CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-36606
https://notcve.org/view.php?id=CVE-2025-36606
04 Aug 2025 — Dell Unity, version(s) 5.5 and prior, contain(s) an OS Command Injection Vulnerability in its svc_nfssupport utility. An authenticated attacker could potentially exploit this vulnerability, escaping the restricted shell and execute arbitrary operating system commands with root privileges. Dell Unity, versión 5.5 y anteriores, presenta una vulnerabilidad de inyección de comandos del sistema operativo en su utilidad svc_nfssupport. Un atacante autenticado podría explotar esta vulnerabilidad, eludiendo el shel... • https://www.dell.com/support/kbdoc/en-si/000350756/dsa-2025-281-security-update-for-dell-unity-dell-unityvsa-and-dell-unity-xt-security-update-for-multiple-vulnerabilities • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2025-36605
https://notcve.org/view.php?id=CVE-2025-36605
04 Aug 2025 — Dell Unity, version(s) 5.5 and prior, contain(s) an Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in the CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'). An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to the execution of malicious HTML or JavaScript code in a victim user's web browser in the context of the vulnerable web application. Exploitation may lead to... • https://www.dell.com/support/kbdoc/en-si/000350756/dsa-2025-281-security-update-for-dell-unity-dell-unityvsa-and-dell-unity-xt-security-update-for-multiple-vulnerabilities • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-36604
https://notcve.org/view.php?id=CVE-2025-36604
04 Aug 2025 — Dell Unity, version(s) 5.5 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to arbitrary command execution. Dell Unity, versión 5.5 y anteriores, presenta una vulnerabilidad de neutralización incorrecta de elementos especiales utilizados en un comando del sistema operativo («inyección de comandos del sistema operativo»). Un ata... • https://www.dell.com/support/kbdoc/en-si/000350756/dsa-2025-281-security-update-for-dell-unity-dell-unityvsa-and-dell-unity-xt-security-update-for-multiple-vulnerabilities • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-30103
https://notcve.org/view.php?id=CVE-2025-30103
30 Jul 2025 — Dell SmartFabric OS10 Software, versions prior to 10.6.0.5 contains a Files or Directories Accessible to External Parties vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Filesystem access for attacker. Dell SmartFabric OS10 Software, en versiones anteriores a la 10.6.0.5, contiene una vulnerabilidad de acceso externo a archivos o directorios. Un atacante con pocos privilegios y acceso local podría explotar esta vulnerabilidad, lo que le per... • https://www.dell.com/support/kbdoc/en-us/000346195/dsa-2025-259-security-update-for-dell-networking-os10-vulnerabilities • CWE-552: Files or Directories Accessible to External Parties •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-36609
https://notcve.org/view.php?id=CVE-2025-36609
30 Jul 2025 — Dell SmartFabric OS10 Software, versions prior to 10.6.0.5, contains a Use of Hard-coded Password vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges. El software Dell SmartFabric OS10, versiones anteriores a la 10.6.0.5, contiene una vulnerabilidad de uso de contraseñas codificadas. Un atacante con pocos privilegios y acceso local podría explotar esta vulnerabilidad, lo que conllevaría una elevación de privilegios. • https://www.dell.com/support/kbdoc/en-us/000346195/dsa-2025-259-security-update-for-dell-networking-os10-vulnerabilities • CWE-259: Use of Hard-coded Password •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-36608
https://notcve.org/view.php?id=CVE-2025-36608
30 Jul 2025 — Dell SmartFabric OS10 Software, versions prior to 10.6.0.5, contains an Improper Restriction of XML External Entity Reference vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Unauthorized access. Dell SmartFabric OS10 Software, versiones anteriores a la 10.6.0.5, contiene una vulnerabilidad de restricción incorrecta de referencias a entidades externas XML. Un atacante con pocos privilegios y acceso remoto podría explotar esta vulnerabilidad... • https://www.dell.com/support/kbdoc/en-us/000346195/dsa-2025-259-security-update-for-dell-networking-os10-vulnerabilities • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-30480
https://notcve.org/view.php?id=CVE-2025-30480
30 Jul 2025 — Dell PowerProtect Data Manager, versions prior to 19.19, contain(s) an Improper Input Validation vulnerability in PowerProtect Data Manager. A low privileged attacker with remote access could potentially exploit this vulnerability to read arbitrary files. Dell PowerProtect Data Manager, versiones anteriores a la 19.19, presenta una vulnerabilidad de validación de entrada incorrecta en PowerProtect Data Manager. Un atacante con pocos privilegios y acceso remoto podría aprovechar esta vulnerabilidad para leer... • https://www.dell.com/support/kbdoc/en-us/000349609/dsa-2025-304-security-update-for-dell-powerprotect-data-manager-multiple-security-vulnerabilities • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-26332
https://notcve.org/view.php?id=CVE-2025-26332
30 Jul 2025 — TechAdvisor versions 2.6 through 3.37-30 for Dell XtremIO X2, contain(s) an Insertion of Sensitive Information into Log File vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information exposure. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account. Las versiones 2.6 a 3.37-30 de TechAdvisor para Dell XtremIO X2 contienen una vulnerabilidad de inserción de inf... • https://www.dell.com/support/kbdoc/en-us/000337241/dsa-2025-108-security-update-for-dell-emc-xtremio-x2 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-30105
https://notcve.org/view.php?id=CVE-2025-30105
30 Jul 2025 — Dell XtremIO, version(s) 6.4.0-22, contain(s) an Insertion of Sensitive Information into Log File vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information exposure. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account. Dell XtremIO, versión 6.4.0-22, presenta una vulnerabilidad de inserción de información confidencial en el archivo de registro. Un atacante... • https://www.dell.com/support/kbdoc/en-us/000337241/dsa-2025-108-security-update-for-dell-emc-xtremio-x2 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 7.3EPSS: 0%CPEs: 2EXPL: 0CVE-2025-36611
https://notcve.org/view.php?id=CVE-2025-36611
30 Jul 2025 — Dell Encryption and Dell Security Management Server, versions prior to 11.11.0, contain an Improper Link Resolution Before File Access ('Link Following') Vulnerability. A local malicious user could potentially exploit this vulnerability, leading to privilege escalation. Dell Encryption y Dell Security Management Server, versiones anteriores a la 11.11.0, contienen una vulnerabilidad de resolución incorrecta de enlaces antes del acceso a archivos («Seguimiento de enlaces»). Un usuario malintencionado local p... • https://www.dell.com/support/kbdoc/en-us/000347824/dsa-2025-292 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •