Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

Dell

#c550e75a-17ff-4988-97f0-544cde3820fe
PolicyEmail

Short Name

dell

Program Role

CNA

Top Level Root

MITRE Corporation

Security Advisories

View Advisories

Domain

dell.com

Country

USA

Scope

Dell, Dell EMC, and VCE issues only.
Reported CVEsVendorsProductsReports
1999Vulnerabilities found
CVE-2025-36564
Assigner-Dell
ShareView Details
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.02% / 3.24%
||
7 Day CHG~0.00%
Published-03 Jun, 2025 | 14:41
Updated-04 Jun, 2025 | 14:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Encryption Admin Utilities versions prior to 11.10.2 contain an Improper Link Resolution vulnerability. A local malicious user could potentially exploit this vulnerability, leading to privilege escalation.

Action-Not Available
Vendor-Dell Inc.
Product-Encryption Admin Utilities
CWE ID-CWE-61
UNIX Symbolic Link (Symlink) Following
CVE-2025-32752
Assigner-Dell
ShareView Details
Assigner-Dell
CVSS Score-5.7||MEDIUM
EPSS-0.01% / 0.72%
||
7 Day CHG~0.00%
Published-29 May, 2025 | 18:53
Updated-12 Jun, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell ThinOS 2502 and prior contain a Cleartext Storage of Sensitive Information vulnerability. A high privileged attacker with physical access could potentially exploit this vulnerability, leading to Information Disclosure.

Action-Not Available
Vendor-Dell Inc.
Product-ThinOS
CWE ID-CWE-312
Cleartext Storage of Sensitive Information
CVE-2025-36572
Assigner-Dell
ShareView Details
Assigner-Dell
CVSS Score-6.5||MEDIUM
EPSS-0.05% / 16.30%
||
7 Day CHG~0.00%
Published-28 May, 2025 | 16:14
Updated-09 Jun, 2025 | 18:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerStore, version(s) 4.0.0.0, contain(s) an Use of Hard-coded Credentials vulnerability in the PowerStore image file. A low privileged attacker with remote access, with the knowledge of the hard-coded credentials, could potentially exploit this vulnerability to gain unauthorized access based on the hardcoded account's privileges.

Action-Not Available
Vendor-Dell Inc.
Product-powerstore_5000tpowerstore_1200tpowerstore_9000tpowerstore_9200tpowerstore_500tpowerstore_7000tpowerstore_3200tpowerstore_1000tpowerstore_3000tpowerstore_3200qpowerstore_5200tpowerstoreosPowerStore
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2025-26481
Assigner-Dell
ShareView Details
Assigner-Dell
CVSS Score-7.5||HIGH
EPSS-0.06% / 19.64%
||
7 Day CHG~0.00%
Published-15 May, 2025 | 19:03
Updated-11 Jul, 2025 | 15:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerScale OneFS, versions 9.4.0.0 through 9.9.0.0, contains an uncontrolled resource consumption vulnerability. A remote unprivileged attacker could potentially exploit this vulnerability, leading to denial of service.

Action-Not Available
Vendor-Dell Inc.
Product-powerscale_onefsPowerScale OneFS
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2025-30476
Assigner-Dell
ShareView Details
Assigner-Dell
CVSS Score-5.3||MEDIUM
EPSS-0.07% / 22.55%
||
7 Day CHG~0.00%
Published-15 May, 2025 | 18:45
Updated-16 May, 2025 | 18:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerScale InsightIQ, version 5.2, contains an uncontrolled resource consumption vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to denial of service.

Action-Not Available
Vendor-Dell Inc.
Product-PowerScale InsightIQ
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2025-30475
Assigner-Dell
ShareView Details
Assigner-Dell
CVSS Score-8.1||HIGH
EPSS-0.11% / 29.85%
||
7 Day CHG~0.00%
Published-15 May, 2025 | 18:40
Updated-16 May, 2025 | 18:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerScale InsightIQ, versions 5.0 through 5.2, contains an improper privilege management vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to elevation of privileges.

Action-Not Available
Vendor-Dell Inc.
Product-PowerScale InsightIQ
CWE ID-CWE-269
Improper Privilege Management
CVE-2025-27695
Assigner-Dell
ShareView Details
Assigner-Dell
CVSS Score-4.9||MEDIUM
EPSS-0.07% / 22.54%
||
7 Day CHG~0.00%
Published-08 May, 2025 | 19:06
Updated-11 Jul, 2025 | 14:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Wyse Management Suite, versions prior to WMS 5.1 contain an Authentication Bypass by Spoofing vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Information Disclosure.

Action-Not Available
Vendor-Dell Inc.
Product-wyse_management_suiteWyse Management Suite
CWE ID-CWE-290
Authentication Bypass by Spoofing
CVE-2025-30101
Assigner-Dell
ShareView Details
Assigner-Dell
CVSS Score-4.4||MEDIUM
EPSS-0.02% / 4.14%
||
7 Day CHG~0.00%
Published-08 May, 2025 | 17:44
Updated-16 May, 2025 | 15:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerScale OneFS, versions 9.8.0.0 through 9.10.1.0, contain a time-of-check time-of-use (TOCTOU) race condition vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability, leading to denial of service and information tampering.

Action-Not Available
Vendor-Dell Inc.
Product-powerscale_onefsPowerScale OneFS
CWE ID-CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
CVE-2025-30102
Assigner-Dell
ShareView Details
Assigner-Dell
CVSS Score-5.5||MEDIUM
EPSS-0.02% / 3.23%
||
7 Day CHG~0.00%
Published-08 May, 2025 | 17:40
Updated-16 May, 2025 | 15:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerScale OneFS, versions 9.4.0.0 through 9.10.1.0, contains an out-of-bounds write vulnerability. A local low privileged attacker could potentially exploit this vulnerability, leading to denial of service.

Action-Not Available
Vendor-Dell Inc.
Product-powerscale_onefsPowerScale OneFS
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-22476
Assigner-Dell
ShareView Details
Assigner-Dell
CVSS Score-5.5||MEDIUM
EPSS-0.26% / 49.21%
||
7 Day CHG~0.00%
Published-06 May, 2025 | 16:08
Updated-07 May, 2025 | 14:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Storage Center - Dell Storage Manager, version(s) 20.1.20, contain(s) an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A low privileged attacker with adjacent network access could potentially exploit this vulnerability, leading to Remote execution.

Action-Not Available
Vendor-Dell Inc.
Product-Dell Storage Center - Dell Storage Manager
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2025-22477
Assigner-Dell
ShareView Details
Assigner-Dell
CVSS Score-8.3||HIGH
EPSS-0.12% / 31.34%
||
7 Day CHG~0.00%
Published-06 May, 2025 | 16:03
Updated-13 May, 2025 | 20:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Storage Center - Dell Storage Manager, version(s) 20.1.20, contain(s) an Improper Authentication vulnerability. An unauthenticated attacker with adjacent network access could potentially exploit this vulnerability, leading to Elevation of privileges.

Action-Not Available
Vendor-Dell Inc.
Product-storage_managerDell Storage Center - Dell Storage Manager
CWE ID-CWE-287
Improper Authentication
CVE-2025-22478
Assigner-Dell
ShareView Details
Assigner-Dell
CVSS Score-8.1||HIGH
EPSS-0.09% / 25.63%
||
7 Day CHG~0.00%
Published-06 May, 2025 | 15:55
Updated-13 May, 2025 | 20:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Storage Center - Dell Storage Manager, version(s) 20.1.20, contain(s) an Improper Restriction of XML External Entity Reference vulnerability. An unauthenticated attacker with adjacent network access could potentially exploit this vulnerability, leading to Information disclosure and Information tampering.

Action-Not Available
Vendor-Dell Inc.
Product-storage_managerDell Storage Center - Dell Storage Manager
CWE ID-CWE-611
Improper Restriction of XML External Entity Reference
CVE-2025-22479
Assigner-Dell
ShareView Details
Assigner-Dell
CVSS Score-3.5||LOW
EPSS-0.02% / 3.50%
||
7 Day CHG~0.00%
Published-06 May, 2025 | 15:46
Updated-13 May, 2025 | 20:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Storage Center - Dell Storage Manager, version(s) 20.0.21, contain(s) an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability. An unauthenticated attacker with adjacent network access could potentially exploit this vulnerability, leading to Script injection.

