VYPR

Vendor CVEs

Dell

All CVEs

1,538 total · sorted by risk
  • CVE-2026-27105MedApr 29, 2026
    risk 0.41cvss 6.3epss 0.00

    Dell/Alienware Purchased Apps, versions prior to 1.1.31.0, contain an Improper Link Resolution Before File Access ('Link Following') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Arbitrary File Write

  • CVE-2026-35154MedApr 20, 2026
    risk 0.41cvss 6.3epss 0.00

    Dell PowerProtect Data Domain appliances, versions 7.7.1.0 through 8.7.0.0, LTS2025 release versions 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60 contain an improper privilege management vulnerability. A high privileged attacker with local…

  • CVE-2026-40713MedJun 2, 2026
    risk 0.40cvss 6.1epss 0.00

    Dell ThinOS 10, versions prior to ThinOS10 2602_10.0765, contain an Improper Access control vulnerability. An unauthenticated attacker with physical access could potentially exploit this vulnerability, leading to Information exposure.

  • CVE-2025-26483MedMay 22, 2026
    risk 0.40cvss 6.1epss 0.00

    Dell PowerFlex Manager, versions 4.6.2 and prior, contains an Open Redirect Vulnerability. An unauthenticated attacker could potentially exploit this vulnerability, leading to a targeted application user being redirected to arbitrary web URLs. The vulnerability could be…

  • CVE-2025-46606MedApr 17, 2026
    risk 0.40cvss 6.2epss 0.00

    Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 8.4 through 8.5 contain an improper restriction of excessive authentication attempts vulnerability. A high privileged attacker with remote access could potentially exploit this…

  • CVE-2025-46605MedApr 17, 2026
    risk 0.40cvss 6.2epss 0.00

    Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 8.4 through 8.5 contain a session fixation vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to unauthorized…

  • CVE-2017-14386MedDec 7, 2017
    risk 0.40cvss 6.1epss 0.01

    The web user interface of Dell 2335dn and 2355dn Multifunction Laser Printers, firmware versions prior to V2.70.06.26 A13 and V2.70.45.34 A10 respectively, are affected by a cross-site scripting vulnerability. Attackers could potentially exploit this vulnerability to execute…

  • CVE-2015-7275MedApr 10, 2017
    risk 0.40cvss 6.1epss 0.01

    Dell Integrated Remote Access Controller (iDRAC) 6 before 2.85 and 7/8 before 2.30.30.30 has XSS.

  • CVE-2026-28262MedJun 9, 2026
    risk 0.39cvss 6.0epss 0.00

    Dell iDRAC Tools, versions prior to 11.4.1.0, contains an Improper Link Resolution Before File Access ('Link Following') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information tampering.

  • CVE-2016-0887MedApr 12, 2016
    risk 0.39cvss 5.9epss 0.04

    EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x and 4.1.x before 4.1.5, RSA BSAFE Crypto-C Micro Edition (CCME) 4.0.x and 4.1.x before 4.1.3, RSA BSAFE Crypto-J before 6.2.1, RSA BSAFE SSL-J before 6.2.1, and RSA BSAFE SSL-C before 2.8.9 allow remote attackers to discover a…

  • CVE-2015-2890MedAug 1, 2015
    risk 0.39cvss 6.0epss 0.01

    The BIOS implementation on Dell Latitude, OptiPlex, Precision Mobile Workstation, and Precision Workstation Client Solutions (CS) devices with model-dependent firmware before A21 does not enforce a BIOS_CNTL locking protection mechanism upon being woken from sleep, which allows…

  • CVE-2022-31231MedMay 22, 2026
    risk 0.38cvss 5.9epss 0.00

    Dell ECS, versions 3.5 and 3.6, contain an Improper Access Control in the Identity and Access Management (IAM) module. A remote unauthenticated attacker may potentially exploit this vulnerability, leading to gaining read access to unauthorized data.

  • CVE-2026-35157MedMay 11, 2026
    risk 0.38cvss 5.8epss 0.00

    Dell ECS versions 3.8.1.0 through 3.8.1.7 and Dell ObjectScale versions prior to 4.3.0.0, contains an improper neutralization of formula elements in a CSV File vulnerability in the UI. An unauthenticated attacker with remote access could potentially exploit this vulnerability,…

  • CVE-2026-28263MedApr 17, 2026
    risk 0.38cvss 5.9epss 0.00

    Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.5, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.50, contain a cross-site Scripting vulnerability. A high…

  • CVE-2018-11070MedSep 11, 2018
    risk 0.38cvss 5.9epss 0.02

    RSA BSAFE Crypto-J versions prior to 6.2.4 and RSA BSAFE SSL-J versions prior to 6.2.4 contain a Covert Timing Channel vulnerability during PKCS #1 unpadding operations, also known as a Bleichenbacher attack. A remote attacker may be able to recover a RSA key.

  • CVE-2016-1346MedApr 6, 2016
    risk 0.38cvss 5.9epss 0.02

    The kernel in Cisco TelePresence Server 3.0 through 4.2(4.18) on Mobility Services Engine (MSE) 8710 devices allows remote attackers to cause a denial of service (panic and reboot) via a crafted sequence of IPv6 packets, aka Bug ID CSCuu46673.

  • CVE-2026-40639MedJun 9, 2026
    risk 0.37cvss 5.7epss 0.00

    Dell Client Platform BIOS contains a Weak Encoding for Password vulnerability. An unauthenticated attacker with physical access could potentially exploit this vulnerability, leading to Elevation of Privileges.

  • CVE-2025-32751MedMay 22, 2026
    risk 0.36cvss 5.5epss 0.00

    Dell PowerFlex Manager, version(s) <=4.6.2, contain(s) an Insecure Storage of Sensitive Information vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to unauthorized access to sensitive information.

  • CVE-2025-43992MedMay 11, 2026
    risk 0.36cvss 5.6epss 0.00

    Dell ECS versions 3.8.1.0 through 3.8.1.7 and Dell ObjectScale versions prior to 4.3.0.0, contains an authentication bypass by assumed-immutable data vulnerability in Geo replication. An unauthenticated attacker with remote access could potentially exploit this vulnerability,…

  • CVE-2018-1189MedMar 26, 2018
    risk 0.36cvss 4.8epss 0.29

    Dell EMC Isilon versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, versions 7.2.1.x, and version 7.1.1.11 is affected by a cross-site scripting vulnerability in the Antivirus Page within the OneFS web administration interface. A malicious administrator…

  • CVE-2016-4004MedApr 12, 2016
    risk 0.36cvss 4.9epss 0.09

    Directory traversal vulnerability in Dell OpenManage Server Administrator (OMSA) 8.2 allows remote authenticated administrators to read arbitrary files via a ..\ (dot dot backslash) in the file parameter to ViewFile.

  • CVE-2024-30476MedJun 16, 2026
    risk 0.35cvss 5.4epss 0.00

    PowerStore contains a Stored Cross-Site Scripting Vulnerability in the PowerStore Manager. A remote authenticated low-privileged malicious actor could potentially exploit this vulnerability, it could lead to script execution in the client browser.

  • CVE-2026-26357MedFeb 17, 2026
    risk 0.35cvss 5.4epss 0.00

    Dell Unisphere for PowerMax, version(s) 9.2.4.x, contain(s) an Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to the execution…

  • CVE-2026-23861MedFeb 17, 2026
    risk 0.35cvss 5.4epss 0.00

    Dell Unisphere for PowerMax vApp, version(s) 9.2.4.x, contain(s) an Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to the…

  • CVE-2025-32749MedMay 22, 2026
    risk 0.34cvss 5.3epss 0.00

    Dell PowerFlex Manager, version(s) <=4.6.2, contain(s) an Exposure of Information Through Directory Listing vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Information exposure.

  • CVE-2025-32747MedMay 22, 2026
    risk 0.34cvss 5.3epss 0.00

    Dell PowerFlex Manager, version(s) <=4.6.2, contain(s) an Incorrect Privilege Assignment vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges.

  • CVE-2026-32655MedApr 27, 2026
    risk 0.34cvss 5.3epss 0.00

    Dell Alienware Command Center (AWCC), versions prior to 6.13.8.0, contain a Least Privilege Violation vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of Privileges.

  • CVE-2018-1202MedMar 26, 2018
    risk 0.34cvss 4.8epss 0.02

    Dell EMC Isilon versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, and version 7.1.1.11 is affected by a cross-site scripting vulnerability in the NDMP Page within the OneFS web administration interface. A malicious administrator may potentially inject…

  • CVE-2018-1201MedMar 26, 2018
    risk 0.34cvss 4.8epss 0.02

    Dell EMC Isilon versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, versions 7.2.1.x, and version 7.1.1.11 is affected by a cross-site scripting vulnerability in the Job Operations Page within the OneFS web administration interface. A malicious…

  • CVE-2018-1188MedMar 26, 2018
    risk 0.34cvss 4.8epss 0.02

    Dell EMC Isilon versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, and versions 7.2.1.x is affected by a cross-site scripting vulnerability in the Authorization Providers page within the OneFS web administration interface. A malicious administrator may…

  • CVE-2018-1187MedMar 26, 2018
    risk 0.34cvss 4.8epss 0.02

    Dell EMC Isilon versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6 is affected by a cross-site scripting vulnerability in the Network Configuration page within the OneFS web administration interface. A malicious administrator may potentially inject…

  • CVE-2018-1186MedMar 26, 2018
    risk 0.34cvss 4.8epss 0.02

    Dell EMC Isilon versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, versions 7.2.1.x, and version 7.1.1.11 is affected by a cross-site scripting vulnerability in the Cluster description of the OneFS web administration interface. A malicious…

  • CVE-2025-36579MedApr 16, 2026
    risk 0.33cvss 5.1epss 0.00

    Dell Client Platform BIOS contains a Weak Password Recovery Mechanism vulnerability. An unauthenticated attacker with physical access to the system could potentially exploit this vulnerability, leading to unauthorized access.

  • CVE-2026-27101MedApr 1, 2026
    risk 0.31cvss 4.7epss 0.00

    Dell Secure Connect Gateway (SCG) 5.0 Appliance and Application version(s) 5.28.00.xx to 5.32.00.xx, contain(s) an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability. A high privileged attacker within the management network could…

  • CVE-2018-1246MedSep 28, 2018
    risk 0.31cvss 4.7epss 0.01

    Dell EMC Unity and UnityVSA contains reflected cross-site scripting vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability by tricking a victim application user to supply malicious HTML or Java Script code to Unisphere, which is then…

  • CVE-2025-43935MedApr 16, 2026
    risk 0.29cvss 4.4epss 0.00

    Dell PowerScale OneFS, versions prior to 9.12.0.0, contains an improper resource shutdown or release vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to denial of service.

  • CVE-2026-24511MedApr 8, 2026
    risk 0.29cvss 4.4epss 0.00

    Dell PowerScale OneFS, versions 9.5.0.0 through 9.10.1.6 and versions 9.11.0.0 through 9.13.0.0, contains a generation of error message containing sensitive information vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability,…

  • CVE-2026-28265MedApr 1, 2026
    risk 0.29cvss 4.4epss 0.00

    PowerStore, contains a Path Traversal vulnerability in the Service user. A low privileged attacker with local access could potentially exploit this vulnerability, leading to modification of arbitrary system files.

  • CVE-2026-23773MedApr 29, 2026
    risk 0.28cvss 4.3epss 0.00

    Dell Disk Library for Mainframe, version(s) DLm 8700/2700 contain(s) a Server-Side Request Forgery (SSRF) vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Server-side request forgery.

  • CVE-2026-23777MedApr 17, 2026
    risk 0.28cvss 4.3epss 0.00

    Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.5, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.50, contain an exposure of sensitive information to an…

  • CVE-2025-32745MedMay 22, 2026
    risk 0.27cvss 4.2epss 0.00

    Dell PowerFlex Manager, version(s) <=4.6.2, contain(s) an Improper Certificate Validation vulnerability. An unauthenticated attacker with adjacent network access could potentially exploit this vulnerability, leading to Information tampering.

  • CVE-2025-43883MedApr 16, 2026
    risk 0.27cvss 4.1epss 0.00

    Dell PowerScale OneFS, versions prior to 9.12.0.0, contains an improper check for unusual or exceptional conditions vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to denial of service.

  • CVE-2015-7267MedNov 27, 2017
    risk 0.27cvss 4.2epss 0.00

    Samsung 850 Pro and PM851 solid-state drives and Seagate ST500LT015 and ST500LT025 hard disk drives, when in sleep mode and operating in Opal or eDrive mode on Lenovo ThinkPad T440s laptops with BIOS 2.32; ThinkPad W541 laptops with BIOS 2.21; Dell Latitude E6410 laptops with…

  • CVE-2025-32746MedMay 22, 2026
    risk 0.26cvss 4.0epss 0.00

    Dell PowerFlex Manager, version(s) <=4.6.2, contain(s) an Insecure Storage of Sensitive Information vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability, leading to unauthorized access to sensitive information.

  • CVE-2016-8217LowFeb 3, 2017
    risk 0.24cvss 3.7epss 0.01

    EMC RSA BSAFE Crypto-J versions prior to 6.2.2 has a PKCS#12 Timing Attack Vulnerability. A possible timing attack could be carried out by modifying a PKCS#12 file that has an integrity MAC for which the password is not known. An attacker could then feed the modified PKCS#12…

  • CVE-2025-46371LowMay 22, 2026
    risk 0.23cvss 3.6epss 0.00

    Dell PowerFlex Manager, version(s) <=4.6.2, contain(s) a Use of a Broken or Risky Cryptographic Algorithm vulnerability in the ssh. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Protection mechanism bypass.

  • CVE-2026-21422LowMar 4, 2026
    risk 0.22cvss 3.4epss 0.00

    Dell PowerScale OneFS, versions 9.10.0.0 through 9.13.1.0, contains an external control of system or configuration setting vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to protection mechanism bypass.

  • CVE-2026-32803LowMay 8, 2026
    risk 0.21cvss 3.3epss 0.00

    Dell PowerScale OneFS versions 9.5.0.0 through 9.5.1.6, 9.6.0.0 through 9.7.1.13, 9.8.0.0 through 9.10.1.5 and 9.11.0.0 through 9.12.0.1 contains an Insufficient Logging vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability,…

  • CVE-2026-28264LowApr 8, 2026
    risk 0.21cvss 3.3epss 0.00

    Dell PowerProtect Agent Service, version(s) prior to 20.1, contain(s) an Incorrect Permission Assignment for Critical Resource vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information exposure.

  • CVE-2021-21551KEVMay 4, 2021
    risk 0.21cvss epss 0.57

    Dell dbutil_2_3.sys driver contains an insufficient access control vulnerability which may lead to escalation of privileges, denial of service, or information disclosure. Local authenticated user access is required.

Page 4 of 31