cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2025-22395,https://securityvulnerability.io/vulnerability/CVE-2025-22395,Local Privilege Escalation in Dell Update Package Framework,"The Dell Update Package Framework, prior to version 22.01.02, contains a vulnerability that allows low-privileged local attackers to exploit the system. This exploitation could lead to the execution of arbitrary remote scripts, potentially resulting in service disruptions. It highlights the importance of keeping software updated to prevent unauthorized access and mitigate the risk of attack.",Dell,Dell Update Package (dup) Framework,7.8,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-07T02:52:54.624Z,0
CVE-2023-39254,https://securityvulnerability.io/vulnerability/CVE-2023-39254,Dell Update Package (DUP) Uncontrolled Search Path Vulnerability,"The vulnerability present in Dell Update Package (DUP) prior to version 4.9.10 stems from an Uncontrolled Search Path issue. This flaw could enable a malicious user, with local access to the affected system, to potentially exploit the vulnerability and execute arbitrary code with administrative privileges. This poses a significant security risk for users and organizations relying on affected versions of the software. Users are recommended to upgrade to the latest version to mitigate any risks associated with this vulnerability.",Dell,Dup Framework,7.3,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-03-01T12:43:30.966Z,0
CVE-2023-32454,https://securityvulnerability.io/vulnerability/CVE-2023-32454,Insecure Operation on Windows Junction/Mount Point Vulnerability,"The DUP framework versions up to and including 4.9.4.36 contain a vulnerability that allows local malicious users to exploit the system through insecure operations on Windows junctions and mount points. By manipulating these operations, an attacker can create arbitrary files, which may lead to service disruptions. This vulnerability highlights critical considerations for securing software environments and mitigating risks associated with local user permissions.",Dell,Dup Framework,6.3,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-02-06T08:00:46.285Z,0
CVE-2019-3726,https://securityvulnerability.io/vulnerability/CVE-2019-3726,,"An Uncontrolled Search Path Vulnerability is applicable to the following: Dell Update Package (DUP) Framework file versions prior to 19.1.0.413, and Framework file versions prior to 103.4.6.69 used in Dell EMC Servers. Dell Update Package (DUP) Framework file versions prior to 3.8.3.67 used in Dell Client Platforms. The vulnerability is limited to the DUP framework during the time window when a DUP is being executed by an administrator. During this time window, a locally authenticated low privilege malicious user potentially could exploit this vulnerability by tricking an administrator into running a trusted binary, causing it to load a malicious DLL and allowing the attacker to execute arbitrary code on the victim system. The vulnerability does not affect the actual binary payload that the DUP delivers.",Dell,"Dell Emc Servers: Networking And Fibre Channel Drivers: Dell Update Package (dup) Framework File,Dell Emc Servers: All Other Drivers, BiOS And Firmware: Dell Update Package (dup) Framework File,Dell Client Platforms: Dell Update Packages (dup) Framework File",6.7,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2019-09-24T16:15:00.000Z,0