CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2025-30483
https://notcve.org/view.php?id=CVE-2025-30483
15 Jul 2025 — Dell ECS versions prior to 3.8.1.5/ ObjectScale version 4.0.0.0 contains an Insertion of Sensitive Information into Log File vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information disclosure. • https://www.dell.com/support/kbdoc/en-us/000339124/dsa-2025-242-security-update-for-dell-ecs-and-dell-objectscale-insertion-of-sensitive-information-into-log-file-vulnerability • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-36599
https://notcve.org/view.php?id=CVE-2025-36599
09 Jul 2025 — Dell PowerFlex Manager VM, versions prior to 4.6.2.1, contains an Insertion of Sensitive Information into Log File vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the system with privileges of the compromised account. • https://www.dell.com/support/kbdoc/en-us/000342158/dsa-2025-279-security-update-for-dell-powerflex-manager-platform-pfmp-proprietary-code-vulnerability • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 8.2EPSS: 0%CPEs: 1EXPL: 0CVE-2025-36600
https://notcve.org/view.php?id=CVE-2025-36600
08 Jul 2025 — Dell Client Platform BIOS contains an Improper Access Control Applied to Mirrored or Aliased Memory Regions vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution. • https://www.dell.com/support/kbdoc/en-us/000320876/dsa-2025-205 • CWE-1257: Improper Access Control Applied to Mirrored or Aliased Memory Regions •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-36582
https://notcve.org/view.php?id=CVE-2025-36582
01 Jul 2025 — Dell NetWorker, versions 19.12.0.1 and prior, contains a Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade') vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure. Dell NetWorker, versiones 19.12.0.1 y anteriores, contiene una vulnerabilidad de selección de algoritmos menos seguros durante la negociación («Degradación del algoritmo»). Un atacante no autenticado con acceso remoto podría explotar ... • https://www.dell.com/support/kbdoc/en-us/000338757/dsa-2025-268-security-update-for-dell-networker-selection-of-less-secure-algorithm-during-negotiation-vulnerability • CWE-757: Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-36593
https://notcve.org/view.php?id=CVE-2025-36593
30 Jun 2025 — Dell OpenManage Network Integration, versions prior to 3.8, contains an Authentication Bypass by Capture-replay vulnerability in the RADIUS protocol. An attacker with local network access could potentially exploit this vulnerability to forge a valid protocol accept message in response to a failed authentication request. • https://www.dell.com/support/kbdoc/en-us/000337238/dsa-2025-257-security-update-for-dell-openmanage-network-integration-omni-vulnerabilities • CWE-294: Authentication Bypass by Capture-replay •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-36595
https://notcve.org/view.php?id=CVE-2025-36595
27 Jun 2025 — Dell Unisphere for PowerMax vApp, version(s) 9.2.4.x, contain(s) an Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Code execution. • https://www.dell.com/support/kbdoc/en-us/000337554/dsa-2025-235-dell-powermaxos-dell-powermax-eem-dell-unisphere-for-powermax-dell-unisphere-for-powermax-virtual-appliance-dell-unisphere-360-dell-solutions-enabler-and-dell-solutions-enabler-virtual-appliance-security-update-for-multiple-vulnerabilit • CWE-96: Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-53298
https://notcve.org/view.php?id=CVE-2024-53298
20 Jun 2025 — Dell PowerScale OneFS, versions 9.5.0.0 through 9.10.0.1, contains a missing authorization vulnerability in the NFS export. An unauthenticated attacker with remote access could potentially exploit this vulnerability leading to unauthorized filesystem access. The attacker may be able to read, modify, and delete arbitrary files. This vulnerability is considered critical as it can be leveraged to fully compromise the system. Dell recommends customers to upgrade at the earliest opportunity. • https://www.dell.com/support/kbdoc/en-us/000326339/dsa-2025-208-security-update-for-dell-powerscale-onefs-for-multiple-security-vulnerabilities • CWE-862: Missing Authorization •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-32753
https://notcve.org/view.php?id=CVE-2025-32753
20 Jun 2025 — Dell PowerScale OneFS, versions 9.5.0.0 through 9.10.0.1, contains an improper neutralization of special elements used in an SQL command ('SQL injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to denial of service, information disclosure, and information tampering. • https://www.dell.com/support/kbdoc/en-us/000326339/dsa-2025-208-security-update-for-dell-powerscale-onefs-for-multiple-security-vulnerabilities • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.1EPSS: 0%CPEs: 3EXPL: 0CVE-2025-24919 – Dell ControlVault3/ControlVault3 Plus deserialization of untrusted input vulnerability
https://notcve.org/view.php?id=CVE-2025-24919
13 Jun 2025 — A deserialization of untrusted input vulnerability exists in the cvhDecapsulateCmd functionality of Dell ControlVault3 prior to 5.15.10.14 and ControlVault3 Plus prior to 6.2.26.36. A specially crafted ControlVault response to a command can lead to arbitrary code execution. An attacker can compromise a ControlVault firmware and have it craft a malicious response to trigger this vulnerability. • https://www.dell.com/support/kbdoc/en-us/000276106/dsa-2025-053 • CWE-502: Deserialization of Untrusted Data •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2025-25215 – Dell ControlVault3/ControlVault3 Plus cv_close arbitrary free vulnerability
https://notcve.org/view.php?id=CVE-2025-25215
13 Jun 2025 — An arbitrary free vulnerability exists in the cv_close functionality of Dell ControlVault3 prior to 5.15.10.14 and Dell ControlVault3 Plus prior to 6.2.26.36. A specially crafted ControlVault API call can lead to an arbitrary free. An attacker can forge a fake session to trigger this vulnerability. • https://www.dell.com/support/kbdoc/en-us/000276106/dsa-2025-053 • CWE-763: Release of Invalid Pointer or Reference •