanitization and output escaping ...

6.4CVSS6.1AI score0.00215EPSS
Exploits0References8
CVE
CVE
added 2 days ago9 views

CVE-2026-4804

The Zakra WordPress theme (

6.4CVSS6.1AI score0.00187EPSS
Exploits0References2
CVE
CVE
added 2 days ago9 views

CVE-2026-11900

The CVE-2026-11900 entry concerns the WordPress plugin Ad Inserter – Ad Manager & AdSense Ads up to version 2.8.16. It is vulnerable to an Insecure Direct Object Reference via the shortcodes’ data attribute. The replace_ai_tags() function processes a {reusable-block-N} pattern by calling get_post...

4.3CVSS6AI score0.00273EPSS
Exploits0References10
CVE
CVE
added 2 days ago11 views

CVE-2026-11778

The CVE-2026-11778 entry concerns the CURCY – Multi Currency for WooCommerce plugin for WordPress (Smoothly on WooCommerce) up to version 2.2.14. The root cause is that the plugin executes actions without proper validation of a value before running do_shortcode, enabling unauthenticated attackers...

5.4CVSS6.3AI score0.00255EPSS
Exploits0References4
Rows per page
Query Builder