7.2
CVE-2026-24505 - Improper Input Validation Allows Remote Command Execution on Dell PowerProtect Data Domain
Dell PowerProtect Data Domain, versions 8.5 through 8.6 contain an improper input validation vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to arbitrary command execution with root privileges.
4.9
CVE-2026-25525 - OpenMage LTS has Path Traversal Filter Bypass in Dataflow Module
Magento Long Term Support (LTS) is an unofficial, community-driven project provides an alternative to the Magento Community Edition e-commerce platform with a high level of backward compatibility. Prior to version 20.17.0, the Dataflow module in OpenMage LTS uses a weak blacklist filter (`str_replaβ¦
8.1
CVE-2026-25524 - OpenMage LTS's Phar Deserialization leads to Remote Code Execution
Magento Long Term Support (LTS) is an unofficial, community-driven project provides an alternative to the Magento Community Edition e-commerce platform with a high level of backward compatibility. Prior to version 20.17.0, PHP functions such as `getimagesize()`, `file_exists()`, and `is_readable()`β¦
7.2
CVE-2026-24504 - Improper Input Validation Leading to Arbitrary Command Execution in Dell PowerProtect Data Domain
Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60 contain an improper input validation vulnerability. A high privileged attacker with remote access could potentially exploit this vulneraβ¦
5.8
CVE-2026-25883 - Vexa Webhook Feature has a SSRF Vulnerability
Vexa is an open-source, self-hostable meeting bot API and meeting transcription API. Prior to 0.10.0-260419-1910, the Vexa webhook feature allows authenticated users to configure an arbitrary URL that receives HTTP POST requests when meetings complete. The application performs no validation on the β¦
7.5
CVE-2026-25058 - Vexa's unauthenticated internal transcript endpoint exposed by default
Vexa is an open-source, self-hostable meeting bot API and meeting transcription API. Prior to 0.10.0-260419-1910, the Vexa transcription-collector service exposes an internal endpoint `GET /internal/transcripts/{meeting_id}` that returns transcript data for any meeting without any authentication orβ¦
7.2
CVE-2026-23774 - OS Command Injection Vulnerability in Dell PowerProtect Data Domain OS
Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.5, LTS2025 release version 8.3.1.0 through 8.3.1.10, LTS2024 release versions 7.13.1.0 through 7.13.1.40, contain an OS command injection vulnerability. A high privileged attacker wβ¦
8.8
CVE-2026-26944 - Missing Authentication Allows Remote Root Command Execution on Dell PowerProtect Data Domain
Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60 contain a missing authentication for critical function vulnerability. An unauthenticated attacker with remote access could potentially eβ¦
5.3
CVE-2026-24468 - OpenAEV Vulnerable to Username/Email Enumeration Through Differential HTTP Responses in Password Reβ¦
OpenAEV is an open source platform allowing organizations to plan, schedule and conduct cyber adversary simulation campaign and tests. Starting in version 1.11.0 and prior to version 2.0.13, the /api/reset endpoint behaves differently depending on whether the supplied username exists in the system.β¦
9.1
CVE-2026-24467 - OpenAEV's Improper Password Reset Token Management Leads to Unauthenticated Account Takeover and Plβ¦
OpenAEV is an open source platform allowing organizations to plan, schedule and conduct cyber adversary simulation campaign and tests. Starting in version 1.0.0 and prior to version 2.0.13, OpenAEV's password reset implementation contains multiple security weaknesses that together allow reliable acβ¦