1272
CVEs
95
Critical
541
High
2
KEV
49
PoC
462
Unpatched C/H
29.1%
Patch Rate
1.4%
Avg EPSS
Severity Breakdown
CRITICAL
95
HIGH
541
MEDIUM
578
LOW
55
Monthly CVE Trend
Affected Products (30)
Powerscale Onefs
78
Emc Powerscale Onefs
60
Latitude 9410 Firmware
57
Latitude 5511 Firmware
56
Latitude 5411 Firmware
56
Latitude 7310 Firmware
55
Embedded Box Pc 5000 Firmware
55
Latitude 7410 Firmware
55
Latitude 7480 Firmware
54
Latitude 5400 Firmware
54
Latitude 5310 Firmware
54
Vostro 3681 Firmware
53
Latitude 7290 Firmware
53
Chengming 3991 Firmware
53
Latitude 5310 2 In 1 Firmware
53
Latitude 9510 Firmware
53
Inspiron 3881 Firmware
53
Chengming 3990 Firmware
53
Precision 3550 Firmware
53
Vostro 3888 Firmware
53
Inspiron 3880 Firmware
53
Optiplex 3080 Firmware
53
Latitude 7390 Firmware
53
Vostro 3881 Firmware
53
Latitude 5410 Firmware
53
Latitude 7490 Firmware
53
Optiplex 7080 Firmware
53
Latitude 5500 Firmware
52
Precision 3440 Firmware
52
Latitude 5510 Firmware
52
Top Risky CVEs
| CVE | Summary | Severity | CVSS | EPSS | Priority | Signals |
|---|---|---|---|---|---|---|
| CVE-2012-2962 | SQL injection vulnerability in d4d/statusFilter.php in Plixer Scrutinizer (aka Dell SonicWALL Scrutinizer) before 9.5.2 allows remote authenticated users to execute arbitrary SQL commands via the q. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 90.3%. | MEDIUM | 6.5 | 90.3% | 158 |
PoC
No patch
|
| CVE-2014-8420 | The ViewPoint web application in Dell SonicWALL Global Management System (GMS) before 7.2 SP2, SonicWALL Analyzer before 7.2 SP2, and SonicWALL UMA before 7.2 SP2 allows remote authenticated users to. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 73.8%. | CRITICAL | 9.0 | 73.8% | 154 |
PoC
No patch
|
| CVE-2012-3951 | The MySQL component in Plixer Scrutinizer (aka Dell SonicWALL Scrutinizer) 9.0.1.19899 and earlier has a default password of admin for the (1) scrutinizer and (2) scrutremote accounts, which allows. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 79.5%. | HIGH | 7.5 | 79.5% | 152 |
PoC
No patch
|
| CVE-2014-4977 | Multiple SQL injection vulnerabilities in Dell SonicWall Scrutinizer 11.0.1 allow remote authenticated users to execute arbitrary SQL commands via the (1) selectedUserGroup parameter in a create new. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 84.5%. | MEDIUM | 6.5 | 84.5% | 152 |
PoC
No patch
|
| CVE-2026-22769 | Dell RecoverPoint for Virtual Machines prior to 6.0.3.1 HF1 contains hardcoded credentials (CVE-2026-22769, CVSS 10.0) that allow unauthenticated remote attackers with knowledge of the credentials to gain root-level access to the underlying operating system. KEV-listed, this vulnerability exposes disaster recovery infrastructure to complete compromise, potentially affecting the integrity of backup and replication data. | CRITICAL | 10.0 | 34.2% | 134 |
KEV
|
| CVE-2014-125113 | An unrestricted file upload vulnerability exists in Dell (acquired by Quest) KACE K1000 System Management Appliance version 5.0 - 5.3, 5.4 prior to 5.4.76849, and 5.5 prior to 5.5.90547 in the. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 52.4%. | CRITICAL | 9.3 | 52.4% | 134 |
PoC
No patch
|
| CVE-2012-2626 | cgi-bin/admin.cgi in the web console in Plixer Scrutinizer (aka Dell SonicWALL Scrutinizer) before 9.5.0 does not require token authentication, which allows remote attackers to add administrative. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 76.0%. | MEDIUM | 5.0 | 76.0% | 121 |
PoC
No patch
|
| CVE-2014-8272 | The IPMI 1.5 functionality in Dell iDRAC6 modular before 3.65, iDRAC6 monolithic before 1.98, and iDRAC7 before 1.57.57 does not properly select session ID values, which makes it easier for remote. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 59.6%. | MEDIUM | 5.0 | 59.6% | 105 |
PoC
No patch
|
| CVE-2017-10955 | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of EMC Data Protection Advisor 6.3.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 33.5% and no vendor patch available. | HIGH | 8.8 | 33.5% | 77 |
No patch
|
| CVE-2012-2627 | d4d/uploader.php in the web console in Plixer Scrutinizer (aka Dell SonicWALL Scrutinizer) before 9.5.0 allows remote attackers to create or overwrite arbitrary files in. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available. | CRITICAL | 9.4 | 8.5% | 75 |
PoC
No patch
|
| CVE-2021-21551 | Dell dbutil_2_3.sys driver contains an insufficient access control vulnerability which may lead to escalation of privileges, denial of service, or information disclosure. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available. | HIGH | 7.8 | 58.1% | 74 |
KEV
PoC
No patch
|
| CVE-2025-36604 | Dell Unity, version(s) 5.5 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 14.3% and no vendor patch available. | HIGH | 7.3 | 14.3% | 71 |
PoC
No patch
|
| CVE-2018-1207 | Dell EMC iDRAC7/iDRAC8, versions prior to 2.52.52.52, contain CGI injection vulnerability which could be used to execute remote code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available. | CRITICAL | 9.8 | 90.8% | 69 |
PoC
No patch
|
| CVE-2018-1217 | Avamar Installation Manager in Dell EMC Avamar Server 7.3.1, 7.4.1, and 7.5.0, and Dell EMC Integrated Data Protection Appliance 2.0 and 2.1, is affected by a missing access control check. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available. | CRITICAL | 9.8 | 46.6% | 69 |
PoC
No patch
|
| CVE-2018-1235 | Dell EMC RecoverPoint versions prior to 5.1.2 and RecoverPoint for VMs versions prior to 5.1.1.3, contain a command injection vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available. | CRITICAL | 9.8 | 43.3% | 69 |
PoC
No patch
|