5.3
CVE-2026-6487 - Qihui jtbc5 CMS Code Endpoint manage.php path traversal
A flaw has been found in Qihui jtbc5 CMS 5.0.3.6. Affected is an unknown function of the file /dev/code/common/diplomat/manage.php of the component Code Endpoint. This manipulation of the argument path causes path traversal. The attack is possible to be carried out remotely. The exploit has been puβ¦
5.1
CVE-2026-6486 - classroombookings User Display Name layout.php read cross site scripting
A vulnerability was detected in classroombookings up to 2.17.0. This impacts the function read of the file crbs-core/application/views/layout.php of the component User Display Name Handler. The manipulation of the argument displayname results in cross site scripting. The attack can be executed remoβ¦
4.3
CVE-2026-23777 - Remote Access Sensitive Information Exposure in Dell PowerProtect Data Domain
Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.5, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.50, contain an exposure of sensitive information to an unauthorized actor vulneβ¦
5.9
CVE-2026-28263 - CrossβSite Scripting in Dell PowerProtect Data Domain DD OS
Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.5, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.50, contain a cross-site Scripting vulnerability. A high privileged attacker wiβ¦
7.5
CVE-2026-6507 - Dnsmasq: dnsmasq: denial of service due to out-of-bounds write in dhcp bootreply processing
A flaw was found in dnsmasq. A remote attacker could exploit an out-of-bounds write vulnerability by sending a specially crafted BOOTREPLY (Bootstrap Protocol Reply) packet to a dnsmasq server configured with the `--dhcp-split-relay` option. This can lead to memory corruption, causing the dnsmasq dβ¦
6.2
CVE-2025-46606 - Improper Restriction of Excessive Authentication Attempts in Dell PowerProtect Data Domain OS
Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 8.4 through 8.5 contain an improper restriction of excessive authentication attempts vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leadingβ¦
6.2
CVE-2025-46605 - Session Fixation Vulnerability in Dell PowerProtect Data Domain
Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 8.4 through 8.5 contain a session fixation vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to unauthorized access.
6.6
CVE-2025-46641 - Improper Authentication in Dell PowerProtect Data Domain 8.4-8.5
Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 8.4 through 8.5 contain an improper authentication vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to unauthorized access.
6.6
CVE-2025-46607 - Improper Authentication in Dell PowerProtect Data Domain Allowing Unauthorized Remote Access
Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 8.4 through 8.5 contain an improper authentication vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to unauthorized access.
6.7
CVE-2026-35073 - OS Command Injection Vulnerability in Dell PowerProtect Data Domain
Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7.0.0, LTS2025 release versions 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60 contain an improper neutralization of special elements used in an OS command injection vulnerability. A high privileged attacker wiβ¦