Dell Dell

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in any Dell product.

RSS Feeds for Dell security vulnerabilities

Create a CVE RSS feed including security vulnerabilities found in Dell products with stack.watch. Just hit watch, then grab your custom RSS feed url.

Products by Dell Sorted by Most Security Vulnerabilities since 2018

Dell Powerscale Onefs99 vulnerabilities

Dell Wyse Management Suite56 vulnerabilities

Dell Smartfabric Os1032 vulnerabilities

Dell Unity29 vulnerabilities

Dell Secure Connect Gateway28 vulnerabilities

Dell Bsafe Micro Edition Suite28 vulnerabilities

Dell Unisphere For Powermax20 vulnerabilities

Dell Bsafe Ssl J19 vulnerabilities

Dell Powerprotect Data Manager18 vulnerabilities

Dell Alienware Command Center17 vulnerabilities

Dell Cloudlink16 vulnerabilities

Dell Objectscale13 vulnerabilities

Dell Supportassist13 vulnerabilities

Dell Command Update12 vulnerabilities

Dell Elastic Cloud Storage12 vulnerabilities

Dell Openmanage Enterprise12 vulnerabilities

Dell Networker11 vulnerabilities

Dell Bsafe Crypto J10 vulnerabilities

Dell Insightiq10 vulnerabilities

Dell Networking Os109 vulnerabilities

Dell Controlvault38 vulnerabilities

Dell Digital Delivery8 vulnerabilities

Dell Alienware Update7 vulnerabilities

Dell Appsync7 vulnerabilities

Dell Avamar Server7 vulnerabilities

Dell Repository Manager7 vulnerabilities

Dell Storage Manager7 vulnerabilities

Dell Encryption7 vulnerabilities

Dell Display Manager6 vulnerabilities

Dell Emc Appsync6 vulnerabilities

Dell Update6 vulnerabilities

Dell Thinos6 vulnerabilities

Dell Peripheral Manager6 vulnerabilities

Dell Powerstoreos5 vulnerabilities

Dell Command Monitor5 vulnerabilities

Dell Data Lakehouse5 vulnerabilities

Dell Enterprise Sonic Os5 vulnerabilities

Dell Power Manager5 vulnerabilities

Dell Unisphere 3605 vulnerabilities

Dell Common Event Enabler4 vulnerabilities

Dell Idrac94 vulnerabilities

Known Exploited Dell Vulnerabilities

The following Dell vulnerabilities have been marked by CISA as Known to be Exploited by threat actors.

Title Description Added
Dell RecoverPoint for Virtual Machines (RP4VMs) Use of Hard-coded Credentials Vulnerability Dell RecoverPoint for Virtual Machines (RP4VMs) contains an use of hard-coded credentials vulnerability that could allow an unauthenticated remote attacker to gain unauthorized access to the underlying operating system and root-level persistence.
CVE-2026-22769 Exploit Probability: 13.1%
February 18, 2026
Dell dbutil Driver Insufficient Access Control Vulnerability Dell dbutil driver contains an insufficient access control vulnerability which may lead to escalation of privileges, denial-of-service, or information disclosure.
CVE-2021-21551 Exploit Probability: 58.1%
March 31, 2022

2 known exploited Dell vulnerabilities are in the top 5% (95th percentile or greater) of the EPSS exploit probability rankings.

By the Year

In 2026 there have been 206 vulnerabilities in Dell with an average score of 6.4 out of ten. Last year, in 2025 Dell had 204 security vulnerabilities published. That is, 2 more vulnerabilities have already been reported in 2026 as compared to last year. Last year, the average CVE base score was greater by 0.34




Year Vulnerabilities Average Score
2026 206 6.43
2025 204 6.77
2024 219 7.07
2023 168 6.97
2022 129 7.20
2021 139 6.94
2020 35 7.45
2019 54 7.32
2018 57 7.21

It may take a day or so for new Dell vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Dell Security Vulnerabilities

CVE Date Vulnerability Products
CVE-2026-49501 Jul 15, 2026
Dell PowerScale OneFS 9.5.0-9.13.0.2 Improper Privilege Escalation (IPM) Dell PowerScale OneFS versions 9.5.0.0 through 9.10.1.7, and versions 9.11.0.0 through 9.13.0.2 contains an Improper Privilege Management vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges.
Powerscale Onefs
CVE-2026-54470 Jul 10, 2026
Dell Unisphere for PowerMax v<=10.3.0.5 XEE RCE Vulnerability Dell Unisphere for PowerMax, version(s) 10.3.0.5 and prior contain(s) an Improper Restriction of XML External Entity Reference vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Unauthorized access.
Unisphere For Powermax
CVE-2026-54469 Jul 10, 2026
Dell Unisphere for PowerMax 10.3.0.5 Deserialization Leads to Root Exec Dell Unisphere for PowerMax, version(s) 10.3.0.5 and prior, contain(s) a Deserialization of Untrusted Data vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to arbitrary command execution with root privileges.
Unisphere For Powermax
CVE-2026-54468 Jul 10, 2026
Dell Unisphere for PowerMax pre-10.3.0.5 Path Traversal File Read Dell Unisphere for PowerMax, version(s) 10.3.0.5 and prior, contain(s) a path traversal vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability to read arbitrary files.
Unisphere For Powermax
CVE-2026-56688 Jul 10, 2026
Dell PowerFlex Manager <5.1.0.1: OS Command Injection Dell PowerFlex Manager, Version prior to 5.1.0.1, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability during OS Repository processing to achieve arbitrary command execution as root, potentially leading to full appliance compromise and lateral movement into managed infrastructure.
CVE-2026-56689 Jul 10, 2026
Dell PowerFlex Manager <=5.1.0.1 SQL Injection Dell PowerFlex Manager, Version prior to 5.1.0.1, contain(s) an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Information exposure.
CVE-2026-56690 Jul 10, 2026
Dell PowerFlex Manager <5.1.0.1 SQL Injection Vulnerability Dell PowerFlex Manager, Version prior to 5.1.0.1, contain(s) an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure, Information exposure, and Unauthorized access.
CVE-2026-53480 Jul 08, 2026
Dell PowerProtect Data Domain Path Traversal < 8.8 (LTS) Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an improper limitation of a pathname to a restricted directory ('path traversal') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to unauthorized file modification.
CVE-2026-53482 Jul 08, 2026
Dell PowerProtect Data Domain <8.7 Integer Overflow DoS Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an Integer overflow or wraparound vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to denial of service.
CVE-2026-56086 Jul 08, 2026
Incorrect Auth CVE-2026-56086 on Dell PowerProtect Data Domain 7.7.1-8.6 Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an Incorrect Authorization vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to unauthorized access.
CVE-2026-41122 Jul 08, 2026
Dell PowerProtect Data Domain XSS (stored) in Web UI v7.7.1.08.7 & LTS Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain a stored cross-site scripting vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability. Exploitation may lead to information disclosure, session theft, or client-side request forgery.
CVE-2026-53479 Jul 07, 2026
Dell PowerProtect Data Domain OS Command Injection 7.7.1.0-8.8 CVE-2026-53479 Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 containan improper neutralization of special elements used in an OS command ('OS command Injection') vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to protection mechanism bypass. This is a Critical vulnerability as it allows an attacker to invoke arbitrary command execution with root privileges; so Dell recommends customers to upgrade at the earliest opportunity.
CVE-2026-53481 Jul 07, 2026
CVE-2026-53481 Dell PowerProtect Data Domain 7.7.1.0-8.7 Improper Path Traversal Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to unauthorized access to the system. This is a critical severity vulnerability as it allows an attacker to take complete control of system; so Dell recommends customers to upgrade at the earliest opportunity.
CVE-2026-53483 Jul 07, 2026
Dell PowerProtect Data Domain Improper Auth (v7.7.1.0-8.7) Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 an improper authentication vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to unauthorized access. This is a critical severity vulnerability as it allows an attacker to take complete control of system; so Dell recommends customers to upgrade at the earliest opportunity.
CVE-2026-49813 Jul 03, 2026
Dell PowerProtect Data Domain OS Command Injection 7.7.1.0-8.7 Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an improper neutralization of special elements used in an OS command ('OS command Injection') vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to arbitrary command execution.
CVE-2026-49814 Jul 03, 2026
OS Command Injection in Dell PowerProtect Data Domain v7.7.1-8.7 Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to arbitrary command execution.
CVE-2026-49815 Jul 03, 2026
Dell PowerProtect Data Domain OS Command Injection (8.7) Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an improper neutralization of special Elements used in an OS command ('OS command Injection') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to execution of arbitrary OS commands.
CVE-2026-53478 Jul 03, 2026
Dell PPD OS Command Injection V7.7.1.0-8.7 (CVE-2026-53478) Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an improper neutralization of special elements used in an OS command ('OS command Injection') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to command execution.
CVE-2026-46463 Jul 03, 2026
Int Overfl Dell PowerProtect Data Domain (v7.7.1.08.7) Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an integer overflow or wraparound vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to denial of service.
CVE-2026-46464 Jul 03, 2026
Dell PowerProtect Data Domain v8.7 Improper Link Resolution (Link Following) Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an improper link resolution before file access ('Link following') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to information disclosure.
CVE-2026-46465 Jul 03, 2026
Dell PowerProtect Data Domain pre-8.7 format string vulnerability Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an use of externally-controlled format string vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure and denial of service.
CVE-2026-46466 Jul 03, 2026
Dell PowerProtect DD: Less Trusted Source Use Vulnerability (v7.7.1-8.7, LTS2024-2026) Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an use of less trusted source vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to information tampering.
CVE-2026-46467 Jul 03, 2026
Dell PowerProtect Data Domain log files expose sensitive info (v7.7.1.0-8.7) Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an insertion of sensitive information into log file vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to information exposure.
CVE-2026-46468 Jul 03, 2026
Dell PowerProtect Data Domain (7.7.1-8.7) Improper Link Resolution: Info Exposure Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an improper link resolution before file access ('Link following') vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to information exposure.
CVE-2026-46730 Jul 03, 2026
Dell PowerProtect Data Domain 7.7.1.08.7 Incorrect Auth Unauth Cmd Exec Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an incorrect authorization vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to unauthorized command execution.
CVE-2026-56085 Jul 03, 2026
Dell PowerProtect Data Domain Uninitialized Resource Vulnerability (<=8.7) Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an use of uninitialized resource vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to information exposure.
CVE-2026-26355 Jul 03, 2026
Dell PowerProtect Data Domain OS Command Injection (CVE-2026-26355) Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an improper neutralization of special Elements used in an OS command ('OS command Injection') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to command execution.
CVE-2026-54483 Jul 03, 2026
OS Command Injection in Dell PowerProtect Data Domain 7.7.1.0-8.6 Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an improper neutralization of special elements used in an OS command ('OS command Injection') vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Command execution.
CVE-2026-41123 Jul 03, 2026
Dell PowerProtect Data Domain 7.7.1.08.6 Improper Access Control RBAC Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an improper access control vulnerability in the RBAC. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to information tampering.
CVE-2026-41124 Jul 03, 2026
Dell PowerProtect Data Domain Path Traversal Vulnerability 7.7.1.08.6 Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an Improper limitation of a pathname to a restricted directory ('path traversal') vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Information exposure.
CVE-2026-44268 Jul 03, 2026
Dell PowerProtect DataDomain 7.7+ - High Priv Local Attack Unauthorized Access Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an incorrect permission Assignment for critical resource vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to unauthorized access.
CVE-2026-44269 Jul 03, 2026
Dell PowerProtect Data Domain Improper Link Res Before File Access (V 7.78.6) Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an improper link resolution before file access ('link following') vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to unauthorized access.
CVE-2026-35159 Jul 03, 2026
Dell Client Platform BIOS Auth Bypass -> Info Disclosure Dell Client Platform BIOS contains an Authentication Bypass by Primary Weakness vulnerability. An unauthenticated attacker with physical access could potentially exploit this vulnerability, leading to Information Disclosure.
CVE-2026-41121 Jul 01, 2026
Dell Device Management Agent <26.05 Improper Link Resolution CVE-2026-41121 Dell Device Management Agent, versions prior to DDMA 26.05, contain an Improper Link Resolution Before File Access ('Link Following) vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of Privileges.
