6.7
CVE-2026-35153 - Argument Injection Vulnerability in Dell PowerProtect Data Domain Allows Local Privileged Command Eβ¦
Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7.0.0, LTS2025 release versions 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60 contain an improper neutralization of argument delimiters in a command ('argument injection') vulnerability. A high privileged attaβ¦
8.6
CVE-2026-6483 - Wavlink WL-WN530H4 internet.cgi snprintf os command injection
A vulnerability was found in Wavlink WL-WN530H4 20220721. This vulnerability affects the function strcat/snprintf of the file /cgi-bin/internet.cgi. The manipulation results in os command injection. It is possible to launch the attack remotely. The exploit has been made public and could be used. Upβ¦
6.7
CVE-2026-23779 - Command Injection Allowing Local Privileged Root Access
Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.5, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.50, contain a command injection vulnerability. A high privileged attacker with β¦
7.2
CVE-2026-23776 - Improper Certificate Validation in Dell PowerProtect Data Domain Enables Remote Privilege Escalation
Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.5, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60, contain(s) an Improper Certificate Validation vulnerability in certificate-β¦
9.5
CVE-2025-15625 - Unauthenticated execution of arbitrary SQL queries in Sparx Pro Cloud Server
Unauthenticated user is able toΒ execute arbitrary SQL commands in Sparx Pro Cloud Server database in certain cases.
9.3
CVE-2025-15624 - Plaintext Storage of a Password in Sparx Pro Cloud Server.
Plaintext Storage of a Password vulnerability in Sparx Systems Pty Ltd. Sparx Pro Cloud Server.Β In a setup where OpenID is used as the primary method of authentication to authenticate to Sparx EA, Pro Cloud Server creates local passwords to the users and stores them in plaintext.
9.3
CVE-2025-15623 - Sparx Pro Cloud Server reveals sensitive information to an unauthenticated user
Exposure of Private Personal Information to an Unauthorized Actor, : Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Sparx Systems Pty Ltd. Sparx Pro Cloud Server. Unauthenticated user can retrieve database password in plaintext in certain situations
6.2
CVE-2025-15622 - Sparx Enterprise Architect Client reveals plaintext OAuth2 client secret
Insufficiently Protected Credentials vulnerability in Sparx Systems Pty Ltd. Sparx Enterprise Architect.Β Client reveals plaintext OAuth2 client secretDesktop client decodes the secret and uses the plaintext secret to exchange it into an access and id tokens as part of the OpenID authentication flow.
7.2
CVE-2026-23778 - Command Injection Allowing Root Access on Dell PowerProtect Data Domain
Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.5, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.50, contain a command injection vulnerability. A high privileged attacker with β¦
4.4
CVE-2026-6439 - VideoZen <= 1.0.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'VideoZen availaβ¦
The VideoZen plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 1.0.1. This is due to insufficient input sanitization and output escaping in the videozen_conf() function. The 'lang' POST parameter is stored directly via update_option() without any saniβ¦