|
1511
|
6.7 |
MEDIUM
Local
|
-
|
-
|
Dell PowerProtect Data Domain, versions 8.5 through 8.6 contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS command injection vulnerability. A high privileged attacke…
|
CWE-78
OS Command
|
CVE-2026-26942
|
2026-04-21 02:16 |
2026-04-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1512
|
7.2 |
HIGH
Network
|
-
|
-
|
Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60 contain an OS command injection vuln…
|
CWE-78
OS Command
|
CVE-2026-24506
|
2026-04-21 02:16 |
2026-04-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1513
|
7.2 |
HIGH
Network
|
-
|
-
|
Dell PowerProtect Data Domain, versions 8.5 through 8.6 contain an improper input validation vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability,…
|
CWE-20
Improper Input Validation
|
CVE-2026-24505
|
2026-04-21 02:16 |
2026-04-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1514
|
7.2 |
HIGH
Network
|
-
|
-
|
Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60 contain an improper input validation…
|
CWE-20
Improper Input Validation
|
CVE-2026-24504
|
2026-04-21 02:16 |
2026-04-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1515
|
6.7 |
MEDIUM
Local
|
-
|
-
|
Dell PowerProtect Data Domain, versions 8.5 through 8.6 contain a command injection vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading …
|
CWE-78
OS Command
|
CVE-2026-22761
|
2026-04-21 02:16 |
2026-04-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1516
|
6.5 |
MEDIUM
Network
|
-
|
-
|
A vulnerability exists in the Buffalo Link Station version 1.85-0.01 that allows unauthenticated or guest-level users to enumerate valid usernames and their associated privilege roles. The issue is t…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2025-66954
|
2026-04-21 02:16 |
2026-04-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1517
|
3.7 |
LOW
Network
|
apostrophecms
|
apostrophecms
|
ApostropheCMS is an open-source Node.js content management system. Versions 4.28.0 and prior contain a timing side-channel vulnerability in the password reset endpoint (/api/v1/@apostrophecms/login/r…
|
CWE-208
Information Exposure Through Timing Discrepancy
|
CVE-2026-33877
|
2026-04-21 02:05 |
2026-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1518
|
5.3 |
MEDIUM
Network
|
apostrophecms
|
apostrophecms
|
ApostropheCMS is an open-source Node.js content management system. Versions 4.28.0 and prior contain an authorization bypass vulnerability in the getRestQuery method of the @apostrophecms/piece-type …
|
CWE-200
CWE-863
Information Exposure
Incorrect Authorization
|
CVE-2026-33888
|
2026-04-21 02:04 |
2026-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1519
|
5.4 |
MEDIUM
Network
|
apostrophecms
|
apostrophecms
|
ApostropheCMS is an open-source Node.js content management system. Versions 4.28.0 and prior contain a stored cross-site scripting vulnerability in the @apostrophecms/color-field module, where color …
|
CWE-79
Cross-site Scripting
|
CVE-2026-33889
|
2026-04-21 02:03 |
2026-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1520
|
5.3 |
MEDIUM
Network
|
apostrophecms
|
apostrophecms
|
ApostropheCMS is an open-source Node.js content management system. Versions 4.28.0 and prior contain an authorization bypass vulnerability in the choices and counts query parameters of the REST API, …
|
CWE-200
Information Exposure
|
CVE-2026-39857
|
2026-04-21 02:03 |
2026-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
