749 matches found
VMware vSphere - Server-Side Request Forgery
VMware vSphere HTML5 is susceptible to server-side request forgery due to improper validation of URLs in a vCenter Server plugin. An attacker with network access to port 443 can exploit this issue by sending a POST request to the plugin. This affects VMware vCenter Server 7.x before 7.0 U1c, 6.7...
VMware vSphere Client (HTML5) - Remote Code Execution
The vSphere Client HTML5 contains a remote code execution vulnerability due to lack of input validation in the Virtual SAN Health Check plug-in which is enabled by default in vCenter Server. A malicious actor with network access to port 443 may exploit this issue to execute commands with...
CVE-2026-32281 vulnerabilities
Vulnerabilities for packages: trivy-operator, logstash-exporter, eksctl, kuberlr, opensearch-k8s-operator, aws-s3-controller, portieris, sriov-network-device-plugin, vt-cli, supercronic, nri-postgresql, docker-cli, grafana-rollout-operator, chart-testing, cert-manager-cmctl, s5cmd, gatekeeper,...
GHSA-7MR4-XJXG-34G6 vulnerabilities
Vulnerabilities for packages: kyverno-policy-reporter-kyverno-plugin, trivy-operator, istio, terraform, mc, grafana-agent-operator, dataplaneapi, docker-machine-driver-harvester, kubernetes-csi-external-resizer, eksctl, trillian, tailscale, apko, prometheus-adapter, tofu-controller, step,...
GHSA-X4JJ-H2V8-HQQV vulnerabilities
Vulnerabilities for packages: flux-operator-fips, kube-conformance, chartmuseum, consul-fips, dive, spire-server, nats-fips, apko, act, bom, omni-fips, knative-operator-fips, tkn-fips, gitlab-rails-ce-fips, argo-workflows, harbor, policy-controller, pulumi, k8ssandra-client-fips, gitlab-kas-fips,...
CVE-2026-32288 vulnerabilities
Vulnerabilities for packages: flux-operator-fips, kube-conformance, chartmuseum, consul-fips, dive, spire-server, nats-fips, apko, act, bom, omni-fips, knative-operator-fips, tkn-fips, gitlab-rails-ce-fips, argo-workflows, harbor, policy-controller, pulumi, k8ssandra-client-fips, gitlab-kas-fips,...
PT-2026-28315
Name of the Vulnerable Software and Affected Versions Foreman versions prior to 3.16.3 Foreman versions prior to 3.17.2 Foreman versions prior to 3.18.1 Description A flaw exists in Foreman that allows a remote attacker to exploit a command injection vulnerability within the WebSocket proxy...
GHSA-8JVR-VH7G-F8GX vulnerabilities
Vulnerabilities for packages: velero-plugin-for-csi-fips, otel-cli, kubernetes-dashboard-metrics-scraper, nri-mssql, velero-plugin-for-gcp, aws-ebs-csi-driver, crossplane-provider-kubernetes-fips, kubo-fips, langfuse, nfpm, hivemind, kubernetes-csi-livenessprobe, kube-conformance, spark-operator,...
CVE-2025-68121 vulnerabilities
Vulnerabilities for packages: otel-cli, kubernetes-dashboard-metrics-scraper, nri-mssql, aws-ebs-csi-driver, crossplane-provider-kubernetes-fips, kubo-fips, langfuse, nfpm, kubernetes-csi-livenessprobe, spark-operator, kube-conformance, chartmuseum, kiali, kyverno-policy-reporter-fips, mcp-grafan...
CVE-2025-61732 vulnerabilities
Vulnerabilities for packages: velero-plugin-for-csi-fips, otel-cli, kubernetes-dashboard-metrics-scraper, nri-mssql, velero-plugin-for-gcp, aws-ebs-csi-driver, crossplane-provider-kubernetes-fips, kubo-fips, langfuse, nfpm, hivemind, kubernetes-csi-livenessprobe, kube-conformance, spark-operator,...
CVE-2018-1000153
A cross-site request forgery vulnerability exists in Jenkins vSphere Plugin 2.16 and older in Clone.java, CloudSelectorParameter.java, ConvertToTemplate.java, ConvertToVm.java, Delete.java, DeleteSnapshot.java, Deploy.java, ExposeGuestInfo.java, FolderVSphereCloudProperty.java, PowerOff.java,...
CVE-2021-22049
The vSphere Web Client FLEX/Flash contains an SSRF Server Side Request Forgery vulnerability in the vSAN Web Client vSAN UI plug-in. A malicious actor with network access to port 443 on vCenter Server may exploit this issue by accessing a URL request outside of vCenter Server or accessing an...
CVE-2021-22018
The vCenter Server contains an arbitrary file deletion vulnerability in a VMware vSphere Life-cycle Manager plug-in. A malicious actor with network access to port 9087 on vCenter Server may exploit this issue to delete non critical files...
CVE-2022-23235
Active IQ Unified Manager for VMware vSphere, Linux, and Microsoft Windows versions prior to 9.10P1 are susceptible to a vulnerability which could allow an attacker to discover cluster, node and Active IQ Unified Manager specific information via AutoSupport telemetry data that is sent even when...
CVE-2022-23239
Active IQ Unified Manager for VMware vSphere, Linux, and Microsoft Windows versions prior to 9.11P1 are susceptible to a vulnerability which allows administrative users to perform a Stored Cross-Site Scripting XSS attack...
CVE-2023-43029
IBM Storage Virtualize vSphere Remote Plug-in 1.0 and 1.1 could allow a remote user to obtain sensitive credential information after deployment...
CISA Reports PRC Hackers Using BRICKSTORM for Long-Term Access in U.S. Systems
The U.S. Cybersecurity and Infrastructure Security Agency CISA on Thursday released details of a backdoor named BRICKSTORM that has been put to use by state-sponsored threat actors from the People's Republic of China PRC to maintain long-term persistence on compromised systems. "BRICKSTORM is a...
Exploit for CVE-2021-21980
CVE-2021-21980 Vulnerable Test Environment Overview Realis...
Exploit for CVE-2021-21980
Clippy of the Dead - CVE-2021-21980 testing environment and Nucl...
The State of Security Today: Setting the Stage for 2026
As we close out 2025, one thing is clear: the security landscape is evolving faster than most organizations can keep up. From surging ransomware campaigns and AI-enhanced phishing to data extortion, geopolitical fallout, and gaps in cyber readiness, the challenges facing security teams today are ...