CVE-2026-40711 Jun 26, 2026
OS Command Injection in Dell Container Storage Modules v2.16.0 (csi-*) Dell Dell Container Storage Modules, version(s) csi-powerstore v2.16.0, csi-unity v2.16.0, csi-powerflex v2.16.0, csi-powermax v2.16.0, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Command execution.
Container Storage Modules
CVE-2026-46735 Jun 25, 2026
Dell DDPM Mac OS Cmd Injection <2.3 Dell Display and Peripheral Manager (DDPM Mac), versions prior to 2.3, contain an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Command execution.
CVE-2026-46734 Jun 25, 2026
Dell DDPM Mac <2.3 Improper Cert Validation Insecure Local Bypass Dell Display and Peripheral Manager (DDPM Mac), versions prior to 2.3, contain an Improper Certificate Validation vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Protection mechanism bypass.
CVE-2026-46732 Jun 25, 2026
Dell DDPM Mac <=2.3 Race Condition Elevation of Privileges Dell Display and Peripheral Manager (DDPM Mac), versions prior to 2.3, contain a Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of Privileges.
CVE-2026-41120 Jun 25, 2026
Dell Wyse WMS 5.5 HF1 RCE via Untrusted Data Dell Wyse Management Suite, versions prior to WMS 5.5 HF1, contain an Acceptance of Extraneous Untrusted Data With Trusted Data vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Remote Code Execution.
Wyse Management Suite
CVE-2026-49506 Jun 25, 2026
Dell Wyse Management Suite 5.5 HF1 - Path Traversal RCE (CVE-2026-49506) Dell Wyse Management Suite, versions prior to WMS 5.5 HF1, contain an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Remote Code Execution.
Wyse Management Suite
CVE-2026-46733 Jun 25, 2026
Dell DDPM Windows <2.3 Improper Access Control Low-Priv Local Code Exec Dell Display and Peripheral Manager (DDPM Windows), versions prior to 2.3, contain an Improper Access Control vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution.
CVE-2026-44271 Jun 22, 2026
Dell Wyse Management Suite (WMS) SQLI in Versions <2605 Dell Wyse Management Suite (WMS), versions prior to WMS 2605, contain an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Unauthorized access.
Wyse Management Suite
CVE-2026-44272 Jun 22, 2026
Dell Wyse Mgmt Suite SQLi in WMS <2605 Dell Wyse Management Suite (WMS), versions prior to WMS 2605, contain an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Unauthorized access.
Wyse Management Suite
CVE-2026-44273 Jun 22, 2026
Dell WMS <=2605 Default Credentials Vulnerability Dell Wyse Management Suite (WMS), versions prior to WMS 2605, contain a Use of Default Credentials vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Information Disclosure.
Wyse Management Suite
CVE-2026-44274 Jun 22, 2026
Dell WMS Improper Link Resolution File Access L0 Dell Wyse Management Suite (WMS), versions prior to WMS 2605, contain an Improper Link Resolution Before File Access vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Unauthorized access.
Wyse Management Suite
CVE-2016-20085 Jun 19, 2026
Realtek HD Audio Driver 6.0.1.6730 Unquoted Service Path PrivEsc Realtek High Definition Audio Driver 6.0.1.6730 contains an unquoted service path vulnerability that allows local attackers to escalate privileges by placing a malicious executable in the service path. Attackers can insert an executable file in the unquoted path and restart the service to execute code with LocalSystem privileges.
Realtek High Definition Audio Driver
CVE-2026-46461 Jun 19, 2026
Dell Server HW Manager <3.2.2 Improper Access Control enabling LPE Dell Server Hardware Manager, versions prior to 3.2.2, contains an Improper Access Control vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges.
CVE-2026-32652 Jun 17, 2026
Dell AIOps Collector <1.18.3: Default Credentials Allow Filesystem Access Dell AIOps Collector versions prior to 1.18.3 contain a "Use of Default Credentials" vulnerability. A low privileged attacker with console access could potentially exploit this vulnerability to gain Filesystem access. This vulnerability only affects fresh installations of Collector versions earlier than 1.18.3. Systems that have been upgraded (either manually or automatically) to version 1.18.3 or later are not impacted, even if they were originally installed on an earlier version.
CVE-2025-32748 Jun 17, 2026
Dell PowerFlex Rack 3.7 Host Header Injection (RCM) Dell PowerFlex Manager, version(s) prior to 5.1.0.1, contain(s) a Host Header Injection vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability to trigger redirections.
CVE-2026-35069 Jun 17, 2026
Dell PowerFlex Manager: SQL Injection via unsanitized input (CVE-2026-35069) Dell PowerFlex Manager, version(s) prior to 5.1.0.1, contain(s) an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. A low privileged attacker with adjacent network access could potentially exploit this vulnerability, leading to Script injection.
Built by Foundeo Inc., with data from the National Vulnerability Database (NVD). Privacy Policy. Use of this site is governed by the Legal Terms
Disclaimer
CONTENT ON THIS WEBSITE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. Always check with your vendor for the most up to date, and accurate information.