Action-Not Available
Vendor-Dell Inc.
Product-storage_managerDell Storage Center - Dell Storage Manager
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2025-23379
Assigner-Dell
ShareView Details
Assigner-Dell
CVSS Score-3.5||LOW
EPSS-0.04% / 10.18%
||
7 Day CHG~0.00%
Published-06 May, 2025 | 15:25
Updated-13 May, 2025 | 20:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Storage Center - Dell Storage Manager, version(s) 21.0.20, contain(s) an Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability. An unauthenticated attacker with adjacent network access could potentially exploit this vulnerability, leading to Script injection.

Action-Not Available
Vendor-Dell Inc.
Product-storage_managerDell Storage Center - Dell Storage Manager
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-23377
Assigner-Dell
ShareView Details
Assigner-Dell
CVSS Score-4.2||MEDIUM
EPSS-0.01% / 1.88%
||
7 Day CHG~0.00%
Published-28 Apr, 2025 | 14:38
Updated-13 May, 2025 | 13:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerProtect Data Manager Reporting, version(s) 19.17, 19.18 contain(s) an Improper Encoding or Escaping of Output vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability to inject arbitrary web script or html in reporting outputs.

Action-Not Available
Vendor-Dell Inc.
Product-powerprotect_data_managerPowerProtect Data Manager
CWE ID-CWE-116
Improper Encoding or Escaping of Output
CVE-2025-23376
Assigner-Dell
ShareView Details
Assigner-Dell
CVSS Score-2.3||LOW
EPSS-0.03% / 5.10%
||
7 Day CHG~0.00%
Published-28 Apr, 2025 | 14:34
Updated-13 May, 2025 | 13:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerProtect Data Manager Reporting, version(s) 19.16, 19.17, 19.18, contain(s) an Improper Neutralization of Special Elements Used in a Template Engine vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to information disclosure.

Action-Not Available
Vendor-Dell Inc.
Product-powerprotect_data_managerPowerProtect Data Manager Reporting
CWE ID-CWE-1336
Improper Neutralization of Special Elements Used in a Template Engine
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2025-23375
Assigner-Dell
ShareView Details
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.02% / 2.81%
||
7 Day CHG~0.00%
Published-28 Apr, 2025 | 14:28
Updated-13 May, 2025 | 13:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerProtect Data Manager Reporting, version(s) 19.17, contain(s) an Incorrect Use of Privileged APIs vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges.

Action-Not Available
Vendor-Dell Inc.
Product-powerprotect_data_managerPowerProtect Data Manager
CWE ID-CWE-648
Incorrect Use of Privileged APIs
CVE-2025-26477
Assigner-Dell
ShareView Details
Assigner-Dell
CVSS Score-4.3||MEDIUM
EPSS-0.14% / 34.54%
||
7 Day CHG~0.00%
Published-17 Apr, 2025 | 11:45
Updated-01 Aug, 2025 | 21:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell ECS version 3.8.1.4 and prior contain an Improper Input Validation vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Code execution.

Action-Not Available
Vendor-Dell Inc.
Product-elastic_cloud_storageobjectscaleECS
CWE ID-CWE-20
Improper Input Validation
CVE-2025-26478
Assigner-Dell
ShareView Details
Assigner-Dell
CVSS Score-3.1||LOW
EPSS-0.02% / 3.21%
||
7 Day CHG~0.00%
Published-17 Apr, 2025 | 11:37
Updated-01 Aug, 2025 | 20:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell ECS version 3.8.1.4 and prior contain an Improper Certificate Validation vulnerability. An unauthenticated attacker with adjacent network access could potentially exploit this vulnerability, leading to Information disclosure.

Action-Not Available
Vendor-Dell Inc.
Product-elastic_cloud_storageobjectscaleECS
CWE ID-CWE-295
Improper Certificate Validation
CVE-2025-30100
Assigner-Dell
ShareView Details
Assigner-Dell
CVSS Score-6.7||MEDIUM
EPSS-0.02% / 4.35%
||
7 Day CHG~0.00%
Published-16 Apr, 2025 | 01:10
Updated-18 Apr, 2025 | 03:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Alienware Command Center 6.x, versions prior to 6.7.37.0 contain an Improper Access Control Vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges.

