Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2026-46464

Summary
Assigner-dell
Assigner Org ID-c550e75a-17ff-4988-97f0-544cde3820fe
Published At-03 Jul, 2026 | 13:32
Updated At-03 Jul, 2026 | 13:32
Rejected At-
Credits

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an improper link resolution before file access ('Link following') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to information disclosure.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:dell
Assigner Org ID:c550e75a-17ff-4988-97f0-544cde3820fe
Published At:03 Jul, 2026 | 13:32
Updated At:03 Jul, 2026 | 13:32
Rejected At:
â–¼CVE Numbering Authority (CNA)

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an improper link resolution before file access ('Link following') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to information disclosure.

Affected Products
Vendor
Dell Inc.Dell
Product
PowerProtect Data Domain
Default Status
unaffected
Versions
Affected
  • From 0 before 8.8.0.0 or later (semver)
  • From 0 before 8.6.1.20 or later (semver)
  • From 0 before 8.3.1.40 or later (semver)
  • From 0 before 7.13.1.80 or later (semver)
Problem Types
TypeCWE IDDescription
CWECWE-59CWE-59: Improper Link Resolution Before File Access ('Link Following')
Type: CWE
CWE ID: CWE-59
Description: CWE-59: Improper Link Resolution Before File Access ('Link Following')
Metrics
VersionBase scoreBase severityVector
3.14.9MEDIUM
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Version: 3.1
Base score: 4.9
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://www.dell.com/support/kbdoc/en-us/000481268/dsa-2026-278-security-update-for-dell-powerprotect-data-domain-multiple-vulnerabilities
vendor-advisory
Hyperlink: https://www.dell.com/support/kbdoc/en-us/000481268/dsa-2026-278-security-update-for-dell-powerprotect-data-domain-multiple-vulnerabilities
Resource:
vendor-advisory
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security_alert@emc.com
Published At:03 Jul, 2026 | 14:16
Updated At:03 Jul, 2026 | 14:16

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an improper link resolution before file access ('Link following') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to information disclosure.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.14.9MEDIUM
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Type: Secondary
Version: 3.1
Base score: 4.9
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
CPE Matches

Weaknesses
CWE IDTypeSource
CWE-59Primarysecurity_alert@emc.com
CWE ID: CWE-59
Type: Primary
Source: security_alert@emc.com
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
https://www.dell.com/support/kbdoc/en-us/000481268/dsa-2026-278-security-update-for-dell-powerprotect-data-domain-multiple-vulnerabilitiessecurity_alert@emc.com
N/A
Hyperlink: https://www.dell.com/support/kbdoc/en-us/000481268/dsa-2026-278-security-update-for-dell-powerprotect-data-domain-multiple-vulnerabilities
Source: security_alert@emc.com
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

63Records found

CVE-2025-30477
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-4.4||MEDIUM
EPSS-0.21% / 10.77%
||
7 Day CHG~0.00%
Published-21 Jul, 2025 | 16:32
Updated-06 Aug, 2025 | 14:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerScale OneFS, versions prior to 9.11.0.0, contains a use of a broken or risky cryptographic algorithm vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure.

Action-Not Available
Vendor-Dell Inc.
Product-powerscale_onefsPowerScale OneFS
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2025-27695
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-4.9||MEDIUM
EPSS-0.60% / 44.57%
||
7 Day CHG~0.00%
Published-08 May, 2025 | 19:06
Updated-11 Jul, 2025 | 14:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Wyse Management Suite, versions prior to WMS 5.1 contain an Authentication Bypass by Spoofing vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Information Disclosure.

Action-Not Available
Vendor-Dell Inc.
Product-wyse_management_suiteWyse Management Suite
CWE ID-CWE-290
Authentication Bypass by Spoofing
CVE-2025-27693
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-4.9||MEDIUM
EPSS-0.22% / 12.43%
||
7 Day CHG~0.00%
Published-02 Apr, 2025 | 00:19
Updated-11 Jul, 2025 | 18:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Wyse Management Suite, versions prior to WMS 5.1, contains an Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Script injection.

Action-Not Available
Vendor-Dell Inc.
Product-wyse_management_suiteWyse Management Suite
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-26335
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-5.8||MEDIUM
EPSS-0.29% / 20.86%
||
7 Day CHG+0.02%
Published-11 Apr, 2025 | 01:20
Updated-14 Jan, 2026 | 14:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerProtect Cyber Recovery, versions prior to 19.18.0.2, contains an Insertion of Sensitive Information Into Sent Data vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Information exposure.

Action-Not Available
Vendor-Dell Inc.
Product-powerprotect_cyber_recoveryPowerProtect Cyber Recovery
CWE ID-CWE-201
Insertion of Sensitive Information Into Sent Data
CVE-2025-26482
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-4.9||MEDIUM
EPSS-0.28% / 20.12%
||
7 Day CHG~0.00%
Published-25 Sep, 2025 | 21:11
Updated-16 Jan, 2026 | 17:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerEdge Server BIOS and Dell iDRAC9, all versions, contains an Information Disclosure vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Information Disclosure.

