Lucene search
K

13219 matches found

Nuclei
Nuclei
added 5 hours ago102 views

VMware Aria Operations for Logs - Unauthenticated Remote Code Execution

VMware Aria Operations for Logs contains a deserialization vulnerability. An unauthenticated, malicious actor with network access to VMware Aria Operations for Logs may be able to execute arbitrary code as root. id: CVE-2023-20864 info: name: VMware Aria Operations for Logs - Unauthenticated Remo...

9.8CVSS7.4AI score0.70423EPSS
Exploits0References3
Nuclei
Nuclei
added 5 hours ago104 views

Spring MVC Framework - Local File Inclusion

Spring MVC Framework versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported are vulnerable to local file inclusion because they allow applications to configure Spring MVC to serve static resources e.g. CSS, JS, images. A malicious user can send a request using a...

5.9CVSS6.8AI score0.35681EPSS
Exploits1References5
Nuclei
Nuclei
added 5 hours ago14 views

VMWare Cloud Foundation NSX-V - XML External Entity (XXE)

VMware Cloud Foundation NSX-V contains an XML External Entity XXE vulnerability. On VCF 3.x instances with NSX-V deployed, this may allow a user to exploit this issue leading to a denial-of-service condition or unintended information disclosure. id: CVE-2022-31678 info: name: VMWare Cloud...

9.1CVSS6.9AI score0.08085EPSS
Exploits1References3
Nuclei
Nuclei
added 5 hours ago17 views

VMware vRealize Log Insight < v8.10.2 - Information Disclosure

VMware vRealize Log Insight contains an Information Disclosure Vulnerability. A malicious actor can remotely collect sensitive session and application information without authentication. id: CVE-2022-31711 info: name: VMware vRealize Log Insight v8.10.2 - Information Disclosure author: DhiyaneshD...

5.3CVSS6.8AI score0.21657EPSS
Exploits3References2
Nuclei
Nuclei
added 5 hours ago74 views

VMware - Local File Inclusion

VMware Workspace ONE Access, Identity Manager, and Realize Automation are vulnerable to local file inclusion because they contain an authentication bypass vulnerability affecting local domain users. A malicious actor with network access to the UI may be able to obtain administrative access withou...

9.8CVSS7.1AI score0.18994EPSS
Exploits1References5
Nuclei
Nuclei
added 5 hours ago144 views

VMware vSphere - Server-Side Request Forgery

VMware vSphere HTML5 is susceptible to server-side request forgery due to improper validation of URLs in a vCenter Server plugin. An attacker with network access to port 443 can exploit this issue by sending a POST request to the plugin. This affects VMware vCenter Server 7.x before 7.0 U1c, 6.7...

5.3CVSS6.8AI score0.88012EPSS
Exploits8References5
Nuclei
Nuclei
added 5 hours ago91 views

Spring Cloud Config - Local File Inclusion

Spring Cloud Config versions 2.2.x prior to 2.2.2, 2.1.x prior to 2.1.7, and older unsupported versions are vulnerable to local file inclusion because they allow applications to serve arbitrary configuration files through the spring-cloud-config-server module. id: CVE-2020-5405 info: name: Spring...

6.5CVSS6.9AI score0.6876EPSS
Exploits0References5
Nuclei
Nuclei
added 5 hours ago80 views

Spring Cloud Netflix - Server-Side Request Forgery

Spring Cloud Netflix 2.2.x prior to 2.2.4, 2.1.x prior to 2.1.6, and older unsupported versions are susceptible to server-side request forgery. Applications can use the Hystrix Dashboard proxy.stream endpoint to make requests to any server reachable by the server hosting the dashboard. An attacke...

6.5CVSS6.8AI score0.10214EPSS
Exploits0References5
Nuclei
Nuclei
added yesterday93 views

VMWare Workspace ONE UEM - Server-Side Request Forgery

VMware Workspace ONE UEM console 20.0.8 prior to 20.0.8.37, 20.11.0 prior to 20.11.0.40, 21.2.0 prior to 21.2.0.27, and 21.5.0 prior to 21.5.0.37 contain a server-side request forgery vulnerability. This issue may allow a malicious actor with network access to UEM to send their requests without...

7.5CVSS7.1AI score0.97713EPSS
Exploits1References5
Nuclei
Nuclei
added yesterday74 views

VMware View Planner <4.6 SP1- Remote Code Execution

VMware View Planner 4.x prior to 4.6 Security Patch 1 contains a remote code execution vulnerability due to improper input validation and lack of authorization leading to arbitrary file upload in logupload web application. An unauthorized attacker with network access to View Planner Harness could...

9.8CVSS7.5AI score0.99005EPSS
Exploits9References5
Nuclei
Nuclei
added yesterday11 views

VMware NSX SD-WAN Edge - Command Injection

VMware NSX SD-WAN Edge formerly VeloCloud Edge before 3.1.2 contains an unauthenticated command injection in the local web UI diagnostic tools Ping/Traceroute. This template detects it reliably by injecting 'id', 'whoami', and a random marker. id: CVE-2018-6961 info: name: VMware NSX SD-WAN Edge ...

8.1CVSS7AI score0.86431EPSS
Exploits6References3
Nuclei
Nuclei
added yesterday55 views

Spring Cloud Config Server - Local File Inclusion

Spring Cloud Config Server versions 2.1.x prior to 2.1.2, 2.0.x prior to 2.0.4, 1.4.x prior to 1.4.6, and older unsupported versions are vulnerable to local file inclusion because they allow applications to serve arbitrary configuration files. An attacker can send a request using a specially...

6.5CVSS6.7AI score0.85295EPSS
Exploits6References5
Nuclei
Nuclei
added yesterday23 views

VMware Workspace ONE Access - Authentication Bypass

VMware Workspace ONE Access has two authentication bypass vulnerabilities CVE-2022-22955 & CVE-2022-22956 in the OAuth2 ACS framework. A malicious actor may bypass the authentication mechanism and execute any operation due to exposed endpoints in the authentication framework. id: CVE-2022-22956...

9.8CVSS7.2AI score0.50694EPSS
Exploits5References4
Nuclei
Nuclei
added yesterday63 views

VMware Aria Operations for Networks - Code Injection Information Disclosure Vulnerability

Aria Operations for Networks contains an information disclosure vulnerability. A malicious actor with network access to VMware Aria Operations for Networks may be able to perform a command injection attack resulting in information disclosure. id: CVE-2023-20889 info: name: VMware Aria Operations...

7.5CVSS6.9AI score0.79258EPSS
Exploits0References3
Nuclei
Nuclei
added yesterday42 views

VMware Workspace ONE Access/Identity Manager/vRealize Automation - Authentication Bypass

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an authentication bypass vulnerability affecting local domain users. A malicious actor with network access to the UI may be able to obtain administrative access without the need to authenticate. id: CVE-2022-22972 info:...

9.8CVSS7.1AI score0.52813EPSS
Exploits3References5
Nuclei
Nuclei
added 3 days ago70 views

vRealize Operations Manager API - Server-Side Request Forgery

vRealize Operations Manager API is susceptible to server-side request forgery. A malicious actor with network access to the vRealize Operations Manager API can steal administrative credentials or trigger remote code execution using CVE-2021-21983. id: CVE-2021-21975 info: name: vRealize Operation...

8.5CVSS7.2AI score0.7829EPSS
Exploits12References3
Nuclei
Nuclei
added 3 days ago95 views

VMware Aria Operations for Networks - Remote Code Execution

Aria Operations for Networks contains an authenticated deserialization vulnerability. A malicious actor with network access to VMware Aria Operations for Networks and valid 'member' role credentials may be able to perform a deserialization attack resulting in remote code execution. id:...

8.8CVSS7.3AI score0.82282EPSS
Exploits0References2
Nuclei
Nuclei
added 3 days ago103 views

Spring Cloud Gateway Code Injection

Applications using Spring Cloud Gateway prior to 3.1.1+ and 3.0.7+ are vulnerable to a code injection attack when the Gateway Actuator endpoint is enabled, exposed and unsecured. A remote attacker could make a maliciously crafted request that could allow arbitrary remote execution on the remote...

10CVSS7.1AI score0.98253EPSS
Exploits54References5
Chainguard
Chainguard
added 5 days ago10 views

GHSA-5WP9-X843-XMXF vulnerabilities

Vulnerabilities for packages: linux-qemu-melange, linux-qemu, linux-gcp, linux-azure, linux-vmware...

6.1AI score
Exploits0
Chainguard
Chainguard
added 5 days ago7 views

CVE-2026-53233 vulnerabilities

Vulnerabilities for packages: linux-qemu-melange, linux-qemu, linux-gcp, linux-azure, linux-vmware...

7.8CVSS6.1AI score0.00138EPSS
Exploits0
Rows per page
Query Builder