These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.
CVE-2026-44273 is a Use of Default Credentials vulnerability in Dell Wyse Management Suite (WMS) versions prior to WMS 2605. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Information Disclosure. The vulnerability has a CVSS score of 6 and a severity of MEDIUM. Dell has provided a vendor advisory for mitigation. The CVE was published on 2026-06-22T20: [truncated]
CVE-2026-44272 is a high-severity SQL injection vulnerability in Dell Wyse Management Suite (WMS) versions prior to WMS 2605. A low-privileged attacker with remote access could potentially exploit this vulnerability, leading to unauthorized access. The vulnerability has a CVSS score of 8.8 and is considered HIGH severity. Dell has provided a vendor advisory for mitigation. The CVE was published on June 22 [truncated]
CVE-2025-32748 is a medium-severity vulnerability in Dell PowerFlex rack, versions RCM 3.7/3.7. An unauthenticated attacker with remote access could potentially exploit this Host Header Injection vulnerability to trigger redirections. Organizations using affected versions should review and update their systems to mitigate potential risks. The CVSS score for this vulnerability is 4.3, indicating a medium s [truncated]
CVE-2026-35066 is a HIGH-severity vulnerability in Dell PowerFlex Manager, with a CVSS score of 7.1. A low-privileged attacker with remote access could potentially exploit this Improper Access Control vulnerability, leading to a denial of service. The vulnerability was published on 2026-06-17 and modified on 2026-06-18. Dell has released a security update to address this issue. Organizations using affecte [truncated]
CVE-2026-32804 is a HIGH-severity vulnerability in Dell PowerFlex Manager, with a CVSS score of 8.1. It allows unauthenticated attackers with adjacent network access to gain unauthorized access. Dell has released a security update to address this issue. Organizations using affected versions should prioritize patching. The vulnerability was published on June 17, 2026, and updated on June 18, 2026.
CVE-2024-39575 is a high-severity vulnerability with a CVSS score of 7.4. The vulnerability is related to the update_disk_psu_baseline.sh script, which requires a password in plain text. The CVE was published on 2026-06-16T19:16:29.040Z and last modified on 2026-06-16T20:41:35.520Z. The vendor is currently listed as Unknown Vendor, but evidence suggests a potential link to Dell [ref-4].
CVE-2024-38487 is a HIGH severity vulnerability with a CVSS score of 7. The api-gateway container running with root privilege allows an attacker to escape the container and access the host system to perform unintended actions.
CVE-2024-30476 is a Stored Cross-Site Scripting Vulnerability in the PowerStore Manager. A remote authenticated low-privileged malicious actor could potentially exploit this vulnerability, it could lead to script execution in the client browser. The vulnerability has a CVSS score of 5.4 and a severity of MEDIUM.
CVE-2024-22451 is a MEDIUM-severity vulnerability in Dell Peripheral Manager, affecting versions from 1.5.1 to 1.7.2. The vulnerability is caused by an uncontrolled search path element, which could allow an attacker to preload a malicious executable, leading to arbitrary code execution. The CVSS score for this vulnerability is 6.7.
CVE-2024-22447 is a MEDIUM-severity vulnerability in Dell Peripheral Manager, affecting versions prior to 1.7.3. The vulnerability is caused by an uncontrolled search path element, which could allow an attacker to execute arbitrary code by preloading malicious DLLs.
CVE-2026-40639 is a MEDIUM-severity vulnerability in Dell Client Platform BIOS, with a CVSS score of 5.7. It involves Weak Encoding for Password, allowing an unauthenticated attacker with physical access to potentially exploit the vulnerability, leading to Elevation of Privileges.
CVE-2026-44275 is a MEDIUM severity vulnerability in Dell/Alienware Purchased Apps versions prior to 1.1.32.0. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Arbitrary File Write. The vulnerability is caused by an Improper Link Resolution Before File Access ('Link Following').
CVE-2026-41116 is a vulnerability in Dell Inventory Collector Client, versions prior to 13.8.0. The vulnerability is caused by an Improper Link Resolution Before File Access ('Link Following') issue. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Arbitrary File Write. The CVSS score for this vulnerability is 6.3, and the severity is classified as MEDIUM.
CVE-2026-28262 is a MEDIUM-severity vulnerability in Dell iDRAC Tools, versions prior to 11.4.1.0. The vulnerability is caused by an Improper Link Resolution Before File Access ('Link Following') issue. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information tampering. The CVSS score for this vulnerability is 6. The CVE was published on 2026-06-09T0 [truncated]
CVE-2025-46638 is a HIGH-severity vulnerability in Dell BSAFE SSL-J, which allows an unauthenticated remote attacker to potentially exploit the vulnerability, leading to a Denial of Service (DoS). The vulnerability has a CVSS score of 7.5 and was published on [cvePublishedAt](https://www.cve.org/CVERecord?id=CVE-2025-46638).
Dell Unisphere for PowerMax Virtual Appliance versions prior to 10.0.0.2 contain an authorization bypass vulnerability in the Unisphere for VMAX application running within the vApp. The flaw, classified as CWE-285 (Improper Authorization), allows an authenticated attacker with low privileges to bypass authorization controls. The vulnerability has a network attack vector with low attack complexity, requiri [truncated]
Published on 2026-05-20, CVE-2025-32750 affects Dell PowerFlex Manager versions 4.6.2 and earlier. NVD rates the issue HIGH with a CVSS 3.1 vector of AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N, indicating an unauthenticated remote attacker could potentially expose information through directory listing.
