Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

Dell

#c550e75a-17ff-4988-97f0-544cde3820fe
PolicyEmail

Short Name

dell

Program Role

CNA

Top Level Root

MITRE Corporation

Security Advisories

View Advisories

Domain

dell.com

Country

USA

Scope

Dell, Dell EMC, and VCE issues only.
Reported CVEsVendorsProductsReports
2284Vulnerabilities found

CVE-2026-56687
Assigner-Dell
ShareView Details
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.10% / 1.25%
||
7 Day CHG~0.00%
Published-15 Jul, 2026 | 17:33
Updated-16 Jul, 2026 | 05:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell ThinOS 10, versions prior to 2605_10.2100, contain an Obsolete Feature in UI vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Unauthorized access.

Action-Not Available
Vendor-Dell Inc.
Product-ThinOS 10
CWE ID-CWE-448
Obsolete Feature in UI
CVE-2026-56087
Assigner-Dell
ShareView Details
Assigner-Dell
CVSS Score-6.1||MEDIUM
EPSS-0.14% / 4.12%
||
7 Day CHG~0.00%
Published-15 Jul, 2026 | 17:28
Updated-15 Jul, 2026 | 20:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell ThinOS 10, versions prior to 2605_10.2100 contain a Protection Mechanism Failure vulnerability. An attacker with physical access could potentially exploit this vulnerability, leading to unauthorized access to encrypted data.

Action-Not Available
Vendor-Dell Inc.
Product-ThinOS 10
CWE ID-CWE-693
Protection Mechanism Failure
CVE-2026-40633
Assigner-Dell
ShareView Details
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.11% / 1.48%
||
7 Day CHG~0.00%
Published-15 Jul, 2026 | 10:07
Updated-15 Jul, 2026 | 16:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerScale OneFS versions 9.5.0.0 through 9.10.1.7, versions 9.11.0.0 through 9.13.0.2 contains an Insertion of Sensitive Information into Log File vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information disclosure.

Action-Not Available
Vendor-Dell Inc.
Product-PowerScale OneFS
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2026-49501
Assigner-Dell
ShareView Details
Assigner-Dell
CVSS Score-6.7||MEDIUM
EPSS-0.10% / 1.29%
||
7 Day CHG~0.00%
Published-15 Jul, 2026 | 10:01
Updated-16 Jul, 2026 | 05:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerScale OneFS versions 9.5.0.0 through 9.10.1.7, and versions 9.11.0.0 through 9.13.0.2 contains an Improper Privilege Management vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges.

Action-Not Available
Vendor-Dell Inc.
Product-powerscale_onefsPowerScale OneFS
CWE ID-CWE-269
Improper Privilege Management
CVE-2026-54470
Assigner-Dell
ShareView Details
Assigner-Dell
CVSS Score-5.3||MEDIUM
EPSS-0.19% / 8.86%
||
7 Day CHG~0.00%
Published-10 Jul, 2026 | 12:20
Updated-16 Jul, 2026 | 18:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Unisphere for PowerMax, version(s) 10.3.0.5 and prior contain(s) an Improper Restriction of XML External Entity Reference vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Unauthorized access.

Action-Not Available
Vendor-Dell Inc.
Product-unisphere_for_powermaxUnisphere for PowerMax
CWE ID-CWE-611
Improper Restriction of XML External Entity Reference
CVE-2026-54469
Assigner-Dell
ShareView Details
Assigner-Dell
CVSS Score-8.8||HIGH
EPSS-0.45% / 36.53%
||
7 Day CHG+0.01%
Published-10 Jul, 2026 | 12:14
Updated-16 Jul, 2026 | 18:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Unisphere for PowerMax, version(s) 10.3.0.5 and prior, contain(s) a Deserialization of Untrusted Data vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to arbitrary command execution with root privileges.

Action-Not Available
Vendor-Dell Inc.
Product-unisphere_for_powermaxUnisphere for PowerMax
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2026-54468
Assigner-Dell
ShareView Details
Assigner-Dell
CVSS Score-6.5||MEDIUM
EPSS-0.30% / 22.16%
||
7 Day CHG+0.01%
Published-10 Jul, 2026 | 12:09
Updated-16 Jul, 2026 | 16:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Unisphere for PowerMax, version(s) 10.3.0.5 and prior, contain(s) a path traversal vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability to read arbitrary files.