Action-Not Available
Vendor-Dell Inc.
Product-poweredge_t560_firmwarepoweredge_xe8640_firmwarexc_core_xc660poweredge_r7615poweredge_r6415_firmwareemc_xc_core_6420_systempoweredge_xr7620poweredge_c6520_firmwarepoweredge_xe9640poweredge_r6615_firmwarepoweredge_r750xs_firmwarepoweredge_r7725_firmwarepoweredge_r7725emc_xc_core_xc7525poweredge_r760_firmwarepoweredge_r6715poweredge_r860xc_core_xc760xapoweredge_r650_firmwareidrac9poweredge_xe9680poweredge_c6420emc_xc_core_xcxr2poweredge_t440poweredge_hs5610_firmwarepoweredge_xr7620_firmwareemc_storage_nx3240_firmwareemc_xc_core_xc6520_firmwarepoweredge_r6625_firmwarepoweredge_r240_firmwareemc_xc_core_xc650poweredge_r7525poweredge_xe2420emc_xc_core_xc750xa_firmwarepoweredge_xr2_firmwareemc_xc_core_xc940_systempoweredge_r6515poweredge_r760poweredge_r340poweredge_r260poweredge_r840_firmwarepoweredge_r6415poweredge_xr2poweredge_t360poweredge_mx840cemc_xc_core_6420_system_firmwarepoweredge_r250poweredge_xe7420_firmwarepoweredge_r260_firmwarepoweredge_r670_firmwarepoweredge_t340_firmwarepoweredge_t350poweredge_t560poweredge_xr5610poweredge_mx750c_firmwareemc_xc_core_xc740xd_systempoweredge_hs5620_firmwarepoweredge_xr4510c_firmwarepoweredge_c6615_firmwarepoweredge_r940xa_firmwarexc_core_xc760_firmwareemc_xc_core_xc450_firmwareemc_xc_core_xc750poweredge_r940xapoweredge_xr8620tpoweredge_r7625_firmwarepoweredge_xr11_firmwarepoweredge_t350_firmwarepoweredge_r840poweredge_c6525_firmwarepoweredge_mx760cpoweredge_xe9680_firmwarepoweredge_m640_firmwaredss_8440poweredge_xe7440_firmwarepoweredge_r7415_firmwarepoweredge_r6725poweredge_r940_firmwarepoweredge_xr11dss_8440_firmwarepoweredge_hs5620xc_core_xc660xspoweredge_r540_firmwarepoweredge_r640_firmwarepoweredge_r640poweredge_c4140_firmwarepoweredge_r740_firmwarepoweredge_xe8545poweredge_r750xa_firmwarepoweredge_r440_firmwarepoweredge_r740xd2emc_nx440poweredge_xr12_firmwarepoweredge_t140poweredge_r550_firmwarepoweredge_xr8610t_firmwarepoweredge_r240poweredge_r360_firmwarepoweredge_xr8610tpoweredge_r7715emc_xc_core_xc640_system_firmwarepoweredge_r750xspoweredge_xe7440poweredge_r7515_firmwarepoweredge_r7515poweredge_r770poweredge_r470_firmwarepoweredge_r350_firmwarepoweredge_t360_firmwarepoweredge_r960_firmwarepoweredge_r660poweredge_r940poweredge_r7525_firmwarepoweredge_xe8640xc_core_xc7625poweredge_r650xs_firmwarexc_core_xc660_firmwarepoweredge_r750_firmwarepoweredge_xe9680lpoweredge_mx760c_firmwarepoweredge_r760xs_firmwareemc_nx440_firmwarepoweredge_xr5610_firmwarepoweredge_r770_firmwarepoweredge_r740poweredge_c6420_firmwarepoweredge_r470emc_storage_nx3340poweredge_r6625poweredge_r760xd2poweredge_r750xapoweredge_c6620_firmwarepoweredge_r340_firmwarexc_core_xc760poweredge_c6620poweredge_r7425poweredge_r360emc_storage_nx3240emc_xc_core_xc450poweredge_r440poweredge_xr12poweredge_xe9680l_firmwareidrac9_firmwarepoweredge_r570poweredge_r540poweredge_t160poweredge_r740xdpoweredge_mx740c_firmwarepoweredge_r650xsemc_xc_core_xc750xapoweredge_r7615_firmwarepoweredge_mx840c_firmwarepoweredge_r350poweredge_r860_firmwarepoweredge_r6515_firmwarepoweredge_t550poweredge_r450_firmwarexc_core_xc7625_firmwarepoweredge_r660xs_firmwarepoweredge_mx750cpoweredge_r550poweredge_hs5610poweredge_t640_firmwareemc_xc_core_xc740xd_system_firmwarepoweredge_r760xd2_firmwarepoweredge_r760xa_firmwarepoweredge_r7715_firmwarepoweredge_t140_firmwarepoweredge_c6615poweredge_r6615emc_xc_core_xcxr2_firmwarepoweredge_r650poweredge_r6525_firmwareemc_xc_core_xc740xd2poweredge_c4140poweredge_t340poweredge_r960emc_xc_core_xc940_system_firmwarepoweredge_fc640emc_xc_core_xc650_firmwarepoweredge_r760xapoweredge_r7415poweredge_t640poweredge_xe9640_firmwarepoweredge_xe7420emc_xc_core_xc740xd2_firmwarexc_core_xc760xa_firmwarepoweredge_xr4520cpoweredge_c6520poweredge_r6525poweredge_xr4510cemc_storage_nx3340_firmwarepoweredge_r660_firmwarepoweredge_mx740cpoweredge_xe8545_firmwarepoweredge_t440_firmwarepoweredge_r6725_firmwareemc_xc_core_xc750_firmwarepoweredge_t150poweredge_xe2420_firmwarepoweredge_r7625poweredge_r250_firmwarexc_core_xc660xs_firmwarepoweredge_r450poweredge_r570_firmwarepoweredge_t550_firmwarepoweredge_t150_firmwarepoweredge_r6715_firmwarepoweredge_r740xd_firmwareemc_xc_core_xc7525_firmwareemc_xc_core_xc640_systempoweredge_t160_firmwarepoweredge_r760xspoweredge_xr4520c_firmwarepoweredge_m640poweredge_r740xd2_firmwarepoweredge_r750poweredge_r660xsemc_xc_core_xc6520poweredge_c6525poweredge_fc640_firmwarepoweredge_xr8620t_firmwarepoweredge_r670poweredge_r7425_firmwarePowerEdge XR7620PowerEdge R860iDRAC9PowerEdge XR11PowerEdge R450PowerEdge XE8640PowerEdge R570Dell EMC XC Core XC940 SystemPowerEdge R760xaPowerEdge XR8620tPowerEdge T140PowerEdge XE7420PowerEdge XR2Dell EMC Storage NX3240PowerEdge R750XSPowerEdge R7715Dell EMC XC Core XC6520PowerEdge R6525PowerEdge M640PowerEdge R770PowerEdge R940XADell EMC XC Core XCXR2DSS 8440PowerEdge C4140PowerEdge HS5620PowerEdge R650Dell EMC Storage NX3340PowerEdge HS5610PowerEdge XR5610PowerEdge R7525Dell EMC XC Core XC740xd2PowerEdge R540Dell XC Core XC760PowerEdge C6620Dell EMC XC Core XC740xd SystemPowerEdge R760xd2Dell EMC XC Core XC7525PowerEdge R660PowerEdge T350PowerEdge R7515PowerEdge R740XDPowerEdge R760Dell EMC XC Core XC450PowerEdge C6525PowerEdge T640Dell XC Core XC660PowerEdge R960Dell EMC XC Core XC640 SystemPowerEdge T340PowerEdge R7725PowerEdge R240PowerEdge T550PowerEdge R6615PowerEdge R6725PowerEdge T560PowerEdge T440Dell XC Core XC660xsPowerEdge XE9680PowerEdge R7625PowerEdge XE9640PowerEdge XE8545PowerEdge R760xsPowerEdge XE9680LPowerEdge R550PowerEdge C6615PowerEdge FC640Dell EMC NX440Dell EMC XC Core XC750xaPowerEdge R650XSPowerEdge R940PowerEdge XR8610tPowerEdge R360PowerEdge MX760cPowerEdge R250PowerEdge T150PowerEdge MX740CPowerEdge R6515PowerEdge R660xsPowerEdge R7425PowerEdge R6415PowerEdge M640 (for PE VRTX)PowerEdge C6520PowerEdge R640PowerEdge XE2420PowerEdge XR4520cDell EMC XC Core 6420 SystemPowerEdge XE7440PowerEdge R750XAPowerEdge R440PowerEdge R6625Dell XC Core XC760xaPowerEdge R840PowerEdge XR4510cPowerEdge R470PowerEdge R670PowerEdge R350PowerEdge R750PowerEdge R6715PowerEdge XR12PowerEdge C6420PowerEdge T360Dell EMC XC Core XC650PowerEdge T160PowerEdge MX840CPowerEdge R340PowerEdge R7615PowerEdge R740XD2PowerEdge MX750CPowerEdge R740Dell EMC XC Core XC750PowerEdge R260PowerEdge R7415Dell XC Core XC7625
CWE ID-CWE-1258
Exposure of Sensitive System Information Due to Uncleared Debug Information
CVE-2025-22397
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-6.7||MEDIUM
EPSS-0.39% / 30.41%
||
7 Day CHG~0.00%
Published-06 Nov, 2025 | 18:46
Updated-21 Jan, 2026 | 20:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Integrated Dell Remote Access Controller 9, 14G versions prior to 7.00.00.181, 15G and 16G versions 6.10.80.00 through 7.20.10.50 and Dell Integrated Dell Remote Access Controller 10, 17G versions prior to 1.20.25.00, contain an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Unauthorized access.

Action-Not Available
Vendor-Dell Inc.
Product-idrac9idrac9_firmwareidrac10idrac10_firmwareIntegrated Dell Remote Access Controller 10 17G versionIntegrated Dell Remote Access Controller 9 15G and 16G versionsIntegrated Dell Remote Access Controller 9 14G Versions
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2025-23374
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-8||HIGH
EPSS-0.33% / 25.01%
||
7 Day CHG+0.01%
Published-30 Jan, 2025 | 04:14
Updated-07 Feb, 2025 | 20:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Networking Switches running Enterprise SONiC OS, version(s) prior to 4.4.1 and 4.2.3, contain(s) an Insertion of Sensitive Information into Log File vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Information exposure.

Action-Not Available
Vendor-Dell Inc.
Product-enterprise_sonic_distributionEnterprise SONiC OS
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2026-26948
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-4.9||MEDIUM
EPSS-0.29% / 20.81%
||
7 Day CHG~0.00%
Published-18 Mar, 2026 | 17:40
Updated-19 Mar, 2026 | 13:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Integrated Dell Remote Access Controller 9, 14G versions prior to 7.00.00.174, 15G and 16G versions prior to 7.10.90.00, contain an Exposure of Sensitive System Information Due to Uncleared Debug Information vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to information disclosure.

Action-Not Available
Vendor-Dell Inc.
Product-Integrated Dell Remote Access Controller
CWE ID-CWE-1258
Exposure of Sensitive System Information Due to Uncleared Debug Information
CVE-2021-21569
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-6.8||MEDIUM
EPSS-0.93% / 56.21%
||
7 Day CHG~0.00%
Published-28 Sep, 2021 | 19:20
Updated-17 Sep, 2024 | 03:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell NetWorker, versions 18.x and 19.x contain a Path traversal vulnerability. A NetWorker server user with remote access to NetWorker clients may potentially exploit this vulnerability and gain access to unauthorized information.

