Lucene search
K

1050 matches found

BDU FSTEC
BDU FSTEC
added 2025/05/21 12:0 a.m.7 views

The vulnerability of the software for managing VMware vCenter Server’s virtual infrastructure lies in the lack of measures taken to neutralize special elements used in the operating system commands, allowing attackers to execute arbitrary commands.

The vulnerability of the software for managing VMware vCenter Server lies in the lack of measures taken to neutralize the special elements used in the operating system’s command set. Exploiting this vulnerability can allow an attacker to execute arbitrary commands...

8.8CVSS5.8AI score0.00227EPSS
Exploits0References4
NVD
NVD
added 2025/05/20 3:16 p.m.9 views

CVE-2025-41225

The vCenter Server contains an authenticated command-execution vulnerability. A malicious actor with privileges to create or modify alarms and run script action may exploit this issue to run arbitrary commands on the vCenter Server...

8.8CVSS0.00227EPSS
Exploits0References1
NVD
NVD
added 2025/05/20 3:16 p.m.19 views

CVE-2025-41228

VMware ESXi and vCenter Server contain a reflected cross-site scripting vulnerability due to improper input validation. A malicious actor with network access to the login page of certain ESXi host or vCenter Server URL paths may exploit this issue to steal cookies or redirect to malicious website...

4.3CVSS0.00785EPSS
Exploits2References1
Cvelist
Cvelist
added 2025/05/20 2:24 p.m.44 views

CVE-2025-41228 VMware ESXi and vCenter Server Reflected Cross Site Scripting (XSS) Vulnerability

VMware ESXi and vCenter Server contain a reflected cross-site scripting vulnerability due to improper input validation. A malicious actor with network access to the login page of certain ESXi host or vCenter Server URL paths may exploit this issue to steal cookies or redirect to malicious website...

4.3CVSS0.00785EPSS
Exploits2References1
CVE
CVE
added 2025/05/20 2:24 p.m.101 views

CVE-2025-41228

CVE-2025-41228 affects VMware ESXi and vCenter Server with a reflected XSS caused by improper input validation on login URL paths. A remote attacker can exploit this by accessing the login page to steal cookies or redirect users. Connected documents confirm the issue and provide remediation conte...

4.3CVSS4.6AI score0.00785EPSS
Exploits2References1
Vulnrichment
Vulnrichment
added 2025/05/20 2:24 p.m.22 views

CVE-2025-41228 VMware ESXi and vCenter Server Reflected Cross Site Scripting (XSS) Vulnerability

VMware ESXi and vCenter Server contain a reflected cross-site scripting vulnerability due to improper input validation. A malicious actor with network access to the login page of certain ESXi host or vCenter Server URL paths may exploit this issue to steal cookies or redirect to malicious website...

4.3CVSS4.6AI score0.00785EPSS
Exploits2References1
Vulnrichment
Vulnrichment
added 2025/05/20 2:24 p.m.14 views

CVE-2025-41225 VMware vCenter Server authenticated command-execution vulnerability

The vCenter Server contains an authenticated command-execution vulnerability. A malicious actor with privileges to create or modify alarms and run script action may exploit this issue to run arbitrary commands on the vCenter Server...

8.8CVSS8.9AI score0.00227EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/05/20 2:24 p.m.41 views

CVE-2025-41225 VMware vCenter Server authenticated command-execution vulnerability

The vCenter Server contains an authenticated command-execution vulnerability. A malicious actor with privileges to create or modify alarms and run script action may exploit this issue to run arbitrary commands on the vCenter Server...

8.8CVSS0.00227EPSS
Exploits0References1
CVE
CVE
added 2025/05/20 2:24 p.m.219 views

CVE-2025-41225

CVE-2025-41225 affects VMware vCenter Server and is an authenticated command-execution vulnerability. A user with privileges to create or modify alarms and run script actions can exploit this to execute arbitrary commands on the vCenter Server. The issue is classified with high impact (C, I, A: H...

8.8CVSS8.9AI score0.00227EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/05/20 12:0 a.m.6 views

VMware vCenter Server 安全漏洞

VMware vCenter Server is a suite of server and virtualization management software from VMware. The software provides a centralized platform for managing VMware vSphere environments, automating the implementation and delivery of virtual infrastructures. A security vulnerability exists in VMware...

8.8CVSS7.1AI score0.00227EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/05/20 12:0 a.m.2 views

PT-2025-22146

Name of the Vulnerable Software and Affected Versions vCenter Server affected versions not specified Description The issue concerns an authenticated command-execution problem. A malicious actor with privileges to create or modify alarms and run script actions may exploit this to run arbitrary...