CVE-2026-35070 describes a command injection weakness in Dell SmartFabric Storage Software before version 1.4.5. According to the CVE description and NVD metadata, exploitation requires local access with high privileges, but could still lead to filesystem access for the attacker. NVD currently lists the record as awaiting analysis, so organizations should treat vendor/product details as tied to the Dell a [truncated]
A medium-severity vulnerability in Dell Live Optics collectors allows remote unauthenticated attackers to bypass SSL/TLS certificate validation, potentially enabling man-in-the-middle attacks that compromise data confidentiality and integrity. The vulnerability stems from improper certificate validation (CWE-295) in both Windows and Personal Edition collector software. Dell has published security advisory [truncated]
CVE-2026-35154 is a Dell PowerProtect Data Domain vulnerability involving improper privilege management. According to the CVE description, a high-privileged attacker with local access could potentially elevate privileges to perform unauthorized delete operations. The issue was publicly disclosed on 2026-04-20 and later modified on 2026-05-11. The NVD record lists CVSS 3.1 severity as MEDIUM (6.3) with loc [truncated]
CVE-2026-22769 affects Dell RecoverPoint for Virtual Machines (RP4VMs) and is described as a use of hard-coded credentials vulnerability. CISA added it to the Known Exploited Vulnerabilities catalog on 2026-02-18 with a due date of 2026-02-21, so defenders should treat it as an urgent remediation item. The supplied corpus directs organizations to apply Dell’s mitigations, follow applicable CISA BOD 22-01 [truncated]
CVE-2021-21551 is a Dell dbutil Driver insufficient access control vulnerability. CISA added it to the Known Exploited Vulnerabilities catalog on 2022-03-31, which makes it a high-priority remediation item for defenders. Use Dell’s update guidance and verify affected systems are patched or otherwise remediated.
CVE-2016-9684 is a critical network-reachable command injection issue in the SonicWall Secure Remote Access web administrative interface. The affected viewcert CGI component (/cgi-bin/viewcert) fails to properly escape the CERT value before calling system(), which can allow remote command execution. The supplied description notes that successful exploitation can yield shell access as the nobody user.
CVE-2016-9683 is a critical command injection flaw in the SonicWall Secure Remote Access server web administrative interface. The vulnerable CGI component can pass an unsanitized script filename into system(), which can let a remote attacker run commands and obtain a shell as the nobody user. Public CVE disclosure is dated 2017-02-22.
CVE-2016-9682 describes two remote command injection flaws in the SonicWall Secure Remote Access server web administrative interface. The issue is in the diagnostics CGI at /cgi-bin/diagnostics, where attacker-controlled values are passed to system() without proper escaping. NVD classifies the flaw as CWE-77 and assigns a CVSS v3.0 score of 9.8, reflecting network reachability, no authentication, no user [truncated]
CVE-2015-4057 is an information-disclosure issue in the Plug-in for VMware vCenter in Dell VCE Vision Intelligent Operations before 2.6.5. When a user requests the Settings screen, the product sends a cleartext HTTP response, which can allow a network observer to recover the admin user password. NVD rates the issue HIGH with a 7.5 CVSS score, reflecting unauthenticated network exposure and confidentiality [truncated]
CVE-2015-4056 describes weak cryptography in the System Library of VCE Vision Intelligent Operations before 2.6.5. According to the official vulnerability record, a local user with administrative access could leverage the flaw to discover credentials. The issue was publicly disclosed in the CVE/NVD record on 2017-02-21 and is categorized by NVD as CWE-310.
CVE-2016-8217 describes a timing-side-channel weakness in EMC RSA BSAFE Crypto-J PKCS#12 handling. The issue affects versions prior to 6.2.2 and arises because the toolkit compares a stored MAC with a calculated MAC using a non-constant-time method. NVD rates the issue LOW with CVSS 3.1 vector AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N.
CVE-2016-8216 is a command injection vulnerability in Dell EMC Data Domain OS. NVD rates it 6.7 (medium) and the published advisory scope covers Data Domain OS 5.4 all versions, plus 5.5, 5.6, and 5.7 families before the fixed releases. Because the CVSS vector includes local access and high privileges, the issue is most relevant where administrative or otherwise privileged access is possible.
CVE-2016-8212 is a high-severity certificate-validation flaw in EMC RSA BSAFE Crypto-J versions prior to 6.2.2. The issue affects OCSP response handling: when a response omits nextUpdate, Crypto-J may treat that response as valid indefinitely instead of limiting acceptance to a short window around thisUpdate. That weakens revocation checking for affected deployments and is similar to CVE-2015-4748.
CVE-2016-8211 is a high-severity path traversal issue affecting EMC Data Protection Advisor versions 6.1.x, 6.2, 6.2.1, 6.2.2, and 6.2.3 before patch 446. The NVD record classifies it as CWE-22 and assigns a CVSS 3.1 score of 7.5, indicating a network-reachable issue with no privileges or user interaction required and high confidentiality impact. Organizations running the affected product should treat thi [truncated]