Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
0.0 NA
CVE-2026-6487 — Qihui jtbc5 CMS Code Endpoint manage.php path traversal

A flaw has been found in Qihui jtbc5 CMS 5.0.3.6. Affected is an unknown function of the file /dev/code/common/diplomat/manage.php of the component Code Endpoint. This manipulation of the argument pa…

| Path Traversal
Apr 17, 2026 Apr 17, 2026
Apr 17, 2026
Apr 17, 2026
7.5 HIGH
CVE-2026-6507 — Dnsmasq: dnsmasq: denial of service due to out-of-bounds write in dhcp bootreply processi…

A flaw was found in dnsmasq. A remote attacker could exploit an out-of-bounds write vulnerability by sending a specially crafted BOOTREPLY (Bootstrap Protocol Reply) packet to a dnsmasq server config…

Remote | Memory Corruption
Apr 17, 2026 Apr 17, 2026
Apr 17, 2026
Apr 17, 2026
5.9 MEDIUM
CVE-2026-28263 — Dell PowerProtect Data Domain Cross-Site Scripting Vulnerability

Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.5, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.1…

Remote | Cross-Site Scripting
Apr 17, 2026 Apr 17, 2026
Apr 17, 2026
Apr 17, 2026
4.3 MEDIUM
CVE-2026-23777 — Dell PowerProtect Data Domain DD OS Unauthenticated Information Disclosure

Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.5, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.1…

Remote | Information Disclosure
Apr 17, 2026 Apr 17, 2026
Apr 17, 2026
Apr 17, 2026
6.6 MEDIUM
CVE-2025-46641 — Dell PowerProtect Data Domain DD OS Authentication Bypass Vulnerability

Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 8.4 through 8.5 contain an improper authentication vulnerability. A high privileged attacker with r…

Remote | Authentication
Apr 17, 2026 Apr 17, 2026
Apr 17, 2026
Apr 17, 2026
6.6 MEDIUM
CVE-2025-46607 — Dell PowerProtect Data Domain DD OS Improper Authentication Vulnerability

Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 8.4 through 8.5 contain an improper authentication vulnerability. A high privileged attacker with r…

Remote | Authentication
Apr 17, 2026 Apr 17, 2026
Apr 17, 2026
Apr 17, 2026
6.2 MEDIUM
CVE-2025-46606 — Dell PowerProtect Data Domain DD OS Authentication Bypass

Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 8.4 through 8.5 contain an improper restriction of excessive authentication attempts vulnerability.…

Remote | Authentication
Apr 17, 2026 Apr 17, 2026
Apr 17, 2026
Apr 17, 2026
6.2 MEDIUM
CVE-2025-46605 — Dell PowerProtect Data Domain Session Fixation Vulnerability

Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 8.4 through 8.5 contain a session fixation vulnerability. A high privileged attacker with remote ac…

Remote | Authentication
Apr 17, 2026 Apr 17, 2026
Apr 17, 2026
Apr 17, 2026
0.0 NA
CVE-2026-6486 — classroombookings User Display Name layout.php read cross site scripting

A vulnerability was detected in classroombookings up to 2.17.0. This impacts the function read of the file crbs-core/application/views/layout.php of the component User Display Name Handler. The manip…

| Cross-Site Scripting
Apr 17, 2026 Apr 17, 2026
Apr 17, 2026
Apr 17, 2026
8.3 HIGH
CVE-2026-6483 — Wavlink WL-WN530H4 internet.cgi snprintf os command injection

A vulnerability was found in Wavlink WL-WN530H4 20220721. This vulnerability affects the function strcat/snprintf of the file /cgi-bin/internet.cgi. The manipulation results in os command injection. …

Remote | Injection
Apr 17, 2026 Apr 17, 2026
Apr 17, 2026
Apr 17, 2026
6.9 MEDIUM
CVE-2026-5131 — Server-Side Request Forgery in GREENmod

GREENmod uses named pipes for communication between plugins, the web portal, and the system service, but the access control lists for these pipes are configured incorrectly. This allows an attacker t…

Remote | Server-Side Request Forgery
Apr 17, 2026 Apr 17, 2026
Apr 17, 2026
Apr 17, 2026
6.7 MEDIUM
CVE-2026-35153 — Dell PowerProtect Data Domain Argument Injection Vulnerability

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7.0.0, LTS2025 release versions 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60 contain an improper neutralizat…

| Injection
Apr 17, 2026 Apr 17, 2026
Apr 17, 2026
Apr 17, 2026
6.7 MEDIUM
CVE-2026-35074 — Dell PowerProtect Data Domain OS Command Injection

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7.0.0, LTS2025 release versions 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60 contain an improper neutralizat…

| Injection
Apr 17, 2026 Apr 17, 2026
Apr 17, 2026
Apr 17, 2026
6.7 MEDIUM
CVE-2026-35073 — Dell PowerProtect Data Domain OS Command Injection Vulnerability

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7.0.0, LTS2025 release versions 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60 contain an improper neutralizat…

| Injection
Apr 17, 2026 Apr 17, 2026
Apr 17, 2026
Apr 17, 2026
6.7 MEDIUM
CVE-2026-35072 — Dell PowerProtect Data Domain OS Command Injection

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7.0.0, LTS2025 release versions 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60 contain an improper neutralizat…

| Injection
Apr 17, 2026 Apr 17, 2026
Apr 17, 2026
Apr 17, 2026
6.7 MEDIUM
CVE-2026-23779 — "Dell PowerProtect Data Domain DD OS Command Injection Vulnerability"

Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.5, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.1…

| Injection
Apr 17, 2026 Apr 17, 2026
Apr 17, 2026
Apr 17, 2026
7.2 HIGH
CVE-2026-23776 — Dell PowerProtect Data Domain DD OS Certificate Validation Elevation of Privileges

Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.5, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.1…

Remote | Authentication
Apr 17, 2026 Apr 17, 2026
Apr 17, 2026
Apr 17, 2026
5.3 MEDIUM
CVE-2026-6494 — Aap-mcp-server: aap mcp server: log injection allows social engineering attacks via unsan…

A flaw was found in the AAP MCP server. An unauthenticated remote attacker can exploit a log injection vulnerability by sending specially crafted input to the `toolsetroute` parameter. This parameter…

Remote | Injection
Apr 17, 2026 Apr 17, 2026
Apr 17, 2026
Apr 17, 2026
4.4 MEDIUM
CVE-2026-6439 — VideoZen <= 1.0.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'Video…

The VideoZen plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 1.0.1. This is due to insufficient input sanitization and output escaping in the videoze…

Remote | Cross-Site Scripting
Apr 17, 2026 Apr 17, 2026
Apr 17, 2026
Apr 17, 2026
7.2 HIGH
CVE-2026-23778 — Dell PowerProtect Data Domain DDOS Command Injection Vulnerability

Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.5, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.1…

Remote | Injection
Apr 17, 2026 Apr 17, 2026
Apr 17, 2026
Apr 17, 2026
Showing 20 of 6511 Results