7.2
CVE-2026-23776 - Improper Certificate Validation in Dell PowerProtect Data Domain Enables Remote Privilege Escalation
Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.5, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60, contain(s) an Improper Certificate Validation vulnerability in certificate-β¦
9.5
CVE-2025-15625 - Unauthenticated execution of arbitrary SQL queries in Sparx Pro Cloud Server
Unauthenticated user is able toΒ execute arbitrary SQL commands in Sparx Pro Cloud Server database in certain cases.
9.3
CVE-2025-15624 - Plaintext Storage of a Password in Sparx Pro Cloud Server.
Plaintext Storage of a Password vulnerability in Sparx Systems Pty Ltd. Sparx Pro Cloud Server.Β In a setup where OpenID is used as the primary method of authentication to authenticate to Sparx EA, Pro Cloud Server creates local passwords to the users and stores them in plaintext.
9.3
CVE-2025-15623 - Sparx Pro Cloud Server reveals sensitive information to an unauthenticated user
Exposure of Private Personal Information to an Unauthorized Actor, : Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Sparx Systems Pty Ltd. Sparx Pro Cloud Server. Unauthenticated user can retrieve database password in plaintext in certain situations
6.2
CVE-2025-15622 - Sparx Enterprise Architect Client reveals plaintext OAuth2 client secret
Insufficiently Protected Credentials vulnerability in Sparx Systems Pty Ltd. Sparx Enterprise Architect.Β Client reveals plaintext OAuth2 client secretDesktop client decodes the secret and uses the plaintext secret to exchange it into an access and id tokens as part of the OpenID authentication flow.
7.2
CVE-2026-23778 - Command Injection Allowing Root Access on Dell PowerProtect Data Domain
Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.5, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.50, contain a command injection vulnerability. A high privileged attacker with β¦
4.4
CVE-2026-6439 - VideoZen <= 1.0.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'VideoZen availaβ¦
The VideoZen plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 1.0.1. This is due to insufficient input sanitization and output escaping in the videozen_conf() function. The 'lang' POST parameter is stored directly via update_option() without any saniβ¦
7.6
CVE-2026-23775 - Sensitive Data Leak via Log Injection in Dell PowerProtect Data Domain
Dell PowerProtect Data Domain appliances with Data Domain Operating System (DD OS) of Feature Release versions 8.0 through 8.5, LTS2025 release version 8.3.1.0 through 8.3.1.10 contain an insertion of sensitive information into log file vulnerability. A low privileged attacker with remote access coβ¦
7.8
CVE-2025-36568 - Insufficiently Protected Credentials in Dell PowerProtect Data Domain BoostFS
Dell PowerProtect Data Domain BoostFS for client of Feature Release versions 7.7.1.0 through 8.5, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.50, contain an insufficiently protected credentials vulnerability. A low privileged attacker with locaβ¦
7.2
CVE-2026-33392 - High Privileged User Remote Code Execution via Sandbox Bypass in JetBrains YouTrack
In JetBrains YouTrack before 2025.3.131383 high privileged user can achieve RCE via sandbox bypass