749 matches found
VMware vSphere - Server-Side Request Forgery
VMware vSphere HTML5 is susceptible to server-side request forgery due to improper validation of URLs in a vCenter Server plugin. An attacker with network access to port 443 can exploit this issue by sending a POST request to the plugin. This affects VMware vCenter Server 7.x before 7.0 U1c, 6.7...
VMware vSphere Client (HTML5) - Remote Code Execution
The vSphere Client HTML5 contains a remote code execution vulnerability due to lack of input validation in the Virtual SAN Health Check plug-in which is enabled by default in vCenter Server. A malicious actor with network access to port 443 may exploit this issue to execute commands with...
GHSA-7MR4-XJXG-34G6 vulnerabilities
Vulnerabilities for packages: flux, kubernetes-csi-driver-hostpath, yunikorn-k8shim, mcp-grafana, terraform-provider-sendgrid, cloud-provider-azure, gatekeeper, kubescape, modelmesh-runtime-adapter, helm, argocd-image-updater, contour, redka, sftpgo-plugin-auth, syft, terraform-provider-time, zot...
CVE-2026-32281 vulnerabilities
Vulnerabilities for packages: victoriametrics, pgpool2exporter, mountpoint-s3-csi-driver, zot, contour, nri-couchbase, kubernetes-dashboard-auth, local-static-provisioner, q, cert-manager, dive, flux-source-controller, cloudnative-pg, infinispan-operator, prometheus-operator, amass, kube-vip,...
GHSA-X4JJ-H2V8-HQQV vulnerabilities
Vulnerabilities for packages: external-secrets-operator-fips, kube-mgmt-fips, gh, falