Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

Filtering: Tag: vmware Clear
ID Title
CVE-2026-40982 Path Traversal in org.springframework.cloud:spring-cloud-config-server (CVE-2026-40982)
path traversal in org.springframework.cloud:spring-cloud-config-server (CVE-2026-40982). Confidential information can be exposed externally. Mitigation: upgrade to `5.0.3` or later.
CVE-2026-41002 Vulnerability in org.springframework.cloud:spring-cloud-config-server (CVE-2026-41002)
vulnerability in org.springframework.cloud:spring-cloud-config-server (CVE-2026-41002). Confidential information can be exposed externally. Exploitable via ``spring.cloud.config.server.git.basedir``.
CVE-2026-41004 Vulnerability in org.springframework.cloud:spring-cloud-config-server (CVE-2026-41004)
vulnerability in org.springframework.cloud:spring-cloud-config-server (CVE-2026-41004). Confidential information can be exposed externally.
CVE-2026-31431 KEV [KEV] Vulnerability in Linux redhat (CVE-2026-31431)
vulnerability in Linux redhat (CVE-2026-31431). Successful exploitation can lead to full system takeover. Listed in CISA KEV — actively exploited.
CVE-2026-40976 Vulnerability in org.springframework.boot:spring-boot (CVE-2026-40976)
vulnerability in org.springframework.boot:spring-boot (CVE-2026-40976). Confidential information can be exposed externally. Mitigation: upgrade to `4.0.6` or later.
CVE-2026-40974 Vulnerability in spring (CVE-2026-40974)
vulnerability in spring (CVE-2026-40974). Risk of unauthorized operations or information disclosure.
CVE-2026-40975 Vulnerability in spring (CVE-2026-40975)
vulnerability in spring (CVE-2026-40975). Risk of unauthorized operations or information disclosure.
CVE-2026-40971 Vulnerability in spring (CVE-2026-40971)
vulnerability in spring (CVE-2026-40971). Risk of unauthorized operations or information disclosure.
CVE-2026-40970 Vulnerability in spring (CVE-2026-40970)
vulnerability in spring (CVE-2026-40970). Risk of unauthorized operations or information disclosure.
CVE-2026-22754 Vulnerability in vmware (CVE-2026-22754)
vulnerability in vmware (CVE-2026-22754). Data can be tampered with by attackers.
CVE-2026-22747 Vulnerability in vmware (CVE-2026-22747)
vulnerability in vmware (CVE-2026-22747). Confidential information can be exposed externally.
CVE-2026-22750 Vulnerability in vmware (CVE-2026-22750)
vulnerability in vmware (CVE-2026-22750). Data can be tampered with by attackers.
CVE-2026-22744 Vulnerability in vmware (CVE-2026-22744)
vulnerability in vmware (CVE-2026-22744). Confidential information can be exposed externally.
CVE-2026-22738 Vulnerability in org.springframework.ai:spring-ai-vector-store (CVE-2026-22738)
vulnerability in org.springframework.ai:spring-ai-vector-store (CVE-2026-22738). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `1.1.4` or later.
CVE-2026-22742 SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-22742)
SSRF in ssrf (CVE-2026-22742). Confidential information can be exposed externally.
CVE-2025-22226 KEV [KEV] Out-of-Bounds Read in Vmware esxi (CVE-2025-22226)
vulnerability in Vmware esxi (CVE-2025-22226). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2025-22225 KEV [KEV] Vulnerability in Vmware esxi (CVE-2025-22225)
vulnerability in Vmware esxi (CVE-2025-22225). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2025-22224 KEV [KEV] Vulnerability in Vmware esxi-and-workstation (CVE-2025-22224)
vulnerability in Vmware esxi-and-workstation (CVE-2025-22224). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2024-38813 KEV [KEV] Vulnerability in Vmware vcenter-server (CVE-2024-38813)
vulnerability in Vmware vcenter-server (CVE-2024-38813). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2024-38812 KEV [KEV] Vulnerability in Vmware vcenter-server (CVE-2024-38812)
vulnerability in Vmware vcenter-server (CVE-2024-38812). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2024-37085 KEV [KEV] Vulnerability in Vmware esxi (CVE-2024-37085)
vulnerability in Vmware esxi (CVE-2024-37085). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2022-22948 KEV [KEV] Vulnerability in Vmware vcenter-server (CVE-2022-22948)
vulnerability in Vmware vcenter-server (CVE-2022-22948). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2023-34048 KEV [KEV] Out-of-Bounds Write in Vmware vcenter-server (CVE-2023-34048)
out-of-bounds write in Vmware vcenter-server (CVE-2023-34048). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2023-20867 KEV [KEV] Authentication Bypass in Vmware tools (CVE-2023-20867)
authentication bypass in Vmware tools (CVE-2023-20867). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2023-20887 KEV [KEV] Command Injection in Vmware aria-operations-for-networks (CVE-2023-20887)
command injection in Vmware aria-operations-for-networks (CVE-2023-20887). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2022-22977 XXE (XML External Entity) in vmware (CVE-2022-22977)
vulnerability in vmware (CVE-2022-22977). Confidential information can be exposed externally.
CVE-2021-21974 Out-of-Bounds Write in vmware (CVE-2021-21974)
out-of-bounds write in vmware (CVE-2021-21974). Successful exploitation can lead to full system takeover.
CVE-2022-22947 KEV [KEV] Code Injection in Vmware spring-cloud-gateway (CVE-2022-22947)
code injection in Vmware spring-cloud-gateway (CVE-2022-22947). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2022-22960 KEV [KEV] Vulnerability in Vmware multiple-products (CVE-2022-22960)
vulnerability in Vmware multiple-products (CVE-2022-22960). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2022-22954 KEV [KEV] Code Injection in Vmware workspace-one-access-and-identity-manager (CVE-2022-22954)
code injection in Vmware workspace-one-access-and-identity-manager (CVE-2022-22954). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2022-22965 KEV [KEV] Code Injection in Vmware spring-framework (CVE-2022-22965)
code injection in Vmware spring-framework (CVE-2022-22965). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2018-6961 KEV [KEV] OS Command Injection in Vmware sd-wan-edge (CVE-2018-6961)
OS command injection in Vmware sd-wan-edge (CVE-2018-6961). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2018-1273 KEV [KEV] Code Injection in Vmware tanzu vmware-tanzu (CVE-2018-1273)
code injection in Vmware tanzu vmware-tanzu (CVE-2018-1273). Successful exploitation can lead to full system takeover. Listed in CISA KEV — actively exploited.
CVE-2021-21973 KEV [KEV] Vulnerability in Vmware vcenter-server-and-cloud-foundation (CVE-2021-21973)
vulnerability in Vmware vcenter-server-and-cloud-foundation (CVE-2021-21973). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2021-21975 KEV [KEV] SSRF (Server-Side Request Forgery) in Vmware vrealize-operations-manager-api (CVE-2021-21975)
SSRF in Vmware vrealize-operations-manager-api (CVE-2021-21975). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2021-22017 KEV [KEV] Vulnerability in Vmware vcenter-server (CVE-2021-22017)
vulnerability in Vmware vcenter-server (CVE-2021-22017). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2019-5544 KEV [KEV] Out-of-Bounds Write in vmware (CVE-2019-5544)
out-of-bounds write in vmware (CVE-2019-5544). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2020-3992 KEV [KEV] Use-After-Free in Vmware esxi (CVE-2020-3992)
vulnerability in Vmware esxi (CVE-2020-3992). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2020-3950 KEV [KEV] Privilege Escalation in Vmware multiple-products (CVE-2020-3950)
vulnerability in Vmware multiple-products (CVE-2020-3950). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2021-22005 KEV [KEV] Vulnerability in Vmware vcenter-server (CVE-2021-22005)
vulnerability in Vmware vcenter-server (CVE-2021-22005). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2020-3952 KEV [KEV] Vulnerability in Vmware vcenter-server (CVE-2020-3952)
vulnerability in Vmware vcenter-server (CVE-2020-3952). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2021-21972 KEV [KEV] Vulnerability in Vmware vcenter-server (CVE-2021-21972)
vulnerability in Vmware vcenter-server (CVE-2021-21972). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2021-21985 KEV [KEV] Vulnerability in Vmware vcenter-server (CVE-2021-21985)
vulnerability in Vmware vcenter-server (CVE-2021-21985). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2020-4006 KEV [KEV] OS Command Injection in Vmware multiple-products (CVE-2020-4006)
OS command injection in Vmware multiple-products (CVE-2020-4006). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2018-1259 XXE (XML External Entity) in broadcom (CVE-2018-1259)
vulnerability in broadcom (CVE-2018-1259). Confidential information can be exposed externally.
CVE-2018-1274 Vulnerability in dos (CVE-2018-1274)
vulnerability in dos (CVE-2018-1274). Risk of unauthorized operations or information disclosure.
CVE-2017-5753 Vulnerability in intel (CVE-2017-5753)
vulnerability in intel (CVE-2017-5753). Confidential information can be exposed externally.
CVE-2017-8046 Vulnerability in spring (CVE-2017-8046)
vulnerability in spring (CVE-2017-8046). Successful exploitation can lead to full system takeover.
CVE-2017-4933 Out-of-Bounds Write in vmware (CVE-2017-4933)
out-of-bounds write in vmware (CVE-2017-4933). Successful exploitation can lead to full system takeover.
CVE-2017-4940 Cross-Site Scripting (XSS) in vmware (CVE-2017-4940)
cross-site scripting in vmware (CVE-2017-4940). Risk of unauthorized operations or information disclosure.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →