Latest CVE Feed

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

Score
Vulnerability
Published
6.3 MEDIUM
CVE-2026-35154 — "Dell PowerProtect Data Domain IDRAC Privilege Escalation Vulnerability"

Dell PowerProtect Data Domain appliances, versions 7.7.1.0 through 8.7.0.0, LTS2025 release versions 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60 contain an improper …

| Authorization
Apr 20, 2026 Apr 20, 2026
Apr 20, 2026
Apr 20, 2026
9.9 CRITICAL
CVE-2026-30269 — Doorman Privilege Escalation Vulnerability

Improper access control in Doorman v0.1.0 and v1.0.2 allows any authenticated user to update their own account role to a non-admin privileged role via /platform/user/{username}. The `role` field is a…

Remote | Authorization
Apr 20, 2026 Apr 20, 2026
Apr 20, 2026
Apr 20, 2026
7.8 HIGH
CVE-2026-30266 — DeepCool DeepCreative Privilege Escalation Vulnerability

Insecure Permissions vulnerability in DeepCool DeepCreative v.1.2.7 and before allows a local attacker to execute arbitrary code via a crafted file

| Misconfiguration
Apr 20, 2026 Apr 20, 2026
Apr 20, 2026
Apr 20, 2026
6.6 MEDIUM
CVE-2026-28684 — python-dotenv: Symlink following in set_key allows arbitrary file overwrite via cross-dev…

python-dotenv reads key-value pairs from a .env file and can set them as environment variables. Prior to version 1.2.2, `set_key()` and `unset_key()` in python-dotenv follow symbolic links when rewri…

| Path Traversal
Apr 20, 2026 Apr 20, 2026
Apr 20, 2026
Apr 20, 2026
6.7 MEDIUM
CVE-2026-26951 — Dell PowerProtect Data Domain Stack-Based Buffer Overflow Vulnerability

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60 contain a stack-based buffer overflo…

| Memory Corruption
Apr 20, 2026 Apr 20, 2026
Apr 20, 2026
Apr 20, 2026
7.2 HIGH
CVE-2026-26943 — Dell PowerProtect Data Domain OS Command Injection Vulnerability

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60 contain an OS command injection vuln…

Remote | Injection
Apr 20, 2026 Apr 20, 2026
Apr 20, 2026
Apr 20, 2026
6.7 MEDIUM
CVE-2026-26942 — Dell PowerProtect Data Domain OS Command Injection Vulnerability

Dell PowerProtect Data Domain, versions 8.5 through 8.6 contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS command injection vulnerability. A high privileged attacke…

| Injection
Apr 20, 2026 Apr 20, 2026
Apr 20, 2026
Apr 20, 2026
4.9 MEDIUM
CVE-2026-25525 — OpenMage LTS has Path Traversal Filter Bypass in Dataflow Module

Magento Long Term Support (LTS) is an unofficial, community-driven project provides an alternative to the Magento Community Edition e-commerce platform with a high level of backward compatibility. Pr…

Remote | Path Traversal
Apr 20, 2026 Apr 20, 2026
Apr 20, 2026
Apr 20, 2026
8.1 HIGH
CVE-2026-25524 — OpenMage LTS's Phar Deserialization leads to Remote Code Execution

Magento Long Term Support (LTS) is an unofficial, community-driven project provides an alternative to the Magento Community Edition e-commerce platform with a high level of backward compatibility. Pr…

Remote | Misconfiguration
Apr 20, 2026 Apr 20, 2026
Apr 20, 2026
Apr 20, 2026
7.2 HIGH
CVE-2026-24506 — Dell PowerProtect Data Domain OS Command Injection Vulnerability

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60 contain an OS command injection vuln…

Remote | Injection
Apr 20, 2026 Apr 20, 2026
Apr 20, 2026
Apr 20, 2026
7.2 HIGH
CVE-2026-24505 — Dell PowerProtect Data Domain Command Injection

Dell PowerProtect Data Domain, versions 8.5 through 8.6 contain an improper input validation vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability,…

Remote | Injection
Apr 20, 2026 Apr 20, 2026
Apr 20, 2026
Apr 20, 2026
7.2 HIGH
CVE-2026-24504 — Dell PowerProtect Data Domain Remote Command Execution Vulnerability

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60 contain an improper input validation…

Remote | Injection
Apr 20, 2026 Apr 20, 2026
Apr 20, 2026
Apr 20, 2026
6.7 MEDIUM
CVE-2026-22761 — Dell PowerProtect Data Domain Command Injection Vulnerability

Dell PowerProtect Data Domain, versions 8.5 through 8.6 contain a command injection vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading …

| Injection
Apr 20, 2026 Apr 20, 2026
Apr 20, 2026
Apr 20, 2026
6.5 MEDIUM
CVE-2025-66954 — Buffalo Link Station Authentication Bypass

A vulnerability exists in the Buffalo Link Station version 1.85-0.01 that allows unauthenticated or guest-level users to enumerate valid usernames and their associated privilege roles. The issue is t…

Remote | Information Disclosure
Apr 20, 2026 Apr 20, 2026
Apr 20, 2026
Apr 20, 2026
5.8 MEDIUM
CVE-2026-6652 — Pagekit CMS StringStorage Template PhpEngine.php evaluate eval injection

A weakness has been identified in Pagekit CMS up to 1.0.18. This issue affects the function evaluate of the file app/modules/view/src/PhpEngine.php of the component StringStorage Template Handler. Th…

Remote | Injection
Apr 20, 2026 Apr 20, 2026
Apr 20, 2026
Apr 20, 2026
4.8 MEDIUM
CVE-2026-6651 — erponline.xyz ERP Online Inventory Edit Item cross site scripting

A security flaw has been discovered in erponline.xyz ERP Online up to 4.0.0. This vulnerability affects unknown code of the component Inventory Edit Item Page. The manipulation of the argument Item N…

Remote | Cross-Site Scripting
Apr 20, 2026 Apr 20, 2026
Apr 20, 2026
Apr 20, 2026
5.8 MEDIUM
CVE-2026-6650 — Z-BlogPHP ZBA File app_upload.php UnPack unrestricted upload

A vulnerability was identified in Z-BlogPHP 1.7.5. This affects the function App::UnPack of the file /zb_users/plugin/AppCentre/app_upload.php of the component ZBA File Handler. The manipulation lead…

Remote | Misconfiguration
Apr 20, 2026 Apr 20, 2026
Apr 20, 2026
Apr 20, 2026
7.1 HIGH
CVE-2026-6066 — Unencrypted Client‑Server Communication in ConnectWise Automate™ Solution Center

ConnectWise has released a security update for ConnectWise Automate™ that addresses a behavior in the ConnectWise Automate Solution Center where certain client-to-server communications could occur wi…

Remote | Misconfiguration
Apr 20, 2026 Apr 20, 2026
Apr 20, 2026
Apr 20, 2026
5.9 MEDIUM
CVE-2026-41245 — Junrar: Path Traversal (Zip-Slip) via Sibling Directory Name Prefix

Junrar is an open source java RAR archive library. Prior to version 7.5.10, a path traversal vulnerability in `LocalFolderExtractor` allows an attacker to write arbitrary files with attacker-controll…

Remote | Path Traversal
Apr 20, 2026 Apr 20, 2026
Apr 20, 2026
Apr 20, 2026
6.5 MEDIUM
CVE-2026-40896 — OpenProject has Cross-Project Meeting Agenda Item Injection via Unscoped Section Lookup

OpenProject is open-source, web-based project management software. Prior to version 17.3.0, a user with `manage_agendas` permission in any project can inject agenda items into meetings belonging to a…

Remote | Authorization
Apr 20, 2026 Apr 20, 2026
Apr 20, 2026
Apr 20, 2026
Showing 20 of 6014 Results