Action-Not Available
Vendor-Dell Inc.
Product-emc_networkerNetWorker
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2021-21570
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-6.8||MEDIUM
EPSS-0.78% / 51.35%
||
7 Day CHG~0.00%
Published-28 Sep, 2021 | 19:20
Updated-17 Sep, 2024 | 04:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell NetWorker, versions 18.x and 19.x contain an Information disclosure vulnerability. A NetWorker server user with remote access to NetWorker clients may potentially exploit this vulnerability and gain access to unauthorized information.

Action-Not Available
Vendor-Dell Inc.
Product-emc_networkerNetWorker
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2021-21514
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-4.9||MEDIUM
EPSS-5.36% / 91.65%
||
7 Day CHG~0.00%
Published-02 Mar, 2021 | 16:00
Updated-17 Sep, 2024 | 02:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell EMC OpenManage Server Administrator (OMSA) versions 9.5 and prior contain a path traversal vulnerability. A remote user with admin privileges could potentially exploit this vulnerability to view arbitrary files on the target system by sending a specially crafted URL request.

Action-Not Available
Vendor-Dell Inc.
Product-openmanage_server_administratorDell Open Manage Server Administrator
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2022-31229
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-9.6||CRITICAL
EPSS-0.71% / 49.12%
||
7 Day CHG~0.00%
Published-28 Jun, 2022 | 18:40
Updated-17 Sep, 2024 | 04:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerScale OneFS, 8.2.x through 9.3.0.x, contain an error message with sensitive information. An administrator could potentially exploit this vulnerability, leading to disclosure of sensitive information. This sensitive information can be used to access sensitive resources.

Action-Not Available
Vendor-Dell Inc.
Product-powerscale_onefsPowerScale OneFS
CWE ID-CWE-209
Generation of Error Message Containing Sensitive Information
CVE-2022-29089
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-6.4||MEDIUM
EPSS-0.49% / 38.42%
||
7 Day CHG~0.00%
Published-28 Sep, 2022 | 20:30
Updated-20 May, 2025 | 20:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Networking OS10, versions prior to October 2021 with Smart Fabric Services enabled, contains an information disclosure vulnerability. A remote, unauthenticated attacker could potentially exploit this vulnerability by reverse engineering to retrieve sensitive information and access the REST API with admin privileges.

Action-Not Available
Vendor-Dell Inc.
Product-smartfabric_os10Dell Networking OS10
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2022-29097
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-4.9||MEDIUM
EPSS-1.21% / 64.68%
||
7 Day CHG~0.00%
Published-24 Jun, 2022 | 17:00
Updated-16 Sep, 2024 | 16:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell WMS 3.6.1 and below contains a Path Traversal vulnerability in Device API. A remote attacker could potentially exploit this vulnerability, to gain unauthorized read access to the files stored on the server filesystem, with the privileges of the running web application.

Action-Not Available
Vendor-Dell Inc.
Product-wyse_management_suiteWyse Management Suite
CWE ID-CWE-23
Relative Path Traversal
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2019-3733
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-4.4||MEDIUM
EPSS-0.60% / 44.37%
||
7 Day CHG~0.00%
Published-30 Sep, 2019 | 21:48
Updated-16 Sep, 2024 | 23:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

RSA BSAFE Crypto-C Micro Edition, all versions prior to 4.1.4, is vulnerable to three (3) different Improper Clearing of Heap Memory Before Release vulnerability, also known as 'Heap Inspection vulnerability'. A malicious remote user could potentially exploit this vulnerability to extract information leaving data at risk of exposure.

Action-Not Available
Vendor-Dell Inc.ELAN Microelectronics Corporation
Product-bsafe_crypto-c-micro-editionrsa_bsafe_crypto-cRSA BSAFE MESRSA BSAFE Crypto-C Micro Edition
CWE ID-CWE-316
Cleartext Storage of Sensitive Information in Memory
CWE ID-CWE-459
Incomplete Cleanup
CVE-2023-32468
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-5.8||MEDIUM
EPSS-0.38% / 30.22%
||
7 Day CHG~0.00%
Published-26 Jul, 2023 | 07:11
Updated-21 Oct, 2024 | 13:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell ECS Streamer, versions prior to 2.0.7.1, contain an insertion of sensitive information in log files vulnerability. A remote malicious high-privileged user could potentially exploit this vulnerability leading to exposure of this sensitive data.

Action-Not Available
Vendor-Dell Inc.
Product-ecs_streamerECS Streamer
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2024-37136
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-6.8||MEDIUM
EPSS-0.42% / 34.10%
||
7 Day CHG~0.00%
Published-03 Sep, 2024 | 05:42
Updated-05 Sep, 2024 | 19:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Path to PowerProtect, versions 1.1, 1.2, contains an Exposure of Private Personal Information to an Unauthorized Actor vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to information exposure.

Action-Not Available
Vendor-Dell Inc.
Product-path_to_powerprotectPath to Power
CWE ID-CWE-359
Exposure of Private Personal Information to an Unauthorized Actor
CVE-2025-46676
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-2.7||LOW
EPSS-0.28% / 20.20%
||
7 Day CHG~0.00%
Published-09 Jan, 2026 | 15:48
Updated-05 Feb, 2026 | 13:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.4.0.0, LTS2025 release version 8.3.1.10, LTS2024 release versions 7.13.1.0 through 7.13.1.40, LTS 2023 release versions 7.10.1.0 through 7.10.1.70, contain an Exposure of Sensitive Information to an Unauthorized Actor vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure.

Action-Not Available
Vendor-Dell Inc.
Product-data_domain_operating_systemPowerProtect Data Domain with Data Domain Operating System (DD OS) Feature ReleasePowerProtect Data Domain with Data Domain Operating System (DD OS) LTS2024PowerProtect Data Domain with Data Domain Operating System (DD OS) LTS2025PowerProtect Data Domain with Data Domain Operating System (DD OS) LTS2023
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2024-29173
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-6.8||MEDIUM
EPSS-0.35% / 26.90%
||
7 Day CHG~0.00%
Published-26 Jun, 2024 | 02:51
Updated-03 Feb, 2025 | 15:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain a Server-Side Request Forgery (SSRF) vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to disclosure of information on the application or remote client.

Action-Not Available
Vendor-Dell Inc.
Product-dd3300dd6400apex_protection_storagedm5500dd9400dd9910dd9410dd9900data_domain_operating_systemdd6900PowerProtect DD
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2024-28971
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-3.5||LOW
EPSS-0.25% / 16.18%
||
7 Day CHG~0.00%
Published-08 May, 2024 | 15:37
Updated-27 Jan, 2025 | 18:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Update Manager Plugin, versions 1.4.0 through 1.5.0, contains a Plain-text Password Storage Vulnerability in Log file. A remote high privileged attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account.

Action-Not Available
Vendor-Dell Inc.
Product-openmanage_enterprise_update_managerUpdate Manager Plugin
CWE ID-CWE-256
Plaintext Storage of a Password
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2023-48661
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-4.9||MEDIUM
EPSS-0.59% / 43.83%
||
7 Day CHG~0.00%
Published-14 Dec, 2023 | 15:55
Updated-02 Aug, 2024 | 21:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell vApp Manager, versions prior to 9.2.4.x contain an arbitrary file read vulnerability. A remote malicious user with high privileges could potentially exploit this vulnerability to read arbitrary files from the target system.

Action-Not Available
Vendor-Dell Inc.
Product-unisphere_for_powermax_virtual_appliancesolutions_enabler_virtual_appliancepowermax_osvApp Manager
CWE ID-CWE-552
Files or Directories Accessible to External Parties
CVE-2023-32478
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-9||CRITICAL
EPSS-0.45% / 35.78%
||
7 Day CHG~0.00%
Published-21 Jul, 2023 | 05:34
Updated-21 Oct, 2024 | 13:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerStore versions prior to 3.5.0.1 contain an insertion of sensitive information into log file vulnerability. A high privileged malicious user could potentially exploit this vulnerability, leading to sensitive information disclosure.

Action-Not Available
Vendor-Dell Inc.
Product-powerstoreosPowerStore
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2019-18575
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-7.1||HIGH
EPSS-0.34% / 25.97%
||
7 Day CHG~0.00%
Published-06 Dec, 2019 | 20:40
Updated-17 Sep, 2024 | 01:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Command Configure versions prior to 4.2.1 contain an uncontrolled search path vulnerability. A locally authenticated malicious user could exploit this vulnerability by creating a symlink to a target file, allowing the attacker to overwrite or corrupt a specified file on the system.

Action-Not Available
Vendor-Dell Inc.
Product-command\|configureDell Command Configure (DCC)
CWE ID-CWE-427
Uncontrolled Search Path Element
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2023-43078
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-6.7||MEDIUM
EPSS-0.17% / 6.95%
||
7 Day CHG~0.00%
Published-28 Aug, 2024 | 05:33
Updated-19 Dec, 2024 | 15:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Dock Firmware and Dell Client Platform contain an Improper Link Resolution vulnerability during installation resulting in arbitrary folder deletion, which could lead to Privilege Escalation or Denial of Service.

Action-Not Available
Vendor-Dell Inc.
Product-inspiron_24_5410_all-in-onelatitude_5401optiplex_7770_all-in-onexps_15_9510_firmwareinspiron_7300_firmwarelatitude_3520inspiron_13_5330precision_3561_firmwarexps_17_9710_firmwareoptiplex_tower_plus_7010_firmwareprecision_7770_firmwareprecision_7560inspiron_14_plus_7430alienware_x14_r2vostro_3888optiplex_all-in-one_7410_firmwarexps_13_9315inspiron_7490vostro_3888_firmwarelatitude_5430_rugged_laptopprecision_7540optiplex_5090_small_form_factor_firmwareinspiron_15_3511_firmwarewyse_5070latitude_9420alienware_x16_r1precision_5470_firmwaredell_precision_3630_towerlatitude_5590optiplex_5080latitude_5511precision_5530_2-in-1precision_5550inspiron_7501inspiron_5502optiplex_xe4_tower_firmwarechengming_3911_firmwarevostro_14_3430_firmwarexps_17_9700inspiron_16_7630_2-in-1optiplex_3000_microoptiplex_7000_microlatitude_5300vostro_3400g3_3500optiplex_3000_tower_firmwareprecision_5530_firmwaredell_precision_3430_toweroptiplex_micro_7010_firmwarelatitude_7320latitude_7300alienware_m18_r1precision_3431_toweroptiplex_3060_firmwarelatitude_3420latitude_7490_firmwareoptiplex_tower_7010latitude_5310_2-in-1_firmwareprecision_3570inspiron_7490_firmwareinspiron_5409latitude_7400latitude_5591optiplex_5270_all-in-one_firmwareinspiron_3471latitude_5531_firmwareoptiplex_7071_firmwareinspiron_14_5410precision_3570_firmwareoptiplex_5070latitude_3400precision_5770_firmwareinspiron_14_7430_2-in-1latitude_3420_firmwareg5_5000vostro_14_5410precision_5480inspiron_14_5420_firmwareoptiplex_3090_firmwareg15_5520_firmwarelatitude_3530inspiron_7506_2-in-1_firmwarexps_13_plus_9320alienware_m16_r1optiplex_7000_small_form_factor_firmwarelatitude_7320_detachable_firmwarelatitude_9410optiplex_7400_all-in-oneoptiplex_7070optiplex_7080_firmwarevostro_16_5630latitude_5420_rugged_firmwarelatitude_5310latitude_5530precision_7680latitude_5431_firmwarelatitude_3301latitude_5420_ruggedoptiplex_7090_ultra_firmwareg16_7620precision_3450chengming_3900latitude_5495inspiron_5400latitude_7330_firmwarexps_15_9520_firmwarevostro_3020_small_desktopprecision_5680_firmwarevostro_5090precision_5560latitude_7640latitude_3190vostro_15_3520_firmwareoptiplex_5400_all-in-one_firmwarelatitude_7430_firmwarelatitude_3330_firmwarelatitude_5540universal_dock_ud22_firmware_update_utilityinspiron_3881_firmwarevostro_15_3510latitude_5521xps_9315_2-in-1optiplex_5480_all-in-one_firmwareoptiplex_7000_tower_firmwareprecision_3540precision_5570_firmwareinspiron_3910inspiron_3580_firmwarelatitude_7520optiplex_7400_all-in-one_firmwarewyse_5070_firmwarelatitude_3310latitude_5290_2-in-1g7_7700_firmwarewyse_5470_all-in-one_firmwareoptiplex_3090latitude_7290latitude_3340vostro_7620_firmwareinspiron_16_7620_2-in-1inspiron_5402latitude_5430_firmwareprecision_7540_firmwarevostro_3401_firmwarevostro_3881wyse_5470_firmwareinspiron_24_5411_all-in-one_firmwareinspiron_5593latitude_5420_firmwareprecision_3561inspiron_14_7420_2-in-1optiplex_3000_towerlatitude_5440_firmwarelatitude_3190_2-in-1_firmwarevostro_5301precision_3460_xe_small_form_factor_firmwarexps_15_9510inspiron_16_plus_7620latitude_7210_2-in-1optiplex_xe3_firmwarevostro_5880precision_3260_compactoptiplex_7070_firmwarealienware_m15_r7_firmwarealienware_m15_r6_firmwareoptiplex_5270_all-in-oneoptiplex_xe3latitude_3301_firmwarelatitude_5491latitude_3140_firmwarelatitude_9520_firmwareprecision_5560_firmwarelatitude_5330vostro_3690_firmwarelatitude_5520_firmwareoptiplex_5480_all-in-oneinspiron_24_5410_all-in-one_firmwarelatitude_5400latitude_5410precision_7865_towerprecision_3541xps_8940latitude_9440_2-in-1precision_7730_firmwareprecision_3551latitude_5401_firmwareoptiplex_all-in-one_7410optiplex_3000_small_form_factor_firmwareprecision_7730inspiron_16_7610_firmwarevostro_5301_firmwarevostro_5890latitude_7230_rugged_extreme_firmwarealienware_m18_r1_firmwareoptiplex_7770_all-in-one_firmwarelatitude_5400_firmwareg16_7630latitude_5430_rugged_laptop_firmwarelatitude_9330_firmwareinspiron_7700_all-in-onevostro_3671_firmwareprecision_3440latitude_rugged_7220ex_firmwareinspiron_13_5320optiplex_7460_all_in_one_firmwarevostro_5402optiplex_tower_7010_firmwareoptiplex_7090_ultraoptiplex_7470_all-in-oneg5_5000_firmwareinspiron_3671_firmwareprecision_7960_tower_firmwareprecision_3550_firmwarelatitude_3310_firmwarevostro_3690g16_7620_firmwareprecision_3460_small_form_factor_firmwarexps_9315_2-in-1_firmwarevostro_7500latitude_7530optiplex_7490_all-in-onealienware_m15_r7precision_7740_firmwareoptiplex_5090_towervostro_15_3530g16_7630_firmwaredock_wd22tb4_firmware_update_utilityvostro_3681vostro_3591latitude_3440precision_7780latitude_7400_2-in-1_firmwarevostro_15_7510precision_3530latitude_5411_firmwarelatitude_3510_firmwareoptiplex_7070_ultrainspiron_13_5310_firmwareinspiron_3593precision_7740inspiron_15_5518_firmwareoptiplex_tower_plus_7010precision_5530latitude_7310_firmwareoptiplex_3000_thin_clientinspiron_7306_2-in-1latitude_7530_firmwarexps_13_9310_firmwarexps_13_7390_firmwarelatitude_9510optiplex_3280_all-in-oneinspiron_16_plus_7630precision_5760_firmwarevostro_14_3420precision_3580_firmwarevostro_3681_firmwarevostro_3580_firmwarevostro_5890_firmwareinspiron_3910_firmwareinspiron_5406_2-in-1precision_7760_firmwarelatitude_5300_2-in-1_firmwarexps_13_9305_firmwareinspiron_5410optiplex_7760_all-in-onevostro_15_7510_firmwareg7_7700vostro_5502latitude_3540_firmwareoptiplex_7780_all-in-oneinspiron_3501_firmwareinspiron_27_7720_all-in-one_firmwarelatitude_5300_firmwareinspiron_3880optiplex_7000_xe_microprecision_3930_rackprecision_7865_tower_firmwareprecision_7550xps_17_9720latitude_7440_firmwareoptiplex_small_form_factor_7010inspiron_15_3530_firmwareinspiron_14_plus_7420latitude_5320_firmwareprecision_3581optiplex_3080xps_13_9315_firmwareinspiron_15_3530xps_13_9300_firmwareprecision_5750optiplex_7460_all_in_oneinspiron_27_7710_all-in-one_firmwarevostro_3671precision_5570latitude_7310inspiron_14_5410_firmwarelatitude_5421_firmwarelatitude_7330_rugged_laptopinspiron_7500g15_5511precision_5760optiplex_7480_all-in-onechengming_3990_firmwareprecision_3551_firmwareinspiron_3020_small_desktop_firmwarelatitude_9430optiplex_7070_ultra_firmwarevostro_3400_firmwareoptiplex_7060latitude_7424_rugged_extremelatitude_5290_firmwareoptiplex_7480_all-in-one_firmwareg5_5090_firmwarelatitude_7390latitude_5440vostro_3500precision_3240_compactprecision_7750_firmwarelatitude_3520_firmwarevostro_3401vostro_3480_firmwarechengming_3991_firmwareinspiron_16_7630_2-in-1_firmwareprecision_5680inspiron_14_5418inspiron_7400latitude_9430_firmwareprecision_3650_tower_firmwarevostro_14_3420_firmwareinspiron_24_5411_all-in-oneoptiplex_7470_all-in-one_firmwareprecision_3630_tower_firmwarelatitude_7340_firmwarexps_13_9310_2-in-1latitude_7440intel_thunderbolt_controller_firmware_update_utilityinspiron_5400_firmwarelatitude_5424_ruggedvostro_15_3520optiplex_7760_all-in-one_firmwarelatitude_9510_2in1inspiron_7500_firmwareprecision_3541_firmwareg5_5500latitude_7330inspiron_14_5420inspiron_7506_2-in-1latitude_5330_firmwareg7_7500precision_3650_towervostro_3881_firmwarelatitude_7200_2-in-1latitude_5511_firmwarelatitude_3430_firmwareprecision_7960_towerprecision_3550inspiron_3891_firmwareoptiplex_3090_ultra_firmwareprecision_5480_firmwarexps_13_7390_2-in-1_firmwarelatitude_7420_firmwareoptiplex_5070_firmwareprecision_5860_tower_firmwarelatitude_3310_2-in-1optiplex_3090_ultraoptiplex_5090_tower_firmwarelatitude_5490vostro_5620_firmwareinspiron_16_7610latitude_7330_rugged_laptop_firmwarexps_7590latitude_3190_2-in-1optiplex_7071inspiron_3891xps_13_9305optiplex_7000_xe_micro_firmwarelatitude_9410_firmwareinspiron_7706_2-in-1_firmwarelatitude_5300_2-in-1inspiron_13_5330_firmwarelatitude_7424_rugged_extreme_firmwarelatitude_7220_rugged_extremeoptiplex_3070_firmwareg15_5511_firmwarelatitude_7410_firmwareprecision_3660optiplex_5260_all-in-onelatitude_5310_2-in-1optiplex_7090_tower_firmwarevostro_3910inspiron_15_7510_firmwareinspiron_14_5418_firmwareg5_5500_firmwareinspiron_3020_desktoplatitude_7390_firmwarelatitude_5500_firmwarelatitude_5410_firmwarelatitude_5430vostro_5090_firmwarexps_13_7390latitude_3530_firmwarelatitude_3400_firmwarevostro_3890latitude_3510precision_3560_firmwareinspiron_3880_firmwareg5_5090precision_5860_toweroptiplex_5080_firmwareinspiron_14_5430inspiron_14_7420_2-in-1_firmwarevostro_3471xps_17_9700_firmwareinspiron_3480_firmwareinspiron_15_7510latitude_5530_firmwareoptiplex_7000_micro_firmwareprecision_5470optiplex_5060_firmwareinspiron_16_5630_firmwarevostro_16_5630_firmwarevostro_3590precision_3470_firmwareoptiplex_small_form_factor_plus_7010inspiron_15_5510vostro_3020_tower_desktop_firmwareinspiron_16_plus_7620_firmwareprecision_7530_firmwarevostro_3583_firmwarelatitude_3190_firmwareoptiplex_5000_tower_firmwareoptiplex_micro_7010optiplex_xe4_towerxps_13_9300xps_15_9500latitude_5500precision_7550_firmwarelatitude_3500_firmwarechengming_3900_firmwarechengming_3991precision_3260_xe_compact_firmwareprecision_3260_xe_compactinspiron_7501_firmwareoptiplex_5090_small_form_factorg15_5510_firmwarelatitude_5290_2-in-1_firmwarelatitude_7220_rugged_extreme_firmwareinspiron_3471_firmwarelatitude_5501latitude_7400_firmwarevostro_3501vostro_5320_firmwarevostro_15_5510precision_3450_firmwarechengming_3990inspiron_15_3520_firmwareprecision_3460_small_form_factorinspiron_5301precision_3581_firmwarelatitude_5340optiplex_7090_towervostro_3583latitude_5491_firmwareprecision_3470vostro_5880_firmwareprecision_3480xps_17_9710precision_5750_firmwareoptiplex_small_form_factor_plus_7010_firmwaredock_hd22q_firmware_update_utilityoptiplex_3060optiplex_5060chengming_3988_firmwarelatitude_5520wyse_5470_all-in-onelatitude_3410_firmwareprecision_7680_firmwarevostro_13_5310_firmwareinspiron_7400_firmwareprecision_3260_compact_firmwarelatitude_7640_firmwareoptiplex_5400_all-in-onelatitude_3320precision_3530_firmwareprecision_3580latitude_3540xps_13_9310_2-in-1_firmwarealienware_x14_r2_firmwarevostro_5320vostro_3580precision_7750inspiron_3020_small_desktoplatitude_3430latitude_3320_firmwareinspiron_3580optiplex_5490_all-in-one_firmwareoptiplex_7080g15_5510inspiron_15_5518vostro_7500_firmwarevostro_14_3430xps_17_9730latitude_9330inspiron_16_7620_2-in-1_firmwareinspiron_15_3511latitude_7230_rugged_extremelatitude_9440_2-in-1_firmwarelatitude_5424_rugged_firmwareinspiron_15_3520optiplex_5000_small_form_factor_firmwarechengming_3910_firmwarelatitude_7300_firmwarelatitude_5421inspiron_16_5630latitude_9420_firmwareinspiron_24_5420_all-in-onelatitude_5510inspiron_5401_aio_firmwarewyse_5470latitude_7340optiplex_5090_micro_firmwarevostro_3501_firmwareinspiron_3593_firmwareinspiron_14_plus_7430_firmwareoptiplex_7780_all-in-one_firmwarevostro_3710_firmwareprecision_3440_firmwareprecision_5530_2-in-1_firmwareoptiplex_5000_micro_firmwareprecision_3640_firmwarelatitude_3310_2-in-1_firmwareinspiron_16_5620latitude_5320latitude_3330vostro_13_5310optiplex_7000_small_form_factorlatitude_7410xps_13_7390_2-in-1latitude_5501_firmwareprecision_3571optiplex_3280_all-in-one_firmwarexps_15_9500_firmwarelatitude_5411optiplex_5090_microvostro_3020_tower_desktopprecision_7760xps_17_9720_firmwarealienware_x16_r1_firmwareinspiron_7306_2-in-1_firmwarevostro_3500_firmwarelatitude_7320_detachablelatitude_9520inspiron_5509optiplex_5055_ryzen_apuvostro_3590_firmwareinspiron_5406_2-in-1_firmwareinspiron_27_7710_all-in-onelatitude_7420latitude_5290inspiron_7706_2-in-1precision_7670precision_5550_firmwareg7_7500_firmwareinspiron_24_5420_all-in-one_firmwarelatitude_3120_firmwarelatitude_5590_firmwareinspiron_16_plus_7630_firmwareinspiron_16_5620_firmwareprecision_7670_firmwareg15_5530inspiron_5301_firmwareinspiron_3671precision_5540precision_3571_firmwarevostro_5620inspiron_3480latitude_7520_firmwarelatitude_5431precision_3930_rack_firmwareoptiplex_3000_thin_client_firmwarevostro_3710latitude_5420precision_3480_firmwareinspiron_7300inspiron_3793_firmwareinspiron_5402_firmwareprecision_3430_tower_firmwareprecision_7560_firmwareoptiplex_micro_plus_7010latitude_3300_firmwarelatitude_3440_firmwarexps_15_9530_firmwarexps_17_9730_firmwarelatitude_7400_2-in-1precision_7770latitude_7210_2-in-1_firmwarexps_13_9310latitude_5510_firmwarelatitude_3340_firmwareinspiron_5410_firmwareoptiplex_5000_microinspiron_15_5510_firmwareinspiron_14_7430_2-in-1_firmwarevostro_5502_firmwareprecision_3540_firmwarexps_15_9530latitude_7430g3_3500_firmwareprecision_3431_tower_firmwarevostro_3471_firmwareoptiplex_3000_small_form_factoroptiplex_3080_firmwarexps_13_plus_9320_firmwarelatitude_3410optiplex_small_form_factor_7010_firmwarevostro_5402_firmwarevostro_15_3510_firmwareinspiron_7700_all-in-one_firmwareinspiron_3881optiplex_7490_all-in-one_firmwarevostro_14_5410_firmwarevostro_15_3530_firmwarelatitude_5531precision_3660_firmwarevostro_3020_small_desktop_firmwarechengming_3910optiplex_3000_micro_firmwareoptiplex_5000_small_form_factorprecision_7780_firmwarelatitude_5490_firmwarelatitude_5591_firmwareinspiron_3501inspiron_13_5310latitude_3140latitude_3500latitude_5310_firmwarelatitude_9510_2in1_firmwareinspiron_3793inspiron_27_7720_all-in-onelatitude_5540_firmwareprecision_3430_toweralienware_m15_r6vostro_3890_firmwaredock_wd19_firmware_update_utilitychengming_3988xps_15_7590latitude_3300optiplex_micro_plus_7010_firmwareprecision_5540_firmwareinspiron_5401_firmwarevostro_15_5510_firmwareprecision_3460_xe_small_form_factorxps_15_9520xps_8940_firmwarelatitude_7320_firmwareoptiplex_5490_all-in-onevostro_3480latitude_3120g15_5530_firmwareprecision_3560inspiron_5401_aiotpm_2.0_firmware_update_utilitydell_precision_3431_towerprecision_3640optiplex_5260_all-in-one_firmwarelatitude_rugged_7220exinspiron_5509_firmwareinspiron_5593_firmwarelatitude_7200_2-in-1_firmwareprecision_3630_toweralienware_m16_r1_firmwareinspiron_14_5430_firmwareinspiron_3020_desktop_firmwareoptiplex_3070inspiron_13_5320_firmwarevostro_3910_firmwarelatitude_7290_firmwareprecision_7530chengming_3911precision_5770vostro_7620dell_precision_5820_towerinspiron_5502_firmwarexps_15_7590_firmwareinspiron_5409_firmwareinspiron_14_plus_7420_firmwareg15_5520latitude_5340_firmwarelatitude_7490optiplex_7000_toweroptiplex_7060_firmwareprecision_3240_compact_firmwarelatitude_5521_firmwareoptiplex_5000_towerinspiron_5401Dell Client Platform, Dell Dock Firmwarelatitude_7320_firmwareg15_5530_firmwaredell_g7_7700_firmwarelatitude_3340_firmwareinspiron_24_5411_all-in-one_firmwarechengming_3988_firmwarelatitude_5290_firmwarelatitude_5420_firmwarealienware_m16_r1_firmwareg3_3500_firmwareg5_5090_firmwareoptiplex_3080_firmwareinspiron_3891_firmwareinspiron_13_5320_firmwarechengming_3900_firmwareinspiron_5301_firmwarelatitude_7290_firmwareoptiplex_5090_tower_firmwarealienware_x14_r2_firmwareinspiron_3593_firmwareinspiron_3880_firmwareinspiron_15_3530_firmwareprecision_3260_xe_compact_firmwarelatitude_5320_firmwareprecision_3660_firmwareoptiplex_5400_all-in-one_firmwarechengming_3991_firmwareg5_5000_firmwarealienware_m15_r7_firmwarealienware_m15_r6_firmwarelatitude_7220_rugged_extreme_firmwarelatitude_5340_firmwareoptiplex_3000_thin_client_firmwarelatitude_3420_firmwareprecision_3650_tower_firmwarelatitude_5530_firmwarelatitude_9520_firmwareoptiplex_5490_all-in-one_firmwareprecision_3630_tower_firmwarelatitude_3300_firmwareinspiron_13_5330_firmwareinspiron_14_5410_firmwareoptiplex_3090_firmwareg15_5511_firmware
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2025-36611
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-7.3||HIGH
EPSS-0.13% / 3.14%
||
7 Day CHG+0.01%
Published-30 Jul, 2025 | 16:18
Updated-26 Feb, 2026 | 17:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Encryption and Dell Security Management Server, versions prior to 11.11.0, contain an Improper Link Resolution Before File Access ('Link Following') Vulnerability. A local malicious user could potentially exploit this vulnerability, leading to privilege escalation.

Action-Not Available
Vendor-Dell Inc.
Product-encryptionsecurity_management_serverSecurity Management ServerEncryption
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2026-44274
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.13% / 2.73%
||
7 Day CHG~0.00%
Published-22 Jun, 2026 | 18:47
Updated-26 Jun, 2026 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Wyse Management Suite (WMS), versions prior to WMS 2605, contain an Improper Link Resolution Before File Access vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Unauthorized access.

Action-Not Available
Vendor-Dell Inc.
Product-wyse_management_suiteWyse Management Suite (WMS)
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2026-44269
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-4.4||MEDIUM
EPSS-Not Assigned
Published-03 Jul, 2026 | 12:09
Updated-03 Jul, 2026 | 13:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an improper link resolution before file access ('link following') vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to unauthorized access.

Action-Not Available
Vendor-Dell Inc.
Product-PowerProtect Data Domain
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2026-46468
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-4.4||MEDIUM
EPSS-Not Assigned
Published-03 Jul, 2026 | 12:58
Updated-03 Jul, 2026 | 13:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an improper link resolution before file access ('Link following') vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to information exposure.

Action-Not Available
Vendor-Dell Inc.
Product-PowerProtect Data Domain
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2026-44275
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-6.3||MEDIUM
EPSS-0.10% / 0.94%
||
7 Day CHG~0.00%
Published-09 Jun, 2026 | 17:51
Updated-09 Jun, 2026 | 19:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell/Alienware Purchased Apps, versions prior to 1.1.32.0, contain an Improper Link Resolution Before File Access ('Link Following') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Arbitrary File Write

Action-Not Available
Vendor-Dell Inc.
Product-Dell/Alienware Purchased Apps
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2025-29983
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-6.7||MEDIUM
EPSS-0.14% / 3.82%
||
7 Day CHG~0.00%
Published-15 Apr, 2025 | 03:30
Updated-26 Feb, 2026 | 18:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Trusted Device, versions prior to 7.0.3.0, contain an Improper Link Resolution Before File Access ('Link Following') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges.

Action-Not Available
Vendor-Dell Inc.
Product-trusted_device_agentDell Trusted Device Client
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2025-22480
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-7||HIGH
EPSS-0.17% / 6.32%
||
7 Day CHG~0.00%
Published-13 Feb, 2025 | 16:04
Updated-24 Sep, 2025 | 14:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell SupportAssist OS Recovery versions prior to 5.5.13.1 contain a symbolic link attack vulnerability. A low-privileged attacker with local access could potentially exploit this vulnerability, leading to arbitrary file deletion and Elevation of Privileges.

Action-Not Available
Vendor-Dell Inc.
Product-supportassist_os_recoveryDell SupportAssist OS Recovery
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CWE ID-CWE-61
UNIX Symbolic Link (Symlink) Following
CVE-2026-41121
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-7.3||HIGH
EPSS-0.12% / 2.51%
||
7 Day CHG~0.00%
Published-01 Jul, 2026 | 18:48
Updated-01 Jul, 2026 | 20:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Device Management Agent, versions prior to DDMA 26.05, contain an Improper Link Resolution Before File Access ('Link Following’) vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of Privileges.

