CVSS: 8.8EPSS: %CPEs: 4EXPL: 0CVE-2025-29987
https://notcve.org/view.php?id=CVE-2025-29987
03 Apr 2025 — Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) versions prior to 8.3.0.15 contain an Insufficient Granularity of Access Control vulnerability. An authenticated user from a trusted remote client could exploit this vulnerability to execute arbitrary commands with root privileges. • https://www.dell.com/support/kbdoc/en-us/000300899/dsa-2025-139-dell-technologies-powerprotect-data-domain-security-update-for-a-security-vulnerability • CWE-1220: Insufficient Granularity of Access Control •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-27692
https://notcve.org/view.php?id=CVE-2025-27692
02 Apr 2025 — Dell Wyse Management Suite, versions prior to WMS 5.1, contains an Unrestricted Upload of File with Dangerous Type vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Denial of service, Information disclosure, and Remote execution • https://www.dell.com/support/kbdoc/en-us/000296515/dsa-2025-135 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2025-27693
https://notcve.org/view.php?id=CVE-2025-27693
02 Apr 2025 — Dell Wyse Management Suite, versions prior to WMS 5.1, contains an Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Script injection. • https://www.dell.com/support/kbdoc/en-us/000296515/dsa-2025-135 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-27694
https://notcve.org/view.php?id=CVE-2025-27694
02 Apr 2025 — Dell Wyse Management Suite, versions prior to WMS 5.1, contains an Insufficient Resource Pool vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Denial of service. • https://www.dell.com/support/kbdoc/en-us/000296515/dsa-2025-135 • CWE-410: Insufficient Resource Pool •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-29982
https://notcve.org/view.php?id=CVE-2025-29982
02 Apr 2025 — Dell Wyse Management Suite, versions prior to WMS 5.1, contains an Insecure Inherited Permissions vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Unauthorized access. • https://www.dell.com/support/kbdoc/en-us/000296515/dsa-2025-135 • CWE-277: Insecure Inherited Permissions •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-29981
https://notcve.org/view.php?id=CVE-2025-29981
02 Apr 2025 — Dell Wyse Management Suite, versions prior to WMS 5.1, contains an Exposure of Sensitive Information Through Data Queries vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure. • https://www.dell.com/support/kbdoc/en-us/000296515/dsa-2025-135 • CWE-202: Exposure of Sensitive Information Through Data Queries •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-24381
https://notcve.org/view.php?id=CVE-2025-24381
28 Mar 2025 — Dell Unity, version(s) 5.4 and prior, contain(s) an URL Redirection to Untrusted Site ('Open Redirect') vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to a targeted application user being redirected to arbitrary web URLs. The vulnerability could be leveraged by attackers to conduct phishing attacks that cause users to divulge sensitive information. Exploitation may allow for session theft. • https://www.dell.com/support/kbdoc/en-us/000300090/dsa-2025-116-security-update-for-dell-unity-dell-unityvsa-and-dell-unity-xt-security-update-for-multiple-vulnerabilities • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-24386
https://notcve.org/view.php?id=CVE-2025-24386
28 Mar 2025 — Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Command execution and Elevation of privileges. • https://www.dell.com/support/kbdoc/en-us/000300090/dsa-2025-116-security-update-for-dell-unity-dell-unityvsa-and-dell-unity-xt-security-update-for-multiple-vulnerabilities • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-24377
https://notcve.org/view.php?id=CVE-2025-24377
28 Mar 2025 — Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution and Elevation of privileges. • https://www.dell.com/support/kbdoc/en-us/000300090/dsa-2025-116-security-update-for-dell-unity-dell-unityvsa-and-dell-unity-xt-security-update-for-multiple-vulnerabilities • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-24378
https://notcve.org/view.php?id=CVE-2025-24378
28 Mar 2025 — Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Command execution and Elevation of privileges. • https://www.dell.com/support/kbdoc/en-us/000300090/dsa-2025-116-security-update-for-dell-unity-dell-unityvsa-and-dell-unity-xt-security-update-for-multiple-vulnerabilities • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •