Dell
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in any Dell product.
RSS Feeds for Dell security vulnerabilities
Create a CVE RSS feed including security vulnerabilities found in Dell products with stack.watch. Just hit watch, then grab your custom RSS feed url.
Products by Dell Sorted by Most Security Vulnerabilities since 2018
Known Exploited Dell Vulnerabilities
The following Dell vulnerabilities have been marked by CISA as Known to be Exploited by threat actors.
| Title | Description | Added |
|---|---|---|
| Dell RecoverPoint for Virtual Machines (RP4VMs) Use of Hard-coded Credentials Vulnerability |
Dell RecoverPoint for Virtual Machines (RP4VMs) contains an use of hard-coded credentials vulnerability that could allow an unauthenticated remote attacker to gain unauthorized access to the underlying operating system and root-level persistence. CVE-2026-22769 Exploit Probability: 13.1% |
February 18, 2026 |
| Dell dbutil Driver Insufficient Access Control Vulnerability |
Dell dbutil driver contains an insufficient access control vulnerability which may lead to escalation of privileges, denial-of-service, or information disclosure. CVE-2021-21551 Exploit Probability: 57.5% |
March 31, 2022 |
2 known exploited Dell vulnerabilities are in the top 5% (95th percentile or greater) of the EPSS exploit probability rankings.
By the Year
In 2026 there have been 194 vulnerabilities in Dell with an average score of 6.4 out of ten. Last year, in 2025 Dell had 204 security vulnerabilities published. If vulnerabilities keep coming in at the current rate, it appears that number of security vulnerabilities in Dell in 2026 could surpass last years number. Last year, the average CVE base score was greater by 0.39
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 194 | 6.38 |
| 2025 | 204 | 6.77 |
| 2024 | 219 | 7.07 |
| 2023 | 168 | 6.97 |
| 2022 | 129 | 7.20 |
| 2021 | 139 | 6.94 |
| 2020 | 35 | 7.45 |
| 2019 | 54 | 7.32 |
| 2018 | 57 | 7.21 |
It may take a day or so for new Dell vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Dell Security Vulnerabilities
| CVE | Date | Vulnerability | Products |
|---|---|---|---|
| CVE-2026-53479 | Jul 07, 2026 |
Dell PowerProtect Data Domain OS Command Injection 7.7.1.0-8.8 CVE-2026-53479Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 containan improper neutralization of special elements used in an OS command ('OS command Injection') vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to protection mechanism bypass. This is a Critical vulnerability as it allows an attacker to invoke arbitrary command execution with root privileges; so Dell recommends customers to upgrade at the earliest opportunity. |
|
| CVE-2026-53481 | Jul 07, 2026 |
CVE-2026-53481 Dell PowerProtect Data Domain 7.7.1.0-8.7 Improper Path TraversalDell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to unauthorized access to the system. This is a critical severity vulnerability as it allows an attacker to take complete control of system; so Dell recommends customers to upgrade at the earliest opportunity. |
|
| CVE-2026-53483 | Jul 07, 2026 |
Dell PowerProtect Data Domain Improper Auth (v7.7.1.0-8.7)Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 an improper authentication vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to unauthorized access. This is a critical severity vulnerability as it allows an attacker to take complete control of system; so Dell recommends customers to upgrade at the earliest opportunity. |
|
| CVE-2026-49813 | Jul 03, 2026 |
Dell PowerProtect Data Domain OS Command Injection 7.7.1.0-8.7Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an improper neutralization of special elements used in an OS command ('OS command Injection') vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to arbitrary command execution. |
|
| CVE-2026-49814 | Jul 03, 2026 |
OS Command Injection in Dell PowerProtect Data Domain v7.7.1-8.7Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to arbitrary command execution. |
|
| CVE-2026-49815 | Jul 03, 2026 |
Dell PowerProtect Data Domain OS Command Injection (8.7)Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an improper neutralization of special Elements used in an OS command ('OS command Injection') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to execution of arbitrary OS commands. |
|
| CVE-2026-53478 | Jul 03, 2026 |
