CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-21104
https://notcve.org/view.php?id=CVE-2025-21104
13 Mar 2025 — Dell NetWorker, 19.11.0.3 and below versions, contain(s) an Open Redirect Vulnerability in NMC. An unauthenticated attacker with remoter access could potentially exploit this vulnerability, leading to a targeted application user being redirected to arbitrary web URLs. The vulnerability could be leveraged by attackers to conduct phishing attacks that cause users to divulge sensitive information. • https://www.dell.com/support/kbdoc/en-us/000294392/dsa-2025-124-security-update-for-dell-networker-management-console-for-http-host-header-injection-vulnerability • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-26331
https://notcve.org/view.php?id=CVE-2025-26331
07 Mar 2025 — Dell ThinOS 2411 and prior, contains an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to arbitrary code execution. • https://www.dell.com/support/kbdoc/en-us/000289886/dsa-2025-107 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 2.3EPSS: 0%CPEs: 2EXPL: 0CVE-2024-51539
https://notcve.org/view.php?id=CVE-2024-51539
25 Feb 2025 — The Dell Secure Connect Gateway (SCG) Application and Appliance, versions prior to 5.28, contains a SQL injection vulnerability due to improper neutralization of special elements used in an SQL command. This vulnerability can only be exploited locally on the affected system. A high-privilege attacker with access to the system could potentially exploit this vulnerability, leading to the disclosure of non-sensitive information that does not include any customer data. • https://www.dell.com/support/kbdoc/en-us/000289550/dsa-2024-464-security-update-for-dell-secure-connect-gateway-application-and-appliance-vulnerability • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.2EPSS: 0%CPEs: 78EXPL: 0CVE-2024-52541
https://notcve.org/view.php?id=CVE-2024-52541
19 Feb 2025 — Dell Client Platform BIOS contains a Weak Authentication vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of Privileges. • https://www.dell.com/support/kbdoc/en-us/000258429/dsa-2025-021 • CWE-1390: Weak Authentication •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2025-21103
https://notcve.org/view.php?id=CVE-2025-21103
17 Feb 2025 — Dell NetWorker Management Console, version(s) 19.11 through 19.11.0.3 & Versions prior to 19.10.0.7 contain(s) an improper neutralization of server-side vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability and run arbitrary code on the server. • https://www.dell.com/support/kbdoc/en-us/000286268/dsa-2025-095-security-update-for-dell-networker-management-console-vulnerability • CWE-97: Improper Neutralization of Server-Side Includes (SSI) Within a Web Page •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-22480
https://notcve.org/view.php?id=CVE-2025-22480
13 Feb 2025 — Dell SupportAssist OS Recovery versions prior to 5.5.13.1 contain a symbolic link attack vulnerability. A low-privileged attacker with local access could potentially exploit this vulnerability, leading to arbitrary file deletion and Elevation of Privileges. • https://www.dell.com/support/kbdoc/en-us/000275712/dsa-2025-051 • CWE-61: UNIX Symbolic Link (Symlink) Following •
CVSS: 5.9EPSS: 0%CPEs: 2EXPL: 0CVE-2024-29172
https://notcve.org/view.php?id=CVE-2024-29172
12 Feb 2025 — Dell BSAFE SSL-J contains a deadlock vulnerability. A remote attacker could potentially exploit this vulnerability, leading to a Denial of Service. Dell BSAFE SSL-J, versions prior to 6.6 and versions 7.0 through 7.2, contains a deadlock vulnerability. A remote attacker could potentially exploit this vulnerability, leading to a Denial of Service. • https://www.dell.com/support/kbdoc/en-us/000226620/dsa-2024-221-security-update-for-dell-bsafe-ssl-j-multiple-vulnerabilities • CWE-833: Deadlock •
CVSS: 5.9EPSS: 0%CPEs: 2EXPL: 0CVE-2024-29171
https://notcve.org/view.php?id=CVE-2024-29171
12 Feb 2025 — Dell BSAFE SSL-J contains an Improper certificate verification vulnerability. A remote attacker could potentially exploit this vulnerability, leading to information disclosure. Dell BSAFE SSL-J, versions prior to 6.6 and versions 7.0 through 7.2, contains an Improper certificate verification vulnerability. A remote attacker could potentially exploit this vulnerability, leading to information disclosure. • https://www.dell.com/support/kbdoc/en-us/000226620/dsa-2024-221-security-update-for-dell-bsafe-ssl-j-multiple-vulnerabilities • CWE-295: Improper Certificate Validation •
CVSS: 7.9EPSS: 0%CPEs: 1EXPL: 0CVE-2025-22399
https://notcve.org/view.php?id=CVE-2025-22399
11 Feb 2025 — Dell UCC Edge, version 2.3.0, contains a Blind SSRF on Add Customer SFTP Server vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability, leading to Server-side request forgery • https://www.dell.com/support/kbdoc/en-us/000279299/dsa-2025-043-security-update-for-dell-ucc-edge-security-update-for-multiple-vulnerabilities • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 2.6EPSS: 0%CPEs: 1EXPL: 0CVE-2025-22402
https://notcve.org/view.php?id=CVE-2025-22402
07 Feb 2025 — Dell Update Manager Plugin, version(s) 1.5.0 through 1.6.0, contain(s) an Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Information exposure. • https://www.dell.com/support/kbdoc/en-us/000281885/dsa-2025-047-security-update-for-dell-update-manager-plugin-vulnerability • CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) •