CVSS: 3.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-36576
https://notcve.org/view.php?id=CVE-2025-36576
10 Jun 2025 — Dell Wyse Management Suite, versions prior to WMS 5.2, contain a Cross-Site Request Forgery (CSRF) vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Server-side request forgery. • https://www.dell.com/support/kbdoc/en-us/000325679/dsa-2025-226 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.7EPSS: 0%CPEs: 1EXPL: 0CVE-2025-36577
https://notcve.org/view.php?id=CVE-2025-36577
10 Jun 2025 — Dell Wyse Management Suite, versions prior to WMS 5.2, contain an Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Script injection. • https://www.dell.com/support/kbdoc/en-us/000325679/dsa-2025-226 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.7EPSS: 0%CPEs: 1EXPL: 0CVE-2025-36580
https://notcve.org/view.php?id=CVE-2025-36580
10 Jun 2025 — Dell Wyse Management Suite, versions prior to WMS 5.2, contain an Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Script injection • https://www.dell.com/support/kbdoc/en-us/000325679/dsa-2025-226 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-36578
https://notcve.org/view.php?id=CVE-2025-36578
10 Jun 2025 — Dell Wyse Management Suite, versions prior to WMS 5.2, contain an Incorrect Authorization vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Unauthorized access. • https://www.dell.com/support/kbdoc/en-us/000325679/dsa-2025-226 • CWE-863: Incorrect Authorization •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-36574
https://notcve.org/view.php?id=CVE-2025-36574
10 Jun 2025 — Dell Wyse Management Suite, versions prior to WMS 5.2, contain an Absolute Path Traversal vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure and Unauthorized access. • https://www.dell.com/support/kbdoc/en-us/000325679/dsa-2025-226 • CWE-36: Absolute Path Traversal •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-36575
https://notcve.org/view.php?id=CVE-2025-36575
10 Jun 2025 — Dell Wyse Management Suite, versions prior to WMS 5.2, contain an Exposure of Sensitive Information Through Data Queries vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure. • https://www.dell.com/support/kbdoc/en-us/000325679/dsa-2025-226 • CWE-202: Exposure of Sensitive Information Through Data Queries •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2025-27695
https://notcve.org/view.php?id=CVE-2025-27695
08 May 2025 — Dell Wyse Management Suite, versions prior to WMS 5.1 contain an Authentication Bypass by Spoofing vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Information Disclosure. • https://www.dell.com/support/kbdoc/en-us/000296515/dsa-2025-135 • CWE-290: Authentication Bypass by Spoofing •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-27692
https://notcve.org/view.php?id=CVE-2025-27692
02 Apr 2025 — Dell Wyse Management Suite, versions prior to WMS 5.1, contains an Unrestricted Upload of File with Dangerous Type vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Denial of service, Information disclosure, and Remote execution • https://www.dell.com/support/kbdoc/en-us/000296515/dsa-2025-135 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2025-27693
https://notcve.org/view.php?id=CVE-2025-27693
02 Apr 2025 — Dell Wyse Management Suite, versions prior to WMS 5.1, contains an Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Script injection. • https://www.dell.com/support/kbdoc/en-us/000296515/dsa-2025-135 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-27694
https://notcve.org/view.php?id=CVE-2025-27694
02 Apr 2025 — Dell Wyse Management Suite, versions prior to WMS 5.1, contains an Insufficient Resource Pool vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Denial of service. • https://www.dell.com/support/kbdoc/en-us/000296515/dsa-2025-135 • CWE-410: Insufficient Resource Pool •