Action-Not Available
Vendor-Dell Inc.
Product-Device Management Agent
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2023-39246
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-4.6||MEDIUM
EPSS-0.15% / 4.74%
||
7 Day CHG~0.00%
Published-16 Nov, 2023 | 08:41
Updated-02 Aug, 2024 | 18:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Encryption, Dell Endpoint Security Suite Enterprise, and Dell Security Management Server version prior to 11.8.1 contain an Insecure Operation on Windows Junction Vulnerability during installation. A local malicious user could potentially exploit this vulnerability to create an arbitrary folder inside a restricted directory, leading to Privilege Escalation

Action-Not Available
Vendor-Microsoft CorporationDell Inc.
Product-windowssecurity_management_serverencryptionendpoint_security_suite_enterpriseDell Encryption, Dell Endpoint Security Suite Enterprise, Dell Security Management Server (Windows)
CWE ID-CWE-61
UNIX Symbolic Link (Symlink) Following
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2023-32474
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-6.6||MEDIUM
EPSS-0.19% / 8.98%
||
7 Day CHG~0.00%
Published-06 Feb, 2024 | 07:53
Updated-02 Aug, 2024 | 15:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Display Manager application, version 2.1.1.17 and prior, contain an insecure operation on windows junction/mount point. A local malicious user could potentially exploit this vulnerability during installation leading to arbitrary folder or file deletion

Action-Not Available
Vendor-Dell Inc.
Product-display_managerDell Display Manager
CWE ID-CWE-1386
Insecure Operation on Windows Junction / Mount Point
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2023-28071
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-6.3||MEDIUM
EPSS-0.18% / 7.63%
||
7 Day CHG~0.00%
Published-23 Jun, 2023 | 10:37
Updated-07 Nov, 2024 | 20:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Command | Update, Dell Update, and Alienware Update versions 4.9.0, A01 and prior contain an Insecure Operation on Windows Junction / Mount Point vulnerability. A local malicious user could potentially exploit this vulnerability to create arbitrary folder leading to permanent Denial of Service (DOS).

Action-Not Available
Vendor-Microsoft CorporationDell Inc.
Product-windowsalienware_updatecommand_updateupdateDell Command Update (DCU)
CWE ID-CWE-1386
Insecure Operation on Windows Junction / Mount Point
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2023-28065
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-6.7||MEDIUM
EPSS-0.19% / 9.17%
||
7 Day CHG~0.00%
Published-23 Jun, 2023 | 11:04
Updated-04 Dec, 2024 | 14:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Command | Update, Dell Update, and Alienware Update versions 4.8.0 and prior contain an Insecure Operation on Windows Junction / Mount Point vulnerability. A local malicious user could potentially exploit this vulnerability leading to privilege escalation.

Action-Not Available
Vendor-Microsoft CorporationDell Inc.
Product-windowsalienware_updatecommand_updateupdateDell Command Update (DCU)
CWE ID-CWE-1386
Insecure Operation on Windows Junction / Mount Point
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2023-23697
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-4.7||MEDIUM
EPSS-0.18% / 7.46%
||
7 Day CHG~0.00%
Published-13 Feb, 2023 | 07:24
Updated-21 Mar, 2025 | 14:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Command | Intel vPro Out of Band, versions before 4.4.0, contain an arbitrary folder delete vulnerability during uninstallation. A locally authenticated malicious user may potentially exploit this vulnerability leading to arbitrary folder deletion.

Action-Not Available
Vendor-Dell Inc.
Product-command_\|_intel_vpro_out_of_bandDell Command Update (DCU)
CWE ID-CWE-1386
Insecure Operation on Windows Junction / Mount Point
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2026-28262
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-6||MEDIUM
EPSS-0.10% / 0.80%
||
7 Day CHG~0.00%
Published-09 Jun, 2026 | 08:41
Updated-09 Jun, 2026 | 12:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell iDRAC Tools, versions prior to 11.4.1.0, contains an Improper Link Resolution Before File Access ('Link Following') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information tampering.

Action-Not Available
Vendor-Dell Inc.
Product-iDRAC Tools
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2026-27105
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-6.3||MEDIUM
EPSS-0.10% / 1.18%
||
7 Day CHG~0.00%
Published-29 Apr, 2026 | 18:18
Updated-05 May, 2026 | 12:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell/Alienware Purchased Apps, versions prior to 1.1.31.0, contain an Improper Link Resolution Before File Access ('Link Following') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Arbitrary File Write

Action-Not Available
Vendor-Dell Inc.
Product-dell\/alienware_purchased_appsDell/Alienware Purchased Apps
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2026-25906
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-7.3||HIGH
EPSS-0.17% / 6.05%
||
7 Day CHG~0.00%
Published-03 Mar, 2026 | 20:55
Updated-05 Mar, 2026 | 21:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Optimizer, versions prior to 6.3.1, contain an Improper Link Resolution Before File Access ('Link Following') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of Privileges.

Action-Not Available
Vendor-Dell Inc.
Product-optimizerOptimizer
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2021-36286
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-7.1||HIGH
EPSS-0.25% / 16.33%
||
7 Day CHG~0.00%
Published-28 Sep, 2021 | 19:20
Updated-16 Sep, 2024 | 19:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell SupportAssist Client Consumer versions 3.9.13.0 and any versions prior to 3.9.13.0 contain an arbitrary file deletion vulnerability that can be exploited by using the Windows feature of NTFS called Symbolic links. Symbolic links can be created by any(non-privileged) user under some object directories, but by themselves are not sufficient to successfully escalate privileges. However, combining them with a different object, such as the NTFS junction point allows for the exploitation. Support assist clean files functionality do not distinguish junction points from the physical folder and proceeds to clean the target of the junction that allows nonprivileged users to create junction points and delete arbitrary files on the system which can be accessed only by the admin.

Action-Not Available
Vendor-Dell Inc.
Product-supportassist_client_consumerSupportAssist Client Consumer
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2026-21419
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-6.6||MEDIUM
EPSS-0.15% / 4.52%
||
7 Day CHG~0.00%
Published-09 Feb, 2026 | 17:01
Updated-26 Feb, 2026 | 15:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Display and Peripheral Manager (Windows) versions prior to 2.2 contain an Improper Link Resolution Before File Access ('Link Following') vulnerability in the Installer and Service. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of Privileges

Action-Not Available
Vendor-Dell Inc.
Product-Display and Peripheral Manager (Windows)
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2024-52542
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-4.4||MEDIUM
EPSS-0.17% / 6.64%
||
7 Day CHG~0.00%
Published-17 Dec, 2024 | 11:33
Updated-04 Feb, 2025 | 15:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell AppSync, version 4.6.0.x, contain a Symbolic Link (Symlink) Following vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to information tampering.

Action-Not Available
Vendor-Dell Inc.
Product-appsyncAppSync
CWE ID-CWE-61
UNIX Symbolic Link (Symlink) Following
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2024-52537
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-6.3||MEDIUM
EPSS-0.17% / 6.77%
||
7 Day CHG~0.00%
Published-11 Dec, 2024 | 07:26
Updated-04 Feb, 2025 | 16:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Client Platform Firmware Update Utility contains an Improper Link Resolution vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of Privileges.

Action-Not Available
Vendor-Dell Inc.Linux Kernel Organization, IncMicrosoft Corporation
Product-windowsdock_wd19_firmware_update_utilitylinux_kerneldock_wd22tb4_firmware_update_utilitydock_hd22q_firmware_update_utilityDell Client Platform BIOS
CWE ID-CWE-61
UNIX Symbolic Link (Symlink) Following
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2024-52535
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-7.1||HIGH
EPSS-0.54% / 41.38%
||
7 Day CHG+0.01%
Published-25 Dec, 2024 | 14:41
Updated-29 Jan, 2025 | 20:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell SupportAssist for Home PCs versions 4.6.1 and prior and Dell SupportAssist for Business PCs versions 4.5.0 and prior, contain a symbolic link (symlink) attack vulnerability in the software remediation component. A low-privileged authenticated user could potentially exploit this vulnerability, gaining privileges escalation, leading to arbitrary deletion of files and folders from the system.

Action-Not Available
Vendor-Dell Inc.
Product-supportassist_for_business_pcssupportassist_for_home_pcsSupportAssist for Home PCsSupportAssist for Business PCs
CWE ID-CWE-61
UNIX Symbolic Link (Symlink) Following
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2024-47480
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.19% / 8.69%
||
7 Day CHG~0.00%
Published-18 Dec, 2024 | 01:05
Updated-04 Feb, 2025 | 15:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Inventory Collector Client, versions prior to 12.7.0, contains an Improper Link Resolution Before File Access vulnerability. A low-privilege attacker with local access may exploit this vulnerability, potentially resulting in Elevation of Privileges and unauthorized file system access.

Action-Not Available
Vendor-Dell Inc.
Product-inventory_collectorInventory Collector Client
CWE ID-CWE-61
UNIX Symbolic Link (Symlink) Following
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2024-39578
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-6.3||MEDIUM
EPSS-0.19% / 9.19%
||
7 Day CHG~0.00%
Published-31 Aug, 2024 | 07:33
Updated-03 Sep, 2024 | 20:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerScale OneFS versions 8.2.2.x through 9.8.0.1 contains a UNIX symbolic link (symlink) following vulnerability. A local high privileged attacker could potentially exploit this vulnerability, leading to denial of service, information tampering.

Action-Not Available
Vendor-Dell Inc.
Product-powerscale_onefsPowerScale OneFS
CWE ID-CWE-61
UNIX Symbolic Link (Symlink) Following
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2020-5324
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-7.1||HIGH
EPSS-0.25% / 16.50%
||
7 Day CHG~0.00%
Published-21 Feb, 2020 | 14:50
Updated-17 Sep, 2024 | 02:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Client Consumer and Commercial Platforms contain an Arbitrary File Overwrite Vulnerability. The vulnerability is limited to the Dell Firmware Update Utility during the time window while being executed by an administrator. During this time window, a locally authenticated low-privileged malicious user could exploit this vulnerability by tricking an administrator into overwriting arbitrary files via a symlink attack. The vulnerability does not affect the actual binary payload that the update utility delivers.

Action-Not Available
Vendor-Dell Inc.
Product-latitude_5401vostro_5391_firmwareprecision_3541inspiron_5583precision_7730_firmwareprecision_3541_firmwarelatitude_5401_firmwareprecision_7730inspiron_7380inspiron_5491_firmwarelatitude_5424_rugged_firmwarexps_15_9575_firmwareinspiron_14_5490inspiron_5590_firmwarevostro_3490_firmwareg7_17_7790_firmwareg7_17_7790latitude_7300_firmwareinspiron_5493inspiron_7490latitude_5400_firmwareprecision_7540wyse_5470inspiron_5390_firmwareg7_15_7590inspiron_3593_firmwareinspiron_5591inspiron_7391latitude_5490latitude_5590inspiron_5481inspiron_5494_firmwareinspiron_7390_firmwareinspiron_7580_firmwareinspiron_7786_firmwareinspiron_3583vostro_5581_firmwarevostro_3481latitude_5300inspiron_7786vostro_7590precision_5530_firmwareinspiron_5591_firmwareinspiron_3590_firmwareinspiron_3781g5_5587_firmwarelatitude_5501_firmwarevostro_15_7580_firmwarelatitude_7424_rugged_extreme_firmwarevostro_15_7580g7_7588_firmwareinspiron_7590_firmwareinspiron_7791_firmwarelatitude_7300precision_7740_firmwareg3_3579_firmwarevostro_3590_firmwareinspiron_5498inspiron_3780inspiron_7380_firmwarelatitude_3590_firmwarelatitude_7490_firmwareinspiron_7591_firmwarelatitude_7390_firmwarelatitude_5290latitude_5500_firmwareinspiron_3481inspiron_3780_firmwareinspiron_7490_firmwareg7_7588latitude_3400_firmwareprecision_3530latitude_5590_firmwarelatitude_5591inspiron_5590latitude_7400vostro_5481_firmwarevostro_5490inspiron_3593inspiron_5584xps_15_9570precision_7740g3_15_3590_firmwareinspiron_3481_firmwarelatitude_3390precision_5530g5_5090inspiron_5582inspiron_5498_firmwareprecision_5540vostro_5490_firmwareinspiron_3790_firmwareinspiron_3584_firmwareinspiron_5493_firmwareinspiron_7586inspiron_3480inspiron_3583_firmwareinspiron_7586_firmwarelatitude_3400inspiron_3480_firmwarelatitude_3490inspiron_3793_firmwareinspiron_7390vostro_3580_firmwareinspiron_3581_firmwarelatitude_3300_firmwarevostro_3590vostro_5390xps_15_9570_firmwarelatitude_3490_firmwarevostro_5590_firmwarevostro_3581_firmwarevostro_5581inspiron_3490latitude_7200_firmwareprecision_7530_firmwarevostro_3581xps_15_9575inspiron_3790vostro_3583_firmwarelatitude_5420_rugged_firmwarevostro_5391inspiron_5494latitude_7220_rugged_extreme_tablet_firmwarelatitude_3301g3_3779_firmwarelatitude_5300_firmwareinspiron_5594latitude_5420_ruggedprecision_3540_firmwareinspiron_5580latitude_7220_rugged_extreme_tabletinspiron_5582_firmwarelatitude_5500latitude_3500_firmwarevostro_3490g5_15_5590g5_15_5590_firmwareinspiron_5391wyse_5070_thin_clientinspiron_5598xps_13_9380inspiron_5480latitude_7220ex_rugged_extreme_tabletlatitude_7220ex_rugged_extreme_tablet_firmwareg7_15_7590_firmwareinspiron_5580_firmwarelatitude_5490_firmwarelatitude_5591_firmwarelatitude_3500inspiron_7791inspiron_3793latitude_5501latitude_7400_firmwareprecision_3540latitude_3590inspiron_3580_firmwareinspiron_3781_firmwareinspiron_5481_firmwarelatitude_3311_firmwareinspiron_7591xps_15_7590latitude_3300inspiron_5584_firmwareprecision_5540_firmwarevostro_5590vostro_3583vostro_3584_firmwarelatitude_5491_firmwareinspiron_5482vostro_3480latitude_7290inspiron_3493inspiron_5594_firmwareinspiron_14_5490_firmwareprecision_7540_firmwareinspiron_7391_firmwareinspiron_5593_firmwarewyse_5470_firmwareinspiron_5593inspiron_5491latitude_5290_firmwarelatitude_7424_rugged_extremeg5_5587inspiron_7580inspiron_5598_firmwareinspiron_3584inspiron_5482_firmwarevostro_5390_firmwareg5_5090_firmwarevostro_5481inspiron_3493_firmwarelatitude_7390precision_3530_firmwarelatitude_3311latitude_7290_firmwareprecision_7530inspiron_5583_firmwareg3_15_3590latitude_3390_firmwarelatitude_7200inspiron_5480_firmwareinspiron_3590inspiron_5391_firmwarevostro_3480_firmwareinspiron_7590vostro_3580vostro_7590_firmwarexps_15_7590_firmwarevostro_3584inspiron_3490_firmwarexps_13_9380_firmwarewyse_5070_thin_client_firmwarelatitude_3301_firmwarelatitude_7490inspiron_5390vostro_3481_firmwareinspiron_3580latitude_5491g3_3579g3_3779inspiron_7386_firmwareinspiron_3581inspiron_7386latitude_5424_ruggedlatitude_5400Dell Client Consumer and Commercial Platforms
CWE ID-CWE-427
Uncontrolled Search Path Element
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2025-36564
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.11% / 1.71%
||
7 Day CHG~0.00%
Published-03 Jun, 2025 | 14:41
Updated-26 Feb, 2026 | 18:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Encryption Admin Utilities versions prior to 11.10.2 contain an Improper Link Resolution vulnerability. A local malicious user could potentially exploit this vulnerability, leading to privilege escalation.

Action-Not Available
Vendor-Dell Inc.
Product-encryptionEncryption Admin Utilities
CWE ID-CWE-61
UNIX Symbolic Link (Symlink) Following
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2024-37143
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-10||CRITICAL
EPSS-0.77% / 51.01%
||
7 Day CHG~0.00%
Published-10 Dec, 2024 | 02:25
Updated-22 Jan, 2026 | 16:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerFlex appliance versions prior to IC 46.381.00 and IC 46.376.00, Dell PowerFlex rack versions prior to RCM 3.8.1.0 (for RCM 3.8.x train) and prior to RCM 3.7.6.0 (for RCM 3.7.x train), Dell PowerFlex custom node using PowerFlex Manager versions prior to 4.6.1.0, Dell InsightIQ versions prior to 5.1.1, and Dell Data Lakehouse versions prior to 1.2.0.0 contain an Improper Link Resolution Before File Access vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability to execute arbitrary code on the system.

Action-Not Available
Vendor-Dell Inc.
Product-powerflex_managerpowerflex_rack_release_certification_matrixinsightiqdata_lakehousepowerflex_appliance_intelligent_catalogDell Data LakehouseDell PowerFlex rackDell PowerFlex applianceDell PowerFlex custom nodeDell InsightIQ
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
  • Previous
  • 1
  • 2
  • Next
Details not found