Action-Not Available
Vendor-Dell Inc.
Product-unisphere_for_powermaxUnisphere for PowerMax
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2026-56688
Assigner-Dell
ShareView Details
Assigner-Dell
CVSS Score-9.1||CRITICAL
EPSS-1.29% / 66.91%
||
7 Day CHG~0.00%
Published-10 Jul, 2026 | 11:57
Updated-16 Jul, 2026 | 16:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerFlex Manager, Version prior to 5.1.0.1, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability during OS Repository processing to achieve arbitrary command execution as root, potentially leading to full appliance compromise and lateral movement into managed infrastructure.

Action-Not Available
Vendor-Dell Inc.
Product-powerflex_managerPowerFlex Manager
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2026-56689
Assigner-Dell
ShareView Details
Assigner-Dell
CVSS Score-7.7||HIGH
EPSS-0.22% / 12.49%
||
7 Day CHG+0.01%
Published-10 Jul, 2026 | 11:51
Updated-16 Jul, 2026 | 16:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerFlex Manager, Version prior to 5.1.0.1, contain(s) an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Information exposure.

Action-Not Available
Vendor-Dell Inc.
Product-powerflex_managerPowerFlex Manager
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2026-56690
Assigner-Dell
ShareView Details
Assigner-Dell
CVSS Score-8.5||HIGH
EPSS-0.24% / 14.49%
||
7 Day CHG+0.01%
Published-10 Jul, 2026 | 11:43
Updated-16 Jul, 2026 | 16:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerFlex Manager, Version prior to 5.1.0.1, contain(s) an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure, Information exposure, and Unauthorized access.

Action-Not Available
Vendor-Dell Inc.
Product-powerflex_managerPowerFlex Manager
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2026-53480
Assigner-Dell
ShareView Details
Assigner-Dell
CVSS Score-2.7||LOW
EPSS-0.26% / 17.80%
||
7 Day CHG~0.00%
Published-08 Jul, 2026 | 13:44
Updated-08 Jul, 2026 | 20:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an improper limitation of a pathname to a restricted directory ('path traversal') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to unauthorized file modification.

Action-Not Available
Vendor-Dell Inc.
Product-data_domain_operating_systemPowerProtect Data Domain
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2026-53482
Assigner-Dell
ShareView Details
Assigner-Dell
CVSS Score-7.5||HIGH
EPSS-0.34% / 26.03%
||
7 Day CHG~0.00%
Published-08 Jul, 2026 | 13:39
Updated-09 Jul, 2026 | 15:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an Integer overflow or wraparound vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to denial of service.

Action-Not Available
Vendor-Dell Inc.
Product-data_domain_operating_systemPowerProtect Data Domain
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2026-56086
Assigner-Dell
ShareView Details
Assigner-Dell
CVSS Score-8.8||HIGH
EPSS-0.29% / 20.58%
||
7 Day CHG~0.00%
Published-08 Jul, 2026 | 13:34
Updated-09 Jul, 2026 | 04:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an Incorrect Authorization vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to unauthorized access.

Action-Not Available
Vendor-Dell Inc.
Product-data_domain_operating_systemPowerProtect Data Domain
CWE ID-CWE-863
Incorrect Authorization
CVE-2026-41122
Assigner-Dell
ShareView Details
Assigner-Dell
CVSS Score-7.1||HIGH
EPSS-0.20% / 10.20%
||
7 Day CHG~0.00%
Published-08 Jul, 2026 | 13:26
Updated-08 Jul, 2026 | 20:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain a stored cross-site scripting vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability. Exploitation may lead to information disclosure, session theft, or client-side request forgery.

Action-Not Available
Vendor-Dell Inc.
Product-data_domain_operating_systemPowerProtect Data Domain
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2026-53479
Assigner-Dell
ShareView Details
Assigner-Dell
CVSS Score-7.2||HIGH
EPSS-1.20% / 64.62%
||
7 Day CHG~0.00%
Published-07 Jul, 2026 | 13:07
Updated-08 Jul, 2026 | 19:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an improper neutralization of special elements used in an OS command ('OS command Injection') vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to protection mechanism bypass. This is a Critical vulnerability as it allows an attacker to invoke arbitrary command execution with root privileges; so Dell recommends customers to upgrade at the earliest opportunity.

Action-Not Available
Vendor-Dell Inc.
Product-data_domain_operating_systemPowerProtect Data Domain
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2026-53481
Assigner-Dell
ShareView Details
Assigner-Dell
CVSS Score-9.8||CRITICAL
EPSS-0.63% / 46.23%
||
7 Day CHG~0.00%
Published-07 Jul, 2026 | 13:02
Updated-08 Jul, 2026 | 19:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to unauthorized access to the system. This is a critical severity vulnerability as it allows an attacker to take complete control of system; so Dell recommends customers to upgrade at the earliest opportunity.

Action-Not Available
Vendor-Dell Inc.
Product-data_domain_operating_systemPowerProtect Data Domain
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2026-53483
Assigner-Dell
ShareView Details
Assigner-Dell
CVSS Score-9.8||CRITICAL
EPSS-0.62% / 45.97%
||
7 Day CHG~0.00%
Published-07 Jul, 2026 | 12:57
Updated-08 Jul, 2026 | 19:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 an improper authentication vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to unauthorized access. This is a critical severity vulnerability as it allows an attacker to take complete control of system; so Dell recommends customers to upgrade at the earliest opportunity.

Action-Not Available
Vendor-Dell Inc.
Product-data_domain_operating_systemPowerProtect Data Domain
CWE ID-CWE-287
Improper Authentication
CVE-2026-49813
Assigner-Dell
ShareView Details
Assigner-Dell
CVSS Score-6.7||MEDIUM
EPSS-0.46% / 37.04%
||
7 Day CHG~0.00%
Published-03 Jul, 2026 | 14:18
Updated-08 Jul, 2026 | 19:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an improper neutralization of special elements used in an OS command ('OS command Injection') vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to arbitrary command execution.

Action-Not Available
Vendor-Dell Inc.
Product-data_domain_operating_systemPowerProtect Data Domain
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2026-49814
Assigner-Dell
ShareView Details
Assigner-Dell
CVSS Score-7.2||HIGH
EPSS-1.22% / 65.18%
||
7 Day CHG~0.00%
Published-03 Jul, 2026 | 14:13
Updated-08 Jul, 2026 | 19:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to arbitrary command execution.

Action-Not Available
Vendor-Dell Inc.
Product-data_domain_operating_systemPowerProtect Data Domain
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2026-49815
Assigner-Dell
ShareView Details
Assigner-Dell
CVSS Score-7.2||HIGH
EPSS-1.10% / 61.86%
||
7 Day CHG~0.00%
Published-03 Jul, 2026 | 14:09
Updated-08 Jul, 2026 | 19:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an improper neutralization of special Elements used in an OS command ('OS command Injection') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to execution of arbitrary OS commands.

Action-Not Available
Vendor-Dell Inc.
Product-data_domain_operating_systemPowerProtect Data Domain
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2026-53478
Assigner-Dell
ShareView Details
Assigner-Dell
CVSS Score-7.2||HIGH
EPSS-1.22% / 65.18%
||
7 Day CHG~0.00%
Published-03 Jul, 2026 | 14:03
Updated-08 Jul, 2026 | 19:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an improper neutralization of special elements used in an OS command ('OS command Injection') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to command execution.

Action-Not Available
Vendor-Dell Inc.
Product-data_domain_operating_systemPowerProtect Data Domain
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2026-46463
Assigner-Dell
ShareView Details
Assigner-Dell
CVSS Score-6.5||MEDIUM
EPSS-0.24% / 15.46%
||
7 Day CHG~0.00%
Published-03 Jul, 2026 | 13:42
Updated-08 Jul, 2026 | 19:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an integer overflow or wraparound vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to denial of service.

Action-Not Available
Vendor-Dell Inc.
Product-data_domain_operating_systemPowerProtect Data Domain
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2026-46464
Assigner-Dell
ShareView Details
Assigner-Dell
CVSS Score-4.9||MEDIUM
EPSS-0.42% / 34.29%
||
7 Day CHG~0.00%
Published-03 Jul, 2026 | 13:32
Updated-08 Jul, 2026 | 19:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an improper link resolution before file access ('Link following') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to information disclosure.