8.8CVSS5.9AI score0.00227EPSS
Exploits0References13
Positive Technologies
Positive Technologies
added 2025/05/20 12:0 a.m.4 views

PT-2025-22149

Name of the Vulnerable Software and Affected Versions: VMware ESXi and vCenter Server affected versions not specified Description: The issue is related to a reflected cross-site scripting vulnerability due to improper input validation. A malicious actor with network access to the login page of...

5CVSS5.6AI score0.00785EPSS
Exploits2References10
VMware
VMware
added 2025/05/20 12:0 a.m.142 views

VMSA-2025-0010 : VMware ESXi, vCenter Server, Workstation, and Fusion updates address multiple vulnerabilities (CVE-2025-41225, CVE-2025-41226, CVE-2025-41227, CVE-2025-41228)

Advisory ID: | VMSA-2025-0010 ---|--- Advisory Severity: | Important CVSSv3 Range: | 4.3-8.8 Synopsis: | VMware ESXi, vCenter Server, Workstation, and Fusion updates address multiple vulnerabilities CVE-2025-41225, CVE-2025-41226, CVE-2025-41227, CVE-2025-41228 Issue date: | 2025-05-20 Updated on...

8.8CVSS6.2AI score0.00785EPSS
Exploits2References9Affected Software10
Packet Storm
Packet Storm
added 2025/03/10 12:0 a.m.333 views

VMware vCenter Server 8.0.2 Privilege Escalation

VMware vCenter Server version 8.0.2 proof of concept privilege escalation exploit that leverages a vulnerability from 2024. ============================================================================================================================================= | Title : VMware vCenter Server...

7.8CVSS7.6AI score0.04989EPSS
Exploits3
RedhatCVE
RedhatCVE
added 2025/02/04 11:46 p.m.4 views

CVE-2024-22274

The vCenter Server contains an authenticated remote code execution vulnerability. A malicious actor with administrative privileges on the vCenter appliance shell may exploit this issue to run arbitrary commands on the underlying operating system...

7.2CVSS8.3AI score0.02488EPSS
Exploits3References1
IBM Security Bulletins
IBM Security Bulletins
added 2024/12/31 5:52 p.m.41 views

Security Bulletin: Vulnerabilities in VMware vCenter affect Cloud Pak System [CVE-2024-38812, CVE-2024-38813]

Summary Vulnerabilities in VMware vCenter affect Cloud Pak System. Vulnerability Details CVEID:CVE-2024-38812 DESCRIPTION: Broadcom VMware vCenter Server is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the implementation of the DCERPC protocol. By sending a...

9.8CVSS9.6AI score0.54143EPSS
Exploits0Affected Software1
Metasploit
Metasploit
added 2024/12/05 6:56 p.m.538 views

vCenter Sudo Privilege Escalation

VMware vCenter Server use exploit/linux/local/vcentersudolpe msf exploitvcentersudolpe show targets ...targets... msf exploitvcentersudolpe set TARGET msf exploitvcentersudolpe show options ...show and set options... msf exploitvcentersudolpe exploit This module requires Metasploit:...

7.8CVSS9AI score0.04989EPSS
Exploits3
Positive Technologies
Positive Technologies
added 2024/11/21 12:0 a.m.6 views

PT-2024-15284

Name of the Vulnerable Software and Affected Versions VMware vCenter Server versions prior to the latest patch release Description A critical security issue in VMware vCenter Server allows attackers to execute remote code on affected systems. This flaw is being actively exploited by cybercriminal...

7.7AI score
Exploits1References6
CISA KEV Catalog
CISA KEV Catalog
added 2024/11/20 12:0 a.m.23 views

VMware vCenter Server Heap-Based Buffer Overflow Vulnerability

VMware vCenter Server contains a heap-based buffer overflow vulnerability in the implementation of the DCERPC protocol. This vulnerability could allow an attacker with network access to the vCenter Server to execute remote code by sending a specially crafted packet...

9.8CVSS8.2AI score0.54143EPSS
In wildExploits0
NCSC
NCSC
added 2024/11/19 9:56 a.m.7 views

Vulnerabilities fixed in VMware vCenter Server

VMware has fixed vulnerabilities in vCenter Server. A malicious party could exploit the vulnerabilities to grant themselves elevated privileges, possibly even to root and execute arbitrary code on the system. VMware reports in an update to its original security advisory that exploits have been...

9.8CVSS8.1AI score0.54143EPSS
Exploits0References3
Rows per page
Query Builder