44 matches found
EUVD-2024-19842
Malicious code in bioql PyPI...
EUVD-2025-2671
Malicious code in bioql PyPI...
EUVD-2023-38176
Malicious code in bioql PyPI...
EUVD-2025-14367
Malicious code in bioql PyPI...
CVE-2023-34063
Aria Automation contains a Missing Access Control vulnerability. An authenticated malicious actor may exploit this vulnerability leading to unauthorized access to remote organizations and workflows...
The vulnerability of the VMware Aria Automation (previously vRealize Automation) software, a virtualization platform from VMware Cloud Foundation, and the VMware Telco Cloud Platform, a telecommunications cloud platform, stems from the lack of security measures for the website structure. This allows attackers to perform cross-site scripting attacks (XSS).
The vulnerability of the VMware Aria Automation previously vRealize Automation software, as well as the VMware Cloud Foundation virtualization platform and the VMware Telco Cloud Platform cloud communication platform, is related to the lack of security measures for the website structure. Exploiti...
VMware Aria Automation 8.18.x < 8.18.1 patch 2 DOM Based XSS (VMSA-2025-0008)
The VMware Aria Automation application running on the remote host is affected by a vulnerability as referenced in the VMSA-2025-0008 advisory. - VMware Aria automation contains a DOM based Cross-Site Scripting XSS vulnerability. A malicious actor may exploit this issue to steal the access token o...
CVE-2025-22249
VMware Aria automation contains a DOM based Cross-Site Scripting XSS vulnerability. A malicious actor may exploit this issue to steal the access token of a logged in user of VMware Aria automation appliance by tricking the user into clicking a malicious crafted payload URL...
CVE-2025-22249
VMware Aria automation contains a DOM based Cross-Site Scripting XSS vulnerability. A malicious actor may exploit this issue to steal the access token of a logged in user of VMware Aria automation appliance by tricking the user into clicking a malicious crafted payload URL...
CVE-2025-22249
VMware Aria automation contains a DOM based Cross-Site Scripting XSS vulnerability. A malicious actor may exploit this issue to steal the access token of a logged in user of VMware Aria automation appliance by tricking the user into clicking a malicious crafted payload URL...
CVE-2025-22249 VMSA-2025-0008: VMware Aria automation updates address a DOM based Cross-site scripting vulnerability (CVE-2025-22249)
VMware Aria automation contains a DOM based Cross-Site Scripting XSS vulnerability. A malicious actor may exploit this issue to steal the access token of a logged in user of VMware Aria automation appliance by tricking the user into clicking a malicious crafted payload URL...
CVE-2025-22249 VMSA-2025-0008: VMware Aria automation updates address a DOM based Cross-site scripting vulnerability (CVE-2025-22249)
VMware Aria automation contains a DOM based Cross-Site Scripting XSS vulnerability. A malicious actor may exploit this issue to steal the access token of a logged in user of VMware Aria automation appliance by tricking the user into clicking a malicious crafted payload URL...
CVE-2025-22249
CVE-2025-22249 is a DOM-based Cross‑Site Scripting (XSS) flaw in VMware Aria Automation. Affected product: VMware Aria Automation (8.18.x line). Root cause: DOM-based XSS that enables an attacker to steal the access token of a logged-in user by convincing the user to click a malicious crafted pay...
VMware Aria Automation 安全漏洞
VMware Aria Automation is a modern workflow automation platform from VMware that simplifies and automates complex data center infrastructure tasks to improve scalability and agility. A security vulnerability exists in VMware Aria Automation that originates from DOM-type cross-site scripting and...
PT-2025-20732 · Vmware · Vmware Aria Automation
Name of the Vulnerable Software and Affected Versions: VMware Aria automation affected versions not specified Description: The issue is a DOM-based Cross-Site Scripting XSS vulnerability. A malicious actor may exploit this to steal the access token of a logged-in user by tricking them into clicki...
VMSA-2025-0008: VMware Aria automation updates address a DOM based Cross-site scripting vulnerability (CVE-2025-22249)
Advisory ID: | VMSA-2025-0008 ---|--- Advisory Severity: | Important CVSSv3 Range: | 8.2 Synopsis: | VMware Aria automation updates address a DOM based Cross-site scripting vulnerability CVE-2025-22249 Issue date: | 2025-05-12 Updated on: | 2025-05-12 CVEs | CVE-2025-22249 1. Impacted Products...
The vulnerability of the VMware Aria Automation (formerly vRealize Automation) automation software and the VMware Cloud Foundation virtualization platform, related to insufficient validation of incoming requests, allows a attacker to perform an SSRF attack.
The vulnerability of the VMware Aria Automation formerly vRealize Automation and VMware Cloud Foundation virtualization platform lies in the insufficient verification of incoming requests. Exploiting this vulnerability allows a malicious actor to execute an SSRF attack by sending a specially...
VMware Aria Automation SSRF (VMSA-2025-0001)
The VMware Aria Automation application running on the remote host is affected by a vulnerability as referenced in the VMSA-2025-0001 advisory. - VMware Aria Automation contains a server-side request forgery SSRF vulnerability. A malicious actor with 'Organization Member' access to Aria Automation...
CVE-2025-22215
The CVE-2025-22215 SSRF vulnerability affects VMware Aria Automation. A malicious actor with "Organization Member" access can abuse server-side requests to enumerate internal services on the host/network. The advisory (VMSA-2025-0001) notes a CVSSv3 base score of 4.3 (Moderate) and lists fixed ve...
CVE-2025-22215 VMSA-2025-0001: VMware Aria automation update addresses a server side request forgery vulnerability (CVE-2025-22215)
VMware Aria Automation contains a server-side request forgery SSRF vulnerability. A malicious actor with "Organization Member" access to Aria Automation may exploit this vulnerability enumerate internal services running on the host/network...