Action-Not Available
Vendor-Dell Inc.
Product-data_domain_operating_systemPowerProtect Data Domain
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2026-46465
Assigner-Dell
ShareView Details
Assigner-Dell
CVSS Score-5.5||MEDIUM
EPSS-0.24% / 14.79%
||
7 Day CHG~0.00%
Published-03 Jul, 2026 | 13:16
Updated-08 Jul, 2026 | 19:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an use of externally-controlled format string vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure and denial of service.

Action-Not Available
Vendor-Dell Inc.
Product-data_domain_operating_systemPowerProtect Data Domain
CWE ID-CWE-134
Use of Externally-Controlled Format String
CVE-2026-46466
Assigner-Dell
ShareView Details
Assigner-Dell
CVSS Score-2.7||LOW
EPSS-0.11% / 1.48%
||
7 Day CHG~0.00%
Published-03 Jul, 2026 | 13:10
Updated-08 Jul, 2026 | 19:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an use of less trusted source vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to information tampering.

Action-Not Available
Vendor-Dell Inc.
Product-data_domain_operating_systemPowerProtect Data Domain
CWE ID-CWE-348
Use of Less Trusted Source
CVE-2026-46467
Assigner-Dell
ShareView Details
Assigner-Dell
CVSS Score-5.8||MEDIUM
EPSS-0.08% / 0.40%
||
7 Day CHG~0.00%
Published-03 Jul, 2026 | 13:04
Updated-08 Jul, 2026 | 19:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an insertion of sensitive information into log file vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to information exposure.

Action-Not Available
Vendor-Dell Inc.
Product-data_domain_operating_systemPowerProtect Data Domain
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2026-46468
Assigner-Dell
ShareView Details
Assigner-Dell
CVSS Score-4.4||MEDIUM
EPSS-0.13% / 3.21%
||
7 Day CHG~0.00%
Published-03 Jul, 2026 | 12:58
Updated-08 Jul, 2026 | 19:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an improper link resolution before file access ('Link following') vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to information exposure.

Action-Not Available
Vendor-Dell Inc.
Product-data_domain_operating_systemPowerProtect Data Domain
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2026-46730
Assigner-Dell
ShareView Details
Assigner-Dell
CVSS Score-4.2||MEDIUM
EPSS-0.12% / 1.92%
||
7 Day CHG~0.00%
Published-03 Jul, 2026 | 12:54
Updated-08 Jul, 2026 | 19:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an incorrect authorization vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to unauthorized command execution.

Action-Not Available
Vendor-Dell Inc.
Product-data_domain_operating_systemPowerProtect Data Domain
CWE ID-CWE-863
Incorrect Authorization
CVE-2026-56085
Assigner-Dell
ShareView Details
Assigner-Dell
CVSS Score-3.3||LOW
EPSS-0.10% / 0.82%
||
7 Day CHG~0.00%
Published-03 Jul, 2026 | 12:46
Updated-08 Jul, 2026 | 19:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an use of uninitialized resource vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to information exposure.

Action-Not Available
Vendor-Dell Inc.
Product-data_domain_operating_systemPowerProtect Data Domain
CWE ID-CWE-908
Use of Uninitialized Resource
CVE-2026-26355
Assigner-Dell
ShareView Details
Assigner-Dell
CVSS Score-6.5||MEDIUM
EPSS-1.05% / 60.53%
||
7 Day CHG~0.00%
Published-03 Jul, 2026 | 12:41
Updated-08 Jul, 2026 | 19:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an improper neutralization of special Elements used in an OS command ('OS command Injection') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to command execution.

Action-Not Available
Vendor-Dell Inc.
Product-data_domain_operating_systemPowerProtect Data Domain
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2026-54483
Assigner-Dell
ShareView Details
Assigner-Dell
CVSS Score-6.7||MEDIUM
EPSS-0.45% / 36.42%
||
7 Day CHG~0.00%
Published-03 Jul, 2026 | 12:34
Updated-08 Jul, 2026 | 19:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an improper neutralization of special elements used in an OS command ('OS command Injection') vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Command execution.

Action-Not Available
Vendor-Dell Inc.
Product-data_domain_operating_systemPowerProtect Data Domain
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2026-41123
Assigner-Dell
ShareView Details
Assigner-Dell
CVSS Score-4.3||MEDIUM
EPSS-0.15% / 4.81%
||
7 Day CHG~0.00%
Published-03 Jul, 2026 | 12:25
Updated-08 Jul, 2026 | 19:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an improper access control vulnerability in the RBAC. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to information tampering.

Action-Not Available
Vendor-Dell Inc.
Product-data_domain_operating_systemPowerProtect Data Domain
CWE ID-CWE-284
Improper Access Control
CVE-2026-41124
Assigner-Dell
ShareView Details
Assigner-Dell
CVSS Score-2.3||LOW
EPSS-0.13% / 2.71%
||
7 Day CHG~0.00%
Published-03 Jul, 2026 | 12:19
Updated-08 Jul, 2026 | 19:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an Improper limitation of a pathname to a restricted directory ('path traversal') vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Information exposure.

Action-Not Available
Vendor-Dell Inc.
Product-data_domain_operating_systemPowerProtect Data Domain
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2026-44268
Assigner-Dell
ShareView Details
Assigner-Dell
CVSS Score-4.4||MEDIUM
EPSS-0.10% / 1.24%
||
7 Day CHG~0.00%
Published-03 Jul, 2026 | 12:15
Updated-08 Jul, 2026 | 19:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an incorrect permission Assignment for critical resource vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to unauthorized access.

Action-Not Available
Vendor-Dell Inc.
Product-data_domain_operating_systemPowerProtect Data Domain
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2026-44269
Assigner-Dell
ShareView Details
Assigner-Dell
CVSS Score-4.4||MEDIUM
EPSS-0.13% / 3.21%
||
7 Day CHG~0.00%
Published-03 Jul, 2026 | 12:09
Updated-08 Jul, 2026 | 19:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an improper link resolution before file access ('link following') vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to unauthorized access.

Action-Not Available
Vendor-Dell Inc.
Product-data_domain_operating_systemPowerProtect Data Domain
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2026-35159
Assigner-Dell
ShareView Details
Assigner-Dell
CVSS Score-5.3||MEDIUM
EPSS-0.16% / 5.59%
||
7 Day CHG~0.00%
Published-03 Jul, 2026 | 08:08
Updated-07 Jul, 2026 | 02:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Client Platform BIOS contains an Authentication Bypass by Primary Weakness vulnerability. An unauthenticated attacker with physical access could potentially exploit this vulnerability, leading to Information Disclosure.

Action-Not Available
Vendor-Dell Inc.
Product-Vostro 15 3510OptiPlex 5090 Micro / OptiPlex 5090 Small Form Factor / OptiPlex 5090 TowerOptiPlex 3090 UltraPro 13 Premium PA13250Precision 7680Latitude 9420Inspiron 3030SChengMing 3910/3911Pro Rugged 10 TabletsInspiron 16 7630 2-in-1Precision 3460 XE Small Form Factor / Precision 3460 Small Form FactorLatitude 7420Latitude 5521Latitude 7320 DetachableLatitude 3320Inspiron 14 Plus 7420Pro Slim Essential QVS1260Precision 3490Precision 3591Vostro 14 3430Inspiron 27 7730 All-in-OneOptiPlex AIO 7420Inspiron 5410 All-in-OneVostro 3030Vostro 5620Pro Slim Plus QBS1250/Pro Slim QCS1250Inspiron 16 Plus 7630Pro Tower Plus QBT1250 / Pro Tower QCT1250Pro 16 Plus PB16255Latitude 9520OptiPlex 5000 Micro / OptiPlex 5000 Small Form Factor / OptiPlex 5000 TowerVostro 3910XPS 17 9720Latitude 7320Latitude 5540OptiPlex Micro 7010 / OptiPlex Micro Plus 7010Pro Micro/Micro Plus QCM1250/QBM1250Latitude 7440Precision 5490Latitude 7350Alienware m15 R6G15 5511Precision 7760Latitude 5340OptiPlex 7490 AIO16 Plus 2-in-1 DB06250Precision 3450Alienware X16 R2Pro Laptop PC1425024 All-in-One EC24250G15 5510Pro Micro Plus QBM1250 / Pro Micro QCM1250Pro 14 PC14250Slim ECS1250Precision 3560Pro Max 14 MC14250Inspiron 14 Plus 7430Latitude 5450ChengMing 3900Latitude 5430Pro Tower Plus QBT1250/Pro Tower QCT1250Pro 16 PC16250Alienware m18 R1Alienware x16 R1Precision 3581Inspiron 3020 DesktopAlienware 16 Aurora AC16250G15 5530PC16255Inspiron 16 5620OptiPlex SFF 7020Latitude 5320Inspiron 3020 SInspiron 13 5330Dell 14 DC14250Alienware 18 Area-51 AA18250Inspiron 15 3511Alienware Area-51 AAT2250Pro Rugged 14 RB14250Latitude 7030 Rugged ExtremePrecision 7875 TowerInspiron 14 5440OptiPlex 7090 UltraPrecision 3570Inspiron 14 5430XPS 14 9440Tower ECT1250XPS 13 9315Precision 3280 CFFPro 14 Premium PA14250Precision 3561Latitude 7450Precision 3680 TowerPro Tower Essential QVT1260Latitude 535014 Plus DB14250PC14255Pro Precision 7 T1Pro 14 Plus PB1425515 DC15250Precision 5470Precision Tower 7865Latitude 5530Alienware 16X Aurora AC16251Latitude 7230 Rugged ExtremeInspiron 16 Plus 7620OptiPlex 7000 OEM MT+Inspiron 16 5640Precision 3480Pro Slim / QCS1255OptiPlex Tower 7020Precision 3580Precision 7560Pro 14 Essential PV14250XPS 13 Plus 9320Latitude 9450Pro 13 Plus PB13250Precision 5680Alienware M18 R2Inspiron 14 5420Inspiron 7710 All-in-OnePrecision 3590Alienware m16 R1OptiPlex 7000 Micro / OptiPlex 7000 Small Form Factor / OptiPlex 7000 Tower / OptiPlex 7000 XE MicroPro Max 16 MC16255G16 7630XPS 9320Pro Laptop PC16250Latitude 7330XPS 15 9530Latitude 3340Latitude 9430OptiPlex XE4 SFFVostro 16 5640XPS 13 9340Latitude 5531XPS 14 (14 Premium) DA14250OptiPlex 3000 Micro / OptiPlex 3000 Small Form Factor / OptiPlex 3000 TowerOptiPlex 7090 TowerPro Slim Plus QBS1250 / Pro Slim QCS1250Inspiron 24 5420 All-in-OneLatitude 7430Pro 14 Plus PB14250Precision 5480Latitude 5421Precision 5570OptiPlex 5400 All-In-OneVostro 16 563016 Plus DB16250Pro Micro / QCM1255Latitude 9440 2-in-1Precision 7960 TowerInspiron 15 3520Alienware m16 R2Inspiron 16 7640 2-in-127 All-in-One EC27250Precision 5560Inspiron 16 5630Precision 7770Pro Max Tower T2 FCT2250Precision 3260 XE Compact / Precision 3260 CompactLatitude 5430 Rugged Laptop14 Plus 2-in-1 DB04250Inspiron 3030Pro Tower / QCT1255Vostro 14 3440Vostro 3020 Small DesktopPro 24 All-In-One Plus QB24250 / Pro 24 All-In-One QC24250 / Pro 24 All-In-One QC24251Latitude 7340Latitude 7330 Rugged LaptopXPS 16 9640G15 5520Precision 5690Vostro 3020 Tower DesktopOptiPlex 5490 AIOVostro 5890Precision 3650 MTLatitude 5550G16 7620Precision 5770Pro Rugged 12 TabletInspiron 24 5430 All-in-OneLatitude 5431Inspiron 27 7720 All-in-OneInspiron 14 Plus 7440Latitude 7530Alienware x14 R2Pro Rugged 13 RA13250Pro Max 14 MC14255XPS 17 9730Pro Max 16 MC16250Precision 3660Alienware Aurora ACT1250Latitude 7640Alienware 16 Area-51 AA16250Inspiron 16 Plus 7640Latitude 9330XPS 13 9350Precision 7670Pro Max Slim FCS1250Precision 5860 TowerVostro 14 3420Precision 3571Vostro 15 3530Pro Max Micro FCM2250Inspiron 14 7430 2-in-1OptiPlex Micro 7020Pro 16 Plus PB16250Precision 3470Vostro 15 3520Vostro 3030SXPS 15 9510Pro 13 Plus PB13255Precision 7780OptiPlex 3000 Thin ClientVostro 7620Alienware m15 R7Latitude 5520Latitude 7650XPS 15 9520Latitude 5330OptiPlex Tower 7010 / OptiPlex Tower Plus 7010Inspiron 15 3530XPS 16 (16 Premium) DA16250OptiPlex All-in-One 7410Latitude 7520OptiPlex Small Form Factor 7010 / OptiPlex Small Form Factor Plus 7010OptiPlex 7400 All-In-OneInspiron 14 7440 2-in-1Latitude 5440
CWE ID-CWE-305
Authentication Bypass by Primary Weakness
CVE-2026-41121
Assigner-Dell
ShareView Details
Assigner-Dell
CVSS Score-7.3||HIGH
EPSS-0.12% / 2.48%
||
7 Day CHG~0.00%
Published-01 Jul, 2026 | 18:48
Updated-06 Jul, 2026 | 20:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Device Management Agent, versions prior to DDMA 26.05, contain an Improper Link Resolution Before File Access ('Link Following’) vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of Privileges.