Action-Not Available
Vendor-Dell Inc.
Product-Alienware Command Center (AWCC)
CWE ID-CWE-284
Improper Access Control
CVE-2025-29984
Assigner-Dell
ShareView Details
Assigner-Dell
CVSS Score-6.7||MEDIUM
EPSS-0.02% / 3.13%
||
7 Day CHG~0.00%
Published-15 Apr, 2025 | 03:38
Updated-15 Aug, 2025 | 13:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Trusted Device, versions prior to 7.0.3.0, contain an Incorrect Default Permissions vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges.

Action-Not Available
Vendor-Dell Inc.
Product-trusted_device_agentDell Trusted Device Client
CWE ID-CWE-284
Improper Access Control
CVE-2025-29983
Assigner-Dell
ShareView Details
Assigner-Dell
CVSS Score-6.7||MEDIUM
EPSS-0.02% / 3.69%
||
7 Day CHG~0.00%
Published-15 Apr, 2025 | 03:30
Updated-15 Aug, 2025 | 12:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Trusted Device, versions prior to 7.0.3.0, contain an Improper Link Resolution Before File Access ('Link Following') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges.

Action-Not Available
Vendor-Dell Inc.
Product-trusted_device_agentDell Trusted Device Client
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2025-26335
Assigner-Dell
ShareView Details
Assigner-Dell
CVSS Score-5.8||MEDIUM
EPSS-0.05% / 15.63%
||
7 Day CHG~0.00%
Published-11 Apr, 2025 | 01:20
Updated-11 Apr, 2025 | 16:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerProtect Cyber Recovery, versions prior to 19.18.0.2, contains an Insertion of Sensitive Information Into Sent Data vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Information exposure.

Action-Not Available
Vendor-Dell Inc.
Product-PowerProtect Cyber Recovery
CWE ID-CWE-201
Insertion of Sensitive Information Into Sent Data
CVE-2025-26479
Assigner-Dell
ShareView Details
Assigner-Dell
CVSS Score-3.1||LOW
EPSS-0.06% / 17.03%
||
7 Day CHG~0.00%
Published-10 Apr, 2025 | 02:32
Updated-15 Jul, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerScale OneFS, versions 9.4.0.0 through 9.10.0.0, contains an out-of-bounds write vulnerability. An attacker could potentially exploit this vulnerability in NFS workflows, leading to data integrity issues.

Action-Not Available
Vendor-Dell Inc.
Product-powerscale_onefsPowerScale OneFS
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-23378
Assigner-Dell
ShareView Details
Assigner-Dell
CVSS Score-3.3||LOW
EPSS-0.02% / 3.85%
||
7 Day CHG~0.00%
Published-10 Apr, 2025 | 02:26
Updated-15 Jul, 2025 | 16:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerScale OneFS, versions 9.4.0.0 through 9.10.0.0, contains an exposure of information through directory listing vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to information disclosure.

Action-Not Available
Vendor-Dell Inc.
Product-powerscale_onefsPowerScale OneFS
CWE ID-CWE-548
Exposure of Information Through Directory Listing
CVE-2025-26480
Assigner-Dell
ShareView Details
Assigner-Dell
CVSS Score-5.3||MEDIUM
EPSS-0.15% / 36.13%
||
7 Day CHG~0.00%
Published-10 Apr, 2025 | 02:22
Updated-11 Jul, 2025 | 16:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerScale OneFS, versions 9.5.0.0 through 9.10.0.0, contains an uncontrolled resource consumption vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to denial of service.

Action-Not Available
Vendor-Dell Inc.
Product-powerscale_onefsPowerScale OneFS
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2025-22471
Assigner-Dell
ShareView Details
Assigner-Dell
CVSS Score-6.5||MEDIUM
EPSS-0.13% / 32.91%
||
7 Day CHG~0.00%
Published-10 Apr, 2025 | 02:16
Updated-15 Jul, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerScale OneFS, versions 9.4.0.0 through 9.10.0.1, contains an integer overflow or wraparound vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to denial of service.

Action-Not Available
Vendor-Dell Inc.
Product-powerscale_onefsPowerScale OneFS
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2025-26330
Assigner-Dell
ShareView Details
Assigner-Dell
CVSS Score-7||HIGH
EPSS-0.04% / 8.75%
||
7 Day CHG~0.00%
Published-10 Apr, 2025 | 02:10
Updated-15 Jul, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerScale OneFS, versions 9.4.0.0 through 9.10.0.1, contains an incorrect authorization vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability to access the cluster with previous privileges of a disabled user account.

Action-Not Available
Vendor-Dell Inc.
Product-powerscale_onefsPowerScale OneFS
CWE ID-CWE-863
Incorrect Authorization
CVE-2025-27690
Assigner-Dell
ShareView Details
Assigner-Dell
CVSS Score-9.8||CRITICAL
EPSS-0.15% / 36.68%
||
7 Day CHG~0.00%
Published-10 Apr, 2025 | 02:04
Updated-11 Jul, 2025 | 16:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerScale OneFS, versions 9.5.0.0 through 9.10.1.0, contains a use of default password vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to the takeover of a high privileged user account.

Action-Not Available
Vendor-Dell Inc.
Product-powerscale_onefsPowerScale OneFS
CWE ID-CWE-1393
Use of Default Password
CVE-2025-29989
Assigner-Dell
ShareView Details
Assigner-Dell
CVSS Score-3.1||LOW
EPSS-0.02% / 3.79%
||
7 Day CHG~0.00%
Published-10 Apr, 2025 | 01:55
Updated-18 Aug, 2025 | 12:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Client Platform BIOS contains a Security Version Number Mutable to Older Versions vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to BIOS upgrade denial.

Action-Not Available
Vendor-Dell Inc.
Product-precision_7820_tower_firmwareprecision_7920_tower_firmwareprecision_7920_towerprecision_5820_tower_firmwareprecision_7820_towerprecision_7865_towerprecision_5820_towerprecision_7865_tower_firmwareDell Client Platform BIOS
CWE ID-CWE-1328
Security Version Number Mutable to Older Versions
CVE-2025-29988
Assigner-Dell
ShareView Details
Assigner-Dell
CVSS Score-6.9||MEDIUM
EPSS-0.03% / 5.13%
||
7 Day CHG~0.00%
Published-09 Apr, 2025 | 02:25
Updated-10 Apr, 2025 | 03:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Client Platform BIOS contains a Stack-based Buffer Overflow Vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to arbitrary code execution.

Action-Not Available
Vendor-Dell Inc.
Product-Dell Client Platform BIOS
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2025-29985
Assigner-Dell
ShareView Details
Assigner-Dell
CVSS Score-6.5||MEDIUM
EPSS-0.16% / 37.63%
||
7 Day CHG~0.00%
Published-08 Apr, 2025 | 10:44
Updated-15 Jul, 2025 | 16:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Common Event Enabler, version(s) CEE 9.0.0.0, contain(s) an Initialization of a Resource with an Insecure Default vulnerability in the Common Anti-Virus Agent (CAVA). An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Unauthorized access.

Action-Not Available
Vendor-Dell Inc.
Product-common_event_enablerCommon Event Enabler
CWE ID-CWE-1188
Initialization of a Resource with an Insecure Default
CVE-2025-29986
Assigner-Dell
ShareView Details
Assigner-Dell
CVSS Score-8.3||HIGH
EPSS-0.20% / 42.61%
||
7 Day CHG~0.00%
Published-08 Apr, 2025 | 10:40
Updated-15 Jul, 2025 | 16:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Common Event Enabler, version(s) CEE 9.0.0.0, contain(s) an Improper Restriction of Communication Channel to Intended Endpoints vulnerability in the Common Anti-Virus Agent (CAVA). An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Unauthorized access.

Action-Not Available
Vendor-Dell Inc.
Product-common_event_enablerCommon Event Enabler
CWE ID-CWE-923
Improper Restriction of Communication Channel to Intended Endpoints
CVE-2025-27686
Assigner-Dell
ShareView Details
Assigner-Dell
CVSS Score-2.7||LOW
EPSS-0.08% / 23.53%
||
7 Day CHG~0.00%
Published-07 Apr, 2025 | 13:23
Updated-07 Apr, 2025 | 14:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Unisphere for PowerMax, version(s) prior to 10.2.0.9 and PowerMax version(s) prior to PowerMax 9.2.4.15, contain an Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Script injection.

Action-Not Available
Vendor-Dell Inc.
Product-Unisphere for PowerMax
CWE ID-CWE-90
Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')
CVE-2025-29987
Assigner-Dell
ShareView Details
Assigner-Dell
CVSS Score-8.8||HIGH
EPSS-0.12% / 30.95%
||
7 Day CHG~0.00%
Published-03 Apr, 2025 | 15:18
Updated-07 Apr, 2025 | 14:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) versions prior to 8.3.0.15 contain an Insufficient Granularity of Access Control vulnerability. An authenticated user from a trusted remote client could exploit this vulnerability to execute arbitrary commands with root privileges.

Action-Not Available
Vendor-Dell Inc.
Product-DD OS 7.10DD OS 7.13PowerProtect DP Series Appliance (IDPA)DD OS 8.3
CWE ID-CWE-1220
Insufficient Granularity of Access Control
CVE-2025-27692
Assigner-Dell
ShareView Details
Assigner-Dell
CVSS Score-4.7||MEDIUM
EPSS-0.34% / 56.38%
||
7 Day CHG~0.00%
Published-02 Apr, 2025 | 00:24
Updated-11 Jul, 2025 | 18:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Wyse Management Suite, versions prior to WMS 5.1, contains an Unrestricted Upload of File with Dangerous Type vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Denial of service, Information disclosure, and Remote execution

Action-Not Available
Vendor-Dell Inc.
Product-wyse_management_suiteWyse Management Suite Repository
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2025-27693
Assigner-Dell
ShareView Details
Assigner-Dell
CVSS Score-4.9||MEDIUM
EPSS-0.05% / 16.34%
||
7 Day CHG~0.00%
Published-02 Apr, 2025 | 00:19
Updated-11 Jul, 2025 | 18:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Wyse Management Suite, versions prior to WMS 5.1, contains an Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Script injection.

Action-Not Available
Vendor-Dell Inc.
Product-wyse_management_suiteWyse Management Suite
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-27694
Assigner-Dell
ShareView Details
Assigner-Dell
CVSS Score-5.3||MEDIUM
EPSS-0.15% / 36.13%
||
7 Day CHG~0.00%
Published-02 Apr, 2025 | 00:12
Updated-11 Jul, 2025 | 18:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Wyse Management Suite, versions prior to WMS 5.1, contains an Insufficient Resource Pool vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Denial of service.

Action-Not Available
Vendor-Dell Inc.
Product-wyse_management_suiteWyse Management Suite
CWE ID-CWE-410
Insufficient Resource Pool
CVE-2025-29982
Assigner-Dell
ShareView Details
Assigner-Dell
CVSS Score-6.8||MEDIUM
EPSS-0.02% / 3.82%
||
7 Day CHG~0.00%
Published-02 Apr, 2025 | 00:06
Updated-11 Jul, 2025 | 18:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Wyse Management Suite, versions prior to WMS 5.1, contains an Insecure Inherited Permissions vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Unauthorized access.

Action-Not Available
Vendor-Dell Inc.
Product-wyse_management_suiteWyse Management Suite
CWE ID-CWE-277
Insecure Inherited Permissions
CVE-2025-29981
Assigner-Dell
ShareView Details
Assigner-Dell
CVSS Score-7.5||HIGH
EPSS-0.10% / 28.85%
||
7 Day CHG~0.00%
Published-02 Apr, 2025 | 00:01
Updated-11 Jul, 2025 | 18:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Wyse Management Suite, versions prior to WMS 5.1, contains an Exposure of Sensitive Information Through Data Queries vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure.

