Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
10692
Total
727
Critical
3080
High
3407
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2025-46606 | MEDIUM | 6.2 | Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 8.4 through 8.5 contain an improper restriction of excessive authentication … | Apr 17, 2026 |
| CVE-2025-46605 | MEDIUM | 6.2 | Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 8.4 through 8.5 contain a session fixation vulnerability. A high … | Apr 17, 2026 |
| CVE-2026-6483 | HIGH | 7.2 | A vulnerability was found in Wavlink WL-WN530H4 20220721. This vulnerability affects the function strcat/snprintf of the file /cgi-bin/internet.cgi. The manipulation results in os command injection. … | Apr 17, 2026 |
| CVE-2026-5131 | UNKNOWN | — | GREENmod uses named pipes for communication between plugins, the web portal, and the system service, but the access control lists for these pipes are configured … | Apr 17, 2026 |
| CVE-2026-35153 | MEDIUM | 6.7 | Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7.0.0, LTS2025 release versions 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60 contain an improper neutralization of … | Apr 17, 2026 |
| CVE-2026-35074 | MEDIUM | 6.7 | Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7.0.0, LTS2025 release versions 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60 contain an improper neutralization of … | Apr 17, 2026 |
| CVE-2026-35073 | MEDIUM | 6.7 | Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7.0.0, LTS2025 release versions 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60 contain an improper neutralization of … | Apr 17, 2026 |
| CVE-2026-35072 | MEDIUM | 6.7 | Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7.0.0, LTS2025 release versions 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60 contain an improper neutralization of … | Apr 17, 2026 |
| CVE-2026-23779 | MEDIUM | 6.7 | Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.5, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 … | Apr 17, 2026 |
| CVE-2026-23776 | HIGH | 7.2 | Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.5, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 … | Apr 17, 2026 |
| CVE-2026-6494 | MEDIUM | 5.3 | A flaw was found in the AAP MCP server. An unauthenticated remote attacker can exploit a log injection vulnerability by sending specially crafted input to … | Apr 17, 2026 |
| CVE-2026-6439 | MEDIUM | 4.4 | The VideoZen plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 1.0.1. This is due to insufficient input sanitization … | Apr 17, 2026 |
| CVE-2026-23778 | HIGH | 7.2 | Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.5, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 … | Apr 17, 2026 |
| CVE-2026-23775 | HIGH | 7.6 | Dell PowerProtect Data Domain appliances with Data Domain Operating System (DD OS) of Feature Release versions 8.0 through 8.5, LTS2025 release version 8.3.1.0 through 8.3.1.10 … | Apr 17, 2026 |
| CVE-2025-36568 | HIGH | 7.8 | Dell PowerProtect Data Domain BoostFS for client of Feature Release versions 7.7.1.0 through 8.5, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through … | Apr 17, 2026 |
| CVE-2025-15625 | UNKNOWN | — | Unauthenticated user is able to execute arbitrary SQL commands in Sparx Pro Cloud Server database in certain cases. | Apr 17, 2026 |
| CVE-2025-15624 | UNKNOWN | — | Plaintext Storage of a Password vulnerability in Sparx Systems Pty Ltd. Sparx Pro Cloud Server. In a setup where OpenID is used as the primary … | Apr 17, 2026 |
| CVE-2025-15623 | UNKNOWN | — | Exposure of Private Personal Information to an Unauthorized Actor, : Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Sparx Systems Pty … | Apr 17, 2026 |
| CVE-2025-15622 | UNKNOWN | — | Insufficiently Protected Credentials vulnerability in Sparx Systems Pty Ltd. Sparx Enterprise Architect. Client reveals plaintext OAuth2 client secretDesktop client decodes the secret and uses the … | Apr 17, 2026 |
| CVE-2026-6451 | MEDIUM | 4.3 | The cms-fuer-motorrad-werkstaetten plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to and including 1.0.0. This is due to missing nonce validation … | Apr 17, 2026 |
| CVE-2026-40002 | MEDIUM | 5.0 | Red Magic 11 Pro (NX809J) contains a vulnerability that allows non-privileged applications to trigger sensitive operations. The vulnerability stems from the lack of validation for … | Apr 17, 2026 |
| CVE-2026-33392 | HIGH | 7.2 | In JetBrains YouTrack before 2025.3.131383 high privileged user can achieve RCE via sandbox bypass | Apr 17, 2026 |
| CVE-2026-23853 | HIGH | 8.4 | Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.5, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 … | Apr 17, 2026 |
| CVE-2026-6443 | CRITICAL | 9.8 | The Accordion and Accordion Slider plugin for WordPress is vulnerable to an injected backdoor in version 1.4.6. This is due to the plugin being sold … | Apr 17, 2026 |
| CVE-2026-6441 | MEDIUM | 4.3 | The Canto plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 3.1.1. This is due to the absence of any … | Apr 17, 2026 |