311
CVEs
11
Critical
138
High
1
KEV
1
PoC
100
Unpatched C/H
37.3%
Patch Rate
0.3%
Avg EPSS
Severity Breakdown
CRITICAL
11
HIGH
138
MEDIUM
134
LOW
22
Monthly CVE Trend
Affected Products (30)
Powerscale Onefs
21
Unity Operating Environment
19
Linux Kernel
15
Smartfabric Os10
14
Powerprotect Data Manager
13
Wyse Management Suite
13
Data Domain Operating System
10
Cloudlink
8
Powerflex Manager
8
Powerflex Manager Rack
7
Alienware Command Center
7
Thinos
7
Powerflex Manager Appliance
7
Supportassist Os Recovery
5
Ubuntu
5
Objectscale
5
Elastic Cloud Storage
5
Storage Manager
5
Secure Connect Gateway
4
Networker
4
Unisphere For Powermax
4
Precision 3490 Firmware
3
Precision 3590 Firmware
3
Recoverpoint For Virtual Machines
3
Open Redirect
3
Latitude 7650 Firmware
3
Latitude 7350 Firmware
3
Latitude 5550 Firmware
3
Latitude 5350 Firmware
3
Latitude 7350 Detachable Firmware
3
Top Risky CVEs
| CVE | Summary | Severity | CVSS | EPSS | Priority | Signals |
|---|---|---|---|---|---|---|
| CVE-2026-22769 | Dell RecoverPoint for Virtual Machines prior to 6.0.3.1 HF1 contains hardcoded credentials (CVE-2026-22769, CVSS 10.0) that allow unauthenticated remote attackers with knowledge of the credentials to gain root-level access to the underlying operating system. KEV-listed, this vulnerability exposes disaster recovery infrastructure to complete compromise, potentially affecting the integrity of backup and replication data. | CRITICAL | 10.0 | 34.2% | 134 |
KEV
|
| CVE-2025-24383 | Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 11.8% and no vendor patch available. | CRITICAL | 9.1 | 11.8% | 57 |
No patch
|
| CVE-2025-22398 | Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available. | CRITICAL | 9.8 | 1.6% | 51 |
No patch
|
| CVE-2025-27690 | Dell PowerScale OneFS, versions 9.5.0.0 through 9.10.1.0, contains a use of default password vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available. | CRITICAL | 9.8 | 0.5% | 49 |
No patch
|
| CVE-2024-53298 | CVE-2024-53298 is a critical missing authorization vulnerability in Dell PowerScale OneFS NFS export functionality that allows unauthenticated remote attackers to gain unauthorized filesystem access without authentication. Affected versions range from 9.5.0.0 through 9.10.0.1, and successful exploitation enables arbitrary file read, modification, and deletion, leading to complete system compromise. With a CVSS score of 9.8 and network-based attack vector requiring no privileges or user interaction, this vulnerability poses severe risk to unpatched Dell PowerScale deployments; KEV status and active exploitation details require vendor advisory verification. | CRITICAL | 9.8 | 0.3% | 49 |
No patch
|
| CVE-2026-40636 | Hard-coded credentials in Dell ECS 3.8.1.0-3.8.1.7 and ObjectScale <4.3.0.0 allow unauthenticated filesystem access. Despite CVSS 9.8 (network vector), the description explicitly states 'local access' is required, creating a critical discrepancy between scoring and actual attack surface. Attackers with local system access can leverage embedded credentials to gain unauthorized filesystem access. No active exploitation (CISA KEV) or public exploit confirmed at time of analysis. Dell advisory DSA-2026-047 addresses the vulnerability. | CRITICAL | 9.8 | 0.1% | 49 |
|
| CVE-2024-48013 | Dell SmartFabric OS10 Software, version(s) 10.5.4.x, 10.5.5.x, 10.5.6.x, 10.6.0.x, contain(s) an Execution with Unnecessary Privileges vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available. | HIGH | 8.8 | 0.5% | 44 |
No patch
|
| CVE-2025-29987 | Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) versions prior to 8.3.0.15 contain an Insufficient Granularity of Access Control vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available. | HIGH | 8.8 | 0.4% | 44 |
No patch
|
| CVE-2025-24381 | Dell Unity, version(s) 5.4 and prior, contain(s) an URL Redirection to Untrusted Site ('Open Redirect') vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available. | HIGH | 8.8 | 0.4% | 44 |
No patch
|
| CVE-2024-49559 | Dell SmartFabric OS10 Software, version(s) 10.5.4.x, 10.5.5.x, 10.5.6.x, 10.6.0.x, contain(s) an Use of Default Password vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available. | HIGH | 8.8 | 0.2% | 44 |
No patch
|
| CVE-2026-26944 | Missing authentication in Dell PowerProtect Data Domain 7.7.1.0-8.6 and LTS releases allows remote unauthenticated attackers to execute arbitrary commands with root privileges when combined with user interaction. Affects enterprise backup appliances across multiple release branches including LTS2025 (8.3.1.0-8.3.1.20) and LTS2024 (7.13.1.0-7.13.1.60). CVSS 8.8 with network vector but requires user interaction (UI:R), reducing immediate automation risk. No EPSS or KEV data available at time of analysis, indicating vulnerability is newly disclosed. Dell security advisory DSA-2026-060 confirms patch availability. | HIGH | 8.8 | 0.1% | 44 |
|
| CVE-2026-26358 | Dell Unisphere for PowerMax 10.2 lacks proper authorization checks, allowing authenticated remote attackers to bypass access controls and gain unauthorized administrative capabilities. This missing authorization vulnerability (CWE-862) affects users who have any valid account credentials on affected systems. No patch is currently available, making this a critical risk for organizations operating vulnerable PowerMax installations. | HIGH | 8.8 | 0.1% | 44 |
No patch
|
| CVE-2026-26359 | Dell Unisphere for PowerMax 10.2 contains a path traversal vulnerability that allows authenticated remote attackers to overwrite arbitrary files on the system. This HIGH severity flaw (CVSS 8.8) requires only low privileges and network access to exploit, potentially enabling complete system compromise. No patch is currently available for this vulnerability. | HIGH | 8.8 | 0.1% | 44 |
No patch
|
| CVE-2026-22765 | Dell Wyse Management Suite versions prior to 5.5 suffer from improper access controls that allow authenticated remote attackers to escalate their privileges. An attacker with low-level credentials can bypass authorization checks to gain high-privilege access to the system, potentially compromising confidentiality, integrity, and availability. No patch is currently available for this vulnerability. | HIGH | 8.8 | 0.0% | 44 |
No patch
|
| CVE-2025-25215 | A security vulnerability in the cv_close functionality of Dell ControlVault3 (CVSS 8.8). High severity vulnerability requiring prompt remediation. | HIGH | 8.8 | 0.0% | 44 |
|