Action-Not Available
Vendor-Dell Inc.
Product-wyse_management_suiteWyse Management Suite
CWE ID-CWE-202
Exposure of Sensitive Information Through Data Queries
CVE-2025-24381
Assigner-Dell
ShareView Details
Assigner-Dell
CVSS Score-8.8||HIGH
EPSS-0.09% / 27.21%
||
7 Day CHG-0.06%
Published-28 Mar, 2025 | 02:23
Updated-08 Jul, 2025 | 16:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Unity, version(s) 5.4 and prior, contain(s) an URL Redirection to Untrusted Site ('Open Redirect') vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to a targeted application user being redirected to arbitrary web URLs. The vulnerability could be leveraged by attackers to conduct phishing attacks that cause users to divulge sensitive information. Exploitation may allow for session theft.

Action-Not Available
Vendor-Dell Inc.
Product-unity_operating_environmentUnity
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2025-24386
Assigner-Dell
ShareView Details
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.03% / 5.79%
||
7 Day CHG-0.03%
Published-28 Mar, 2025 | 02:19
Updated-08 Jul, 2025 | 16:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Command execution and Elevation of privileges.

Action-Not Available
Vendor-Dell Inc.
Product-unity_operating_environmentUnity
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2025-24377
Assigner-Dell
ShareView Details
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.03% / 5.78%
||
7 Day CHG-0.03%
Published-28 Mar, 2025 | 02:16
Updated-08 Jul, 2025 | 16:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution and Elevation of privileges.

Action-Not Available
Vendor-Dell Inc.
Product-unity_operating_environmentUnity
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2025-24378
Assigner-Dell
ShareView Details
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.03% / 5.79%
||
7 Day CHG-0.03%
Published-28 Mar, 2025 | 02:12
Updated-08 Jul, 2025 | 16:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Command execution and Elevation of privileges.

Action-Not Available
Vendor-Dell Inc.
Product-unity_operating_environmentUnity
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2025-24379
Assigner-Dell
ShareView Details
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.03% / 5.79%
||
7 Day CHG-0.03%
Published-28 Mar, 2025 | 02:09
Updated-08 Jul, 2025 | 16:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Command execution and Elevation of privileges.

Action-Not Available
Vendor-Dell Inc.
Product-unity_operating_environmentUnity
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2025-24380
Assigner-Dell
ShareView Details
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.03% / 5.79%
||
7 Day CHG-0.03%
Published-28 Mar, 2025 | 02:05
Updated-08 Jul, 2025 | 16:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Command execution and Elevation of privileges.

Action-Not Available
Vendor-Dell Inc.
Product-unity_operating_environmentUnity
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2025-23383
Assigner-Dell
ShareView Details
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.03% / 5.79%
||
7 Day CHG-0.03%
Published-28 Mar, 2025 | 02:01
Updated-08 Jul, 2025 | 16:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Command execution and Elevation of privileges.

Action-Not Available
Vendor-Dell Inc.
Product-unity_operating_environmentUnity
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2025-24385
Assigner-Dell
ShareView Details
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.03% / 5.78%
||
7 Day CHG-0.03%
Published-28 Mar, 2025 | 01:57
Updated-08 Jul, 2025 | 16:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution and Elevation of privileges.

Action-Not Available
Vendor-Dell Inc.
Product-unity_operating_environmentUnity
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2024-49601
Assigner-Dell
ShareView Details
Assigner-Dell
CVSS Score-7.3||HIGH
EPSS-0.74% / 71.88%
||
7 Day CHG-0.60%
Published-28 Mar, 2025 | 01:52
Updated-08 Jul, 2025 | 16:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Command execution.

Action-Not Available
Vendor-Dell Inc.
Product-unity_operating_environmentUnity
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2025-24382
Assigner-Dell
ShareView Details
Assigner-Dell
CVSS Score-7.3||HIGH
EPSS-1.57% / 80.77%
||
7 Day CHG-1.97%
Published-28 Mar, 2025 | 01:45
Updated-08 Jul, 2025 | 16:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Command execution.

Action-Not Available
Vendor-Dell Inc.
Product-unity_operating_environmentUnity
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
  • Previous
  • 1
  • 2
  • 3
  • 4
  • ...
  • 39
  • 40
  • Next