Action-Not Available
Vendor-Dell Inc.
Product-device_management_agentDevice Management Agent
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2026-40711
Assigner-Dell
ShareView Details
Assigner-Dell
CVSS Score-8||HIGH
EPSS-0.95% / 57.42%
||
7 Day CHG~0.00%
Published-26 Jun, 2026 | 12:31
Updated-26 Jun, 2026 | 14:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Dell Container Storage Modules, version(s) csi-powerstore v2.16.0, csi-unity v2.16.0, csi-powerflex v2.16.0, csi-powermax v2.16.0, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Command execution.

Action-Not Available
Vendor-Dell Inc.
Product-Container Storage Modules
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2026-46735
Assigner-Dell
ShareView Details
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.69% / 48.79%
||
7 Day CHG~0.00%
Published-25 Jun, 2026 | 13:48
Updated-25 Jun, 2026 | 19:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Display and Peripheral Manager (DDPM Mac), versions prior to 2.3, contain an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Command execution.

Action-Not Available
Vendor-Dell Inc.
Product-Display and Peripheral Manager
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2026-46734
Assigner-Dell
ShareView Details
Assigner-Dell
CVSS Score-7.3||HIGH
EPSS-0.06% / 0.02%
||
7 Day CHG~0.00%
Published-25 Jun, 2026 | 13:43
Updated-10 Jul, 2026 | 14:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Display and Peripheral Manager (DDPM Mac), versions prior to 2.3, contain an Improper Certificate Validation vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Protection mechanism bypass.

Action-Not Available
Vendor-Dell Inc.
Product-display_and_peripheral_managerDisplay and Peripheral Manager
CWE ID-CWE-295
Improper Certificate Validation
CVE-2026-46732
Assigner-Dell
ShareView Details
Assigner-Dell
CVSS Score-6.7||MEDIUM
EPSS-0.07% / 0.11%
||
7 Day CHG~0.00%
Published-25 Jun, 2026 | 13:36
Updated-10 Jul, 2026 | 14:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Display and Peripheral Manager (DDPM Mac), versions prior to 2.3, contain a Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of Privileges.

Action-Not Available
Vendor-Dell Inc.
Product-display_and_peripheral_managerDisplay and Peripheral Manager
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2026-41120
Assigner-Dell
ShareView Details
Assigner-Dell
CVSS Score-9.8||CRITICAL
EPSS-0.26% / 16.97%
||
7 Day CHG~0.00%
Published-25 Jun, 2026 | 13:28
Updated-26 Jun, 2026 | 19:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Wyse Management Suite, versions prior to WMS 5.5 HF1, contain an Acceptance of Extraneous Untrusted Data With Trusted Data vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Remote Code Execution.

Action-Not Available
Vendor-Dell Inc.
Product-wyse_management_suiteWyse Management Suite
CWE ID-CWE-349
Acceptance of Extraneous Untrusted Data With Trusted Data
CVE-2026-49506
Assigner-Dell
ShareView Details
Assigner-Dell
CVSS Score-7.2||HIGH
EPSS-0.55% / 42.22%
||
7 Day CHG~0.00%
Published-25 Jun, 2026 | 13:23
Updated-26 Jun, 2026 | 19:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Wyse Management Suite, versions prior to WMS 5.5 HF1, contain an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Remote Code Execution.

Action-Not Available
Vendor-Dell Inc.
Product-wyse_management_suiteWyse Management Suite
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2026-46733
Assigner-Dell
ShareView Details
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.10% / 1.11%
||
7 Day CHG~0.00%
Published-25 Jun, 2026 | 13:17
Updated-10 Jul, 2026 | 14:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Display and Peripheral Manager (DDPM Windows), versions prior to 2.3, contain an Improper Access Control vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution.

Action-Not Available
Vendor-Dell Inc.
Product-display_and_peripheral_managerDisplay and Peripheral Manager
CWE ID-CWE-284
Improper Access Control
CVE-2026-44271
Assigner-Dell
ShareView Details
Assigner-Dell
CVSS Score-8.1||HIGH
EPSS-0.25% / 16.23%
||
7 Day CHG~0.00%
Published-22 Jun, 2026 | 19:00
Updated-26 Jun, 2026 | 19:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Wyse Management Suite (WMS), versions prior to WMS 2605, contain an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Unauthorized access.

Action-Not Available
Vendor-Dell Inc.
Product-wyse_management_suiteWyse Management Suite (WMS)
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2026-44272
Assigner-Dell
ShareView Details
Assigner-Dell
CVSS Score-8.8||HIGH
EPSS-0.25% / 16.23%
||
7 Day CHG~0.00%
Published-22 Jun, 2026 | 18:56
Updated-26 Jun, 2026 | 19:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Wyse Management Suite (WMS), versions prior to WMS 2605, contain an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Unauthorized access.

Action-Not Available
Vendor-Dell Inc.
Product-wyse_management_suiteWyse Management Suite (WMS)
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2026-44273
Assigner-Dell
ShareView Details
Assigner-Dell
CVSS Score-6||MEDIUM
EPSS-0.10% / 1.22%
||
7 Day CHG~0.00%
Published-22 Jun, 2026 | 18:51
Updated-26 Jun, 2026 | 19:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Wyse Management Suite (WMS), versions prior to WMS 2605, contain a Use of Default Credentials vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Information Disclosure.

Action-Not Available
Vendor-Dell Inc.
Product-wyse_management_suiteWyse Management Suite (WMS)
CWE ID-CWE-1392
Use of Default Credentials
CVE-2026-44274
Assigner-Dell
ShareView Details
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.13% / 2.74%
||
7 Day CHG~0.00%
Published-22 Jun, 2026 | 18:47
Updated-26 Jun, 2026 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Wyse Management Suite (WMS), versions prior to WMS 2605, contain an Improper Link Resolution Before File Access vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Unauthorized access.

Action-Not Available
Vendor-Dell Inc.
Product-wyse_management_suiteWyse Management Suite (WMS)
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2026-46461
Assigner-Dell
ShareView Details
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.10% / 1.06%
||
7 Day CHG~0.00%
Published-19 Jun, 2026 | 07:46
Updated-26 Jun, 2026 | 21:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Server Hardware Manager, versions prior to 3.2.2, contains an Improper Access Control vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges.

Action-Not Available
Vendor-Dell Inc.
Product-server_hardware_managerServer Hardware Manager
CWE ID-CWE-284
Improper Access Control
CVE-2026-32652
Assigner-Dell
ShareView Details
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.10% / 0.95%
||
7 Day CHG~0.00%
Published-17 Jun, 2026 | 15:29
Updated-23 Jun, 2026 | 13:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell AIOps Collector versions prior to 1.18.3 contain a "Use of Default Credentials" vulnerability. A low privileged attacker with console access could potentially exploit this vulnerability to gain Filesystem access. This vulnerability only affects fresh installations of Collector versions earlier than 1.18.3. Systems that have been upgraded (either manually or automatically) to version 1.18.3 or later are not impacted, even if they were originally installed on an earlier version.

Action-Not Available
Vendor-Dell Inc.
Product-aiops_collectorAIOps
CWE ID-CWE-1392
Use of Default Credentials
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 45
  • 46
  • Next