Vulnerabilities
Vulnerable Software
Security Vulnerabilities
Dell PowerFlex Manager, version(s) prior to 5.1.0.1, contain(s) an Use of a Broken or Risky Cryptographic Algorithm vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure and Information tampering.
CVSS Score
4.8
EPSS Score
0.001
Published
2026-06-17
Dell PowerFlex Manager, version(s) prior to 5.1.0.1, contain(s) an Improper Access Control vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to denial of service.
CVSS Score
7.1
EPSS Score
0.002
Published
2026-06-17
Dell PowerFlex Manager, version(s) prior to 5.1.0.1, contain(s) an Improper Access Control vulnerability. A low privileged attacker with adjacent network access could potentially exploit this vulnerability, leading to Elevation of privileges and Unauthorized access.
CVSS Score
5.7
EPSS Score
0.002
Published
2026-06-17
Dell PowerFlex Manager, version(s) prior to 5.1.0.1, contain(s) an Improper Access Control vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to denial of service.
CVSS Score
4.3
EPSS Score
0.002
Published
2026-06-17
Dell PowerFlex Manager, version(s) prior to 5.1.0.1, contain(s) an Improper Authentication vulnerability. An unauthenticated attacker with adjacent network access could potentially exploit this vulnerability, leading to Unauthorized access.
CVSS Score
8.1
EPSS Score
0.002
Published
2026-06-17
Dell PowerFlex Manager, version(s) prior to 5.1.0.1, contain(s) a Missing Authentication for Critical Function vulnerability. An unauthenticated attacker with adjacent network access could potentially exploit this vulnerability, leading to Code execution, Denial of service, Information disclosure, Information tampering, Remote execution, Script injection, and Unauthorized access.
CVSS Score
8.8
EPSS Score
0.003
Published
2026-06-17
A flaw was found in 389 Directory Server in the __aclp__normalize_acltxt() function of aclparse.c. A malformed ACI (Access Control Instruction) string can trigger heap-buffer-overflow writes and reads during ACI parsing. The function fails to validate that the ACI keyword has sufficient length after whitespace stripping, leading to a 1-byte out-of-bounds write and subsequent out-of-bounds reads. An authenticated user with write access to the aci attribute could send a crafted ACI value to silently corrupt heap memory in the directory server process.
CVSS Score
5.4
EPSS Score
0.002
Published
2026-06-17
Dell PowerFlex Manager, version(s) prior to 5.1.0.1, contain(s) an Inclusion of Functionality from Untrusted Control Sphere vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure.
CVSS Score
7.5
EPSS Score
0.002
Published
2026-06-17
Plane CE 1.3.1 allows a low-privileged project member to submit arbitrary HTML/JS in the description_html field when creating an intake work item through the API v1 intake endpoint.
CVSS Score
6.9
EPSS Score
0.002
Published
2026-06-17
When NGINX Plus is configured as the data plane for NGINX Gateway Fabric, an injection vulnerability exists in the NGINX configuration generator component of NGINX Gateway Fabric. User-supplied string values from the NginxProxy Custom Resource Definition serverTokens field and the AuthenticationFilter Custom Resource Definition extraAuthArgs field are rendered directly into NGINX configuration templates without sanitization or escaping. An authenticated attacker with permission to create or modify these Custom Resource Definitions may craft values that inject arbitrary NGINX configuration directives. This is a control plane issue; there is no data plane exposure from the vulnerability trigger itself. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
CVSS Score
8.6
EPSS Score
0.006
Published
2026-06-17


Contact Us

Shodan ® - All rights reserved