6.7
CVE-2026-35072 -
Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7.0.0, LTS2025 release versions 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60 contain an improper neutralization of special elements used in an OS command ('OS command injection') vulnerability. A high privileβ¦
6.9
CVE-2026-5131 - Server-Side Request Forgery in GREENmod
GREENmod uses named pipes for communication between plugins, the web portal, and the system service, but the access control lists for these pipes are configured incorrectly. This allows an attacker to communicate with the stream and upload any XML or JSON file, which will be processed by the named β¦
6.7
CVE-2026-35153 - Argument Injection Vulnerability in Dell PowerProtect Data Domain Allows Local Privileged Command Eβ¦
Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7.0.0, LTS2025 release versions 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60 contain an improper neutralization of argument delimiters in a command ('argument injection') vulnerability. A high privileged attaβ¦
8.6
CVE-2026-6483 - Wavlink WL-WN530H4 internet.cgi snprintf os command injection
A vulnerability was found in Wavlink WL-WN530H4 20220721. This vulnerability affects the function strcat/snprintf of the file /cgi-bin/internet.cgi. The manipulation results in os command injection. It is possible to launch the attack remotely. The exploit has been made public and could be used. Upβ¦
6.7
CVE-2026-23779 - Command Injection Allowing Local Privileged Root Access
Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.5, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.50, contain a command injection vulnerability. A high privileged attacker with β¦
7.2
CVE-2026-23776 - Improper Certificate Validation in Dell PowerProtect Data Domain Enables Remote Privilege Escalation
Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.5, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60, contain(s) an Improper Certificate Validation vulnerability in certificate-β¦
9.5
CVE-2025-15625 - Unauthenticated execution of arbitrary SQL queries in Sparx Pro Cloud Server
Unauthenticated user is able toΒ execute arbitrary SQL commands in Sparx Pro Cloud Server database in certain cases.
9.3
CVE-2025-15624 - Plaintext Storage of a Password in Sparx Pro Cloud Server.
Plaintext Storage of a Password vulnerability in Sparx Systems Pty Ltd. Sparx Pro Cloud Server.Β In a setup where OpenID is used as the primary method of authentication to authenticate to Sparx EA, Pro Cloud Server creates local passwords to the users and stores them in plaintext.
9.3
CVE-2025-15623 - Sparx Pro Cloud Server reveals sensitive information to an unauthenticated user
Exposure of Private Personal Information to an Unauthorized Actor, : Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Sparx Systems Pty Ltd. Sparx Pro Cloud Server. Unauthenticated user can retrieve database password in plaintext in certain situations
6.2
CVE-2025-15622 - Sparx Enterprise Architect Client reveals plaintext OAuth2 client secret
Insufficiently Protected Credentials vulnerability in Sparx Systems Pty Ltd. Sparx Enterprise Architect.Β Client reveals plaintext OAuth2 client secretDesktop client decodes the secret and uses the plaintext secret to exchange it into an access and id tokens as part of the OpenID authentication flow.