6.7

CVSS3.1

CVE-2026-26942 -

Dell PowerProtect Data Domain, versions 8.5 through 8.6 contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS command injection vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to arbitrary command exec…

📅 Published: April 20, 2026, 4:34 p.m. 🔄 Last Modified: April 20, 2026, 4:34 p.m.

7.2

CVSS3.1

CVE-2026-26943 -

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60 contain an OS command injection vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerabilit…

📅 Published: April 20, 2026, 4:28 p.m. 🔄 Last Modified: April 20, 2026, 4:28 p.m.

6.6

CVSS3.1

CVE-2026-28684 - python-dotenv: Symlink following in set_key allows arbitrary file overwrite via cross-device rename…

python-dotenv reads key-value pairs from a .env file and can set them as environment variables. Prior to version 1.2.2, `set_key()` and `unset_key()` in python-dotenv follow symbolic links when rewriting `.env` files, allowing a local attacker to overwrite arbitrary files via a crafted symlink when…

📅 Published: April 20, 2026, 4:25 p.m. 🔄 Last Modified: April 20, 2026, 4:25 p.m.

8.7

CVSS4.0

CVE-2026-40488 - OpenMage LTS has Customer File Upload Extension Blocklist Bypass that Leads to Remote Code Execution

Magento Long Term Support (LTS) is an unofficial, community-driven project provides an alternative to the Magento Community Edition e-commerce platform with a high level of backward compatibility. Prior to version 20.17.0, the product custom option file upload in OpenMage LTS uses an incomplete blo…

📅 Published: April 20, 2026, 4:23 p.m. 🔄 Last Modified: April 20, 2026, 4:23 p.m.

7.2

CVSS3.1

CVE-2026-24506 -

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60 contain an OS command injection vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerabilit…

📅 Published: April 20, 2026, 4:22 p.m. 🔄 Last Modified: April 20, 2026, 4:22 p.m.

5.3

CVSS4.0

CVE-2026-40098 - OpenMage LTS imports cross-user wishlist item via shared wishlist code, leading to private option d…

Magento Long Term Support (LTS) is an unofficial, community-driven project provides an alternative to the Magento Community Edition e-commerce platform with a high level of backward compatibility. Prior to version 20.17.0, the shared wishlist add-to-cart endpoint authorizes access with a public `sh…

📅 Published: April 20, 2026, 4:19 p.m. 🔄 Last Modified: April 20, 2026, 4:19 p.m.

8.7

CVSS4.0

CVE-2026-41445 - KissFFT Integer Overflow Heap Buffer Overflow via kiss_fftndr_alloc()

KissFFT before commit 8a8e66e contains an integer overflow vulnerability in the kiss_fftndr_alloc() function in kiss_fftndr.c where the allocation size calculation dimOther*(dimReal+2)*sizeof(kiss_fft_scalar) overflows signed 32-bit integer arithmetic before being widened to size_t, causing malloc(…

📅 Published: April 20, 2026, 4:18 p.m. 🔄 Last Modified: April 20, 2026, 4:18 p.m.

7.2

CVSS3.1

CVE-2026-24505 -

Dell PowerProtect Data Domain, versions 8.5 through 8.6 contain an improper input validation vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to arbitrary command execution with root privileges.

📅 Published: April 20, 2026, 4:15 p.m. 🔄 Last Modified: April 20, 2026, 4:15 p.m.

4.9

CVSS3.1

CVE-2026-25525 - OpenMage LTS has Path Traversal Filter Bypass in Dataflow Module

Magento Long Term Support (LTS) is an unofficial, community-driven project provides an alternative to the Magento Community Edition e-commerce platform with a high level of backward compatibility. Prior to version 20.17.0, the Dataflow module in OpenMage LTS uses a weak blacklist filter (`str_repla…

📅 Published: April 20, 2026, 4:14 p.m. 🔄 Last Modified: April 20, 2026, 4:14 p.m.

8.1

CVSS3.1

CVE-2026-25524 - OpenMage LTS's Phar Deserialization leads to Remote Code Execution

Magento Long Term Support (LTS) is an unofficial, community-driven project provides an alternative to the Magento Community Edition e-commerce platform with a high level of backward compatibility. Prior to version 20.17.0, PHP functions such as `getimagesize()`, `file_exists()`, and `is_readable()`…

📅 Published: April 20, 2026, 4:11 p.m. 🔄 Last Modified: April 20, 2026, 4:11 p.m.
Total resulsts: 345291
Page 2 of 34,530
« previous page » next page
Filters