Dell PPD OS Command Injection V7.7.1.0-8.7 (CVE-2026-53478)Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an improper neutralization of special elements used in an OS command ('OS command Injection') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to command execution. |
|
| CVE-2026-46463 | Jul 03, 2026 |
Int Overfl Dell PowerProtect Data Domain (v7.7.1.08.7)Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an integer overflow or wraparound vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to denial of service. |
|
| CVE-2026-46464 | Jul 03, 2026 |
Dell PowerProtect Data Domain v8.7 Improper Link Resolution (Link Following)Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an improper link resolution before file access ('Link following') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to information disclosure. |
|
| CVE-2026-46465 | Jul 03, 2026 |
Dell PowerProtect Data Domain pre-8.7 format string vulnerabilityDell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an use of externally-controlled format string vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure and denial of service. |
|
| CVE-2026-46466 | Jul 03, 2026 |
Dell PowerProtect DD: Less Trusted Source Use Vulnerability (v7.7.1-8.7, LTS2024-2026)Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an use of less trusted source vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to information tampering. |
|
| CVE-2026-46467 | Jul 03, 2026 |
Dell PowerProtect Data Domain log files expose sensitive info (v7.7.1.0-8.7)Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an insertion of sensitive information into log file vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to information exposure. |
|
| CVE-2026-46468 | Jul 03, 2026 |
Dell PowerProtect Data Domain (7.7.1-8.7) Improper Link Resolution: Info ExposureDell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an improper link resolution before file access ('Link following') vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to information exposure. |
|
| CVE-2026-46730 | Jul 03, 2026 |
Dell PowerProtect Data Domain 7.7.1.08.7 Incorrect Auth Unauth Cmd ExecDell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an incorrect authorization vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to unauthorized command execution. |
|
| CVE-2026-56085 | Jul 03, 2026 |
Dell PowerProtect Data Domain Uninitialized Resource Vulnerability (<=8.7)Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an use of uninitialized resource vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to information exposure. |
|
| CVE-2026-26355 | Jul 03, 2026 |
Dell PowerProtect Data Domain OS Command Injection (CVE-2026-26355)Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an improper neutralization of special Elements used in an OS command ('OS command Injection') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to command execution. |
|
| CVE-2026-54483 | Jul 03, 2026 |
OS Command Injection in Dell PowerProtect Data Domain 7.7.1.0-8.6Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an improper neutralization of special elements used in an OS command ('OS command Injection') vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Command execution. |
|
| CVE-2026-41123 | Jul 03, 2026 |
Dell PowerProtect Data Domain 7.7.1.08.6 Improper Access Control RBACDell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an improper access control vulnerability in the RBAC. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to information tampering. |
|
| CVE-2026-41124 | Jul 03, 2026 |
Dell PowerProtect Data Domain Path Traversal Vulnerability 7.7.1.08.6Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an Improper limitation of a pathname to a restricted directory ('path traversal') vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Information exposure. |
|
| CVE-2026-44268 | Jul 03, 2026 |
Dell PowerProtect DataDomain 7.7+ - High Priv Local Attack Unauthorized AccessDell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an incorrect permission Assignment for critical resource vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to unauthorized access. |
|
| CVE-2026-44269 | Jul 03, 2026 |
Dell PowerProtect Data Domain Improper Link Res Before File Access (V 7.78.6)Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an improper link resolution before file access ('link following') vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to unauthorized access. |
|
| CVE-2026-35159 | Jul 03, 2026 |
Dell Client Platform BIOS Auth Bypass -> Info DisclosureDell Client Platform BIOS contains an Authentication Bypass by Primary Weakness vulnerability. An unauthenticated attacker with physical access could potentially exploit this vulnerability, leading to Information Disclosure. |
|
| CVE-2026-41121 | Jul 01, 2026 |
Dell Device Management Agent <26.05 Improper Link Resolution CVE-2026-41121Dell Device Management Agent, versions prior to DDMA 26.05, contain an Improper Link Resolution Before File Access ('Link Following) vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of Privileges. |
|
| CVE-2026-40711 | Jun 26, 2026 |
OS Command Injection in Dell Container Storage Modules v2.16.0 (csi-*)Dell Dell Container Storage Modules, version(s) csi-powerstore v2.16.0, csi-unity v2.16.0, csi-powerflex v2.16.0, csi-powermax v2.16.0, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Command execution. |
|
| CVE-2026-46735 | Jun 25, 2026 |
Dell DDPM Mac OS Cmd Injection <2.3Dell Display and Peripheral Manager (DDPM Mac), versions prior to 2.3, contain an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Command execution. |
|
| CVE-2026-46734 | Jun 25, 2026 |
Dell DDPM Mac <2.3 Improper Cert Validation Insecure Local BypassDell Display and Peripheral Manager (DDPM Mac), versions prior to 2.3, contain an Improper Certificate Validation vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Protection mechanism bypass. |
|
| CVE-2026-46732 | Jun 25, 2026 |
Dell DDPM Mac <=2.3 Race Condition Elevation of PrivilegesDell Display and Peripheral Manager (DDPM Mac), versions prior to 2.3, contain a Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of Privileges. |
|
| CVE-2026-41120 | Jun 25, 2026 |
Dell Wyse WMS 5.5 HF1 RCE via Untrusted DataDell Wyse Management Suite, versions prior to WMS 5.5 HF1, contain an Acceptance of Extraneous Untrusted Data With Trusted Data vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Remote Code Execution. |
|
| CVE-2026-49506 | Jun 25, 2026 |
Dell Wyse Management Suite 5.5 HF1 - Path Traversal RCE (CVE-2026-49506)Dell Wyse Management Suite, versions prior to WMS 5.5 HF1, contain an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Remote Code Execution. |
|
| CVE-2026-46733 | Jun 25, 2026 |
Dell DDPM Windows <2.3 Improper Access Control Low-Priv Local Code ExecDell Display and Peripheral Manager (DDPM Windows), versions prior to 2.3, contain an Improper Access Control vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution. |
|
| CVE-2026-44271 | Jun 22, 2026 |
Dell Wyse Management Suite (WMS) SQLI in Versions <2605Dell Wyse Management Suite (WMS), versions prior to WMS 2605, contain an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Unauthorized access. |
|
| CVE-2026-44272 | Jun 22, 2026 |
Dell Wyse Mgmt Suite SQLi in WMS <2605Dell Wyse Management Suite (WMS), versions prior to WMS 2605, contain an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Unauthorized access. |
|
| CVE-2026-44273 | Jun 22, 2026 |
Dell WMS <=2605 Default Credentials VulnerabilityDell Wyse Management Suite (WMS), versions prior to WMS 2605, contain a Use of Default Credentials vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Information Disclosure. |
|
| CVE-2026-44274 | Jun 22, 2026 |
Dell WMS Improper Link Resolution File Access L0Dell Wyse Management Suite (WMS), versions prior to WMS 2605, contain an Improper Link Resolution Before File Access vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Unauthorized access. |
|
| CVE-2026-46461 | Jun 19, 2026 |
Dell Server HW Manager <3.2.2 Improper Access Control enabling LPEDell Server Hardware Manager, versions prior to 3.2.2, contains an Improper Access Control vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges. |
|
| CVE-2026-32652 | Jun 17, 2026 |
Dell AIOps Collector <1.18.3: Default Credentials Allow Filesystem AccessDell AIOps Collector versions prior to 1.18.3 contain a "Use of Default Credentials" vulnerability. A low privileged attacker with console access could potentially exploit this vulnerability to gain Filesystem access. This vulnerability only affects fresh installations of Collector versions earlier than 1.18.3. Systems that have been upgraded (either manually or automatically) to version 1.18.3 or later are not impacted, even if they were originally installed on an earlier version. |
|
| CVE-2025-32748 | Jun 17, 2026 |
