6.7
CVE-2026-22761 - Command Injection in Dell PowerProtect Data Domain Enabling Remote Root Execution
Dell PowerProtect Data Domain, versions 8.5 through 8.6 contain a command injection vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to arbitrary command execution with root privileges.
6.7
CVE-2026-26942 - OS Command Injection Allowing Root Privilege Escalation in Dell PowerProtect Data Domain
Dell PowerProtect Data Domain, versions 8.5 through 8.6 contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS command injection vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to arbitrary command exec…
7.2
CVE-2026-26943 - OS Command Injection in Dell PowerProtect Data Domain Allows Root Privilege Escalation
Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60 contain an OS command injection vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerabilit…
6.6
CVE-2026-28684 - python-dotenv: Symlink following in set_key allows arbitrary file overwrite via cross-device rename…
python-dotenv reads key-value pairs from a .env file and can set them as environment variables. Prior to version 1.2.2, `set_key()` and `unset_key()` in python-dotenv follow symbolic links when rewriting `.env` files, allowing a local attacker to overwrite arbitrary files via a crafted symlink when…
8.7
CVE-2026-40488 - OpenMage LTS has Customer File Upload Extension Blocklist Bypass that Leads to Remote Code Execution
Magento Long Term Support (LTS) is an unofficial, community-driven project provides an alternative to the Magento Community Edition e-commerce platform with a high level of backward compatibility. Prior to version 20.17.0, the product custom option file upload in OpenMage LTS uses an incomplete blo…
7.2
CVE-2026-24506 - OS Command Injection in Dell PowerProtect Data Domain Enables Arbitrary Root Execution
Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60 contain an OS command injection vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerabilit…
5.3
CVE-2026-40098 - OpenMage LTS imports cross-user wishlist item via shared wishlist code, leading to private option d…
Magento Long Term Support (LTS) is an unofficial, community-driven project provides an alternative to the Magento Community Edition e-commerce platform with a high level of backward compatibility. Prior to version 20.17.0, the shared wishlist add-to-cart endpoint authorizes access with a public `sh…
8.7
CVE-2026-41445 - KissFFT Integer Overflow Heap Buffer Overflow via kiss_fftndr_alloc()
KissFFT before commit 8a8e66e contains an integer overflow vulnerability in the kiss_fftndr_alloc() function in kiss_fftndr.c where the allocation size calculation dimOther*(dimReal+2)*sizeof(kiss_fft_scalar) overflows signed 32-bit integer arithmetic before being widened to size_t, causing malloc(…
7.2
CVE-2026-24505 - Improper Input Validation Allows Remote Command Execution on Dell PowerProtect Data Domain
Dell PowerProtect Data Domain, versions 8.5 through 8.6 contain an improper input validation vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to arbitrary command execution with root privileges.
4.9
CVE-2026-25525 - OpenMage LTS has Path Traversal Filter Bypass in Dataflow Module
Magento Long Term Support (LTS) is an unofficial, community-driven project provides an alternative to the Magento Community Edition e-commerce platform with a high level of backward compatibility. Prior to version 20.17.0, the Dataflow module in OpenMage LTS uses a weak blacklist filter (`str_repla…