CVSS: 9.4EPSS: 22%CPEs: 1EXPL: 0CVE-2025-24383
https://notcve.org/view.php?id=CVE-2025-24383
28 Mar 2025 — Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability to delete arbitrary files. This vulnerability is considered critical as it can be leveraged to delete critical system files as root. Dell recommends customers to upgrade at the earliest opportunity. • https://www.dell.com/support/kbdoc/en-us/000300090/dsa-2025-116-security-update-for-dell-unity-dell-unityvsa-and-dell-unity-xt-security-update-for-multiple-vulnerabilities • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.7EPSS: 0%CPEs: 2EXPL: 0CVE-2025-26336
https://notcve.org/view.php?id=CVE-2025-26336
21 Mar 2025 — Dell Chassis Management Controller Firmware for Dell PowerEdge FX2, version(s) prior to 2.40.200.202101130302, and Dell Chassis Management Controller Firmware for Dell PowerEdge VRTX version(s) prior to 3.41.200.202209300499, contain(s) a Stack-based Buffer Overflow vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Remote execution. • https://www.dell.com/support/kbdoc/en-us/000297463/dsa-2025-123-security-update-for-dell-chassis-management-controller-firmware-for-dell-poweredge-fx2-and-vrtx-vulnerabilities • CWE-121: Stack-based Buffer Overflow •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-23382
https://notcve.org/view.php?id=CVE-2025-23382
19 Mar 2025 — Dell Secure Connect Gateway (SCG) 5.0 Appliance - SRS, version(s) 5.26, contain(s) an Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Information exposure.c • https://www.dell.com/support/kbdoc/en-uk/000291028/dell-secure-connect-gateway-security-update-for-multiple-third-party-component-vulnerabilities • CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-26475
https://notcve.org/view.php?id=CVE-2025-26475
19 Mar 2025 — Dell Secure Connect Gateway (SCG) 5.0 Appliance - SRS, version(s) 5.26, Enables Live-Restore setting which enhances security by keeping containers running during daemon restarts, reducing attack exposure, preventing accidental misconfigurations, and ensuring security controls remain active. • https://www.dell.com/support/kbdoc/en-uk/000291028/dell-secure-connect-gateway-security-update-for-multiple-third-party-component-vulnerabilities • CWE-287: Improper Authentication •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-27688
https://notcve.org/view.php?id=CVE-2025-27688
18 Mar 2025 — Dell ThinOS 2408 and prior, contains an improper permissions vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges. • https://www.dell.com/support/kbdoc/en-us/000289886/dsa-2025-107 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-49559
https://notcve.org/view.php?id=CVE-2024-49559
17 Mar 2025 — Dell SmartFabric OS10 Software, version(s) 10.5.4.x, 10.5.5.x, 10.5.6.x, 10.6.0.x, contain(s) an Use of Default Password vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Unauthorized access. • https://www.dell.com/support/kbdoc/en-us/000289970/dsa-2025-070-security-update-for-dell-networking-os10-vulnerabilities • CWE-1393: Use of Default Password •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-48828
https://notcve.org/view.php?id=CVE-2024-48828
17 Mar 2025 — Dell SmartFabric OS10 Software, version(s) 10.5.4.x, 10.5.5.x, 10.5.6.x, 10.6.0.x, contain(s) an Improper Privilege Management vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Unauthorized access. • https://www.dell.com/support/kbdoc/en-us/000289970/dsa-2025-070-security-update-for-dell-networking-os10-vulnerabilities • CWE-269: Improper Privilege Management •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-22474
https://notcve.org/view.php?id=CVE-2025-22474
17 Mar 2025 — Dell SmartFabric OS10 Software, version(s) 10.5.4.x, 10.5.5.x, 10.5.6.x, 10.6.0.x, contain(s) a Server-Side Request Forgery (SSRF) vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Server-side request forgery. • https://www.dell.com/support/kbdoc/en-us/000289970/dsa-2025-070-security-update-for-dell-networking-os10-vulnerabilities • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-48830
https://notcve.org/view.php?id=CVE-2024-48830
17 Mar 2025 — Dell SmartFabric OS10 Software, version(s) 10.5.4.x, 10.5.5.x, 10.5.6.x, 10.6.0.x, contain(s) an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Command execution. • https://www.dell.com/support/kbdoc/en-us/000289970/dsa-2025-070-security-update-for-dell-networking-os10-vulnerabilities • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-48013
https://notcve.org/view.php?id=CVE-2024-48013
17 Mar 2025 — Dell SmartFabric OS10 Software, version(s) 10.5.4.x, 10.5.5.x, 10.5.6.x, 10.6.0.x, contain(s) an Execution with Unnecessary Privileges vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Elevation of privileges. • https://www.dell.com/support/kbdoc/en-us/000289970/dsa-2025-070-security-update-for-dell-networking-os10-vulnerabilities • CWE-250: Execution with Unnecessary Privileges •