Dell PowerFlex Rack 3.7 Host Header Injection (RCM)Dell PowerFlex Manager, version(s) prior to 5.1.0.1, contain(s) a Host Header Injection vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability to trigger redirections. |
|
| CVE-2026-35069 | Jun 17, 2026 |
Dell PowerFlex Manager: SQL Injection via unsanitized input (CVE-2026-35069)Dell PowerFlex Manager, version(s) prior to 5.1.0.1, contain(s) an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. A low privileged attacker with adjacent network access could potentially exploit this vulnerability, leading to Script injection. |
|
| CVE-2026-35068 | Jun 17, 2026 |
Dell PowerFlex Manager: SQL Injection via Improper NeutralizationDell PowerFlex Manager, version(s) prior to 5.1.0.1, contain(s) an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. A low privileged attacker with adjacent network access could potentially exploit this vulnerability, leading to information disclosure. |
|
| CVE-2026-35066 | Jun 17, 2026 |
Dell PowerFlex Manager Improper Access Control DoSDell PowerFlex Manager, version(s) prior to 5.1.0.1, contain(s) an Improper Access Control vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to denial of service. |
|
| CVE-2026-35067 | Jun 17, 2026 |
Dell PowerFlex Manager Improper Access Control Allows Priv EscDell PowerFlex Manager, version(s) prior to 5.1.0.1, contain(s) an Improper Access Control vulnerability. A low privileged attacker with adjacent network access could potentially exploit this vulnerability, leading to Elevation of privileges and Unauthorized access. |
|
| CVE-2026-35162 | Jun 17, 2026 |
Dell PowerFlex Manager Improper Access Control Vulnerability (CVE-2026-35162)Dell PowerFlex Manager, version(s) prior to 5.1.0.1, contain(s) an Improper Access Control vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to denial of service. |
|
| CVE-2026-35065 | Jun 17, 2026 |
Dell PowerFlex Manager Missing Auth Critical Function CVE-2026-35065Dell PowerFlex Manager, version(s) prior to 5.1.0.1, contain(s) a Missing Authentication for Critical Function vulnerability. An unauthenticated attacker with adjacent network access could potentially exploit this vulnerability, leading to Code execution, Denial of service, Information disclosure, Information tampering, Remote execution, Script injection, and Unauthorized access. |
|
| CVE-2026-32804 | Jun 17, 2026 |
Dell PowerFlex Manager Improper Auth Vulnerability (CVE-2026-32804)Dell PowerFlex Manager, version(s) prior to 5.1.0.1, contain(s) an Improper Authentication vulnerability. An unauthenticated attacker with adjacent network access could potentially exploit this vulnerability, leading to Unauthorized access. |
|
| CVE-2026-49502 | Jun 17, 2026 |
Dell PowerFlex Manager Improper Auth Enables Unauth AccessDell PowerFlex Manager, version(s) prior to 5.1.0.1, contain(s) an Improper Authentication vulnerability. An unauthenticated attacker with adjacent network access could potentially exploit this vulnerability, leading to Information disclosure, Information tampering, and Unauthorized access. |
|
| CVE-2026-22283 | Jun 17, 2026 |
Dell PowerFlex Manager (v<4.8): Untrusted Control Sphere Info DisclosureDell PowerFlex Manager, version(s) prior to 5.1.0.1, contain(s) an Inclusion of Functionality from Untrusted Control Sphere vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure. |
|
| CVE-2026-40641 | Jun 17, 2026 |
Dell PowerFlex Manager 4.6.0.1 Uses Weak Crypto (CVE-2026-40641)Dell PowerFlex Manager, version(s) prior to 5.1.0.1, contain(s) an Use of a Broken or Risky Cryptographic Algorithm vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure and Information tampering. |
|
| CVE-2024-47477 | Jun 17, 2026 |
Dell PowerFlex Manager 4.5.1.1 Improper Cert Validation MITMDell PowerFlex Manager, versions prior to 4.5.1.1, contain an improper certificate validation vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability leading to man-in-the-middle attack in tandem with DNS cache poisoning. |
|
| CVE-2024-39575 | Jun 16, 2026 |
Dell Update_disk_psu_baseline.sh plain text password issue (CVE-2024-39575)update_disk_psu_baseline.sh requires password in plain text |
|
| CVE-2024-38487 | Jun 16, 2026 |
API Gateway Container PrivEsc via Host Access (CVE-2024-38487)api-gateway container running with root privilege would allow an attacker to escape the container and access host system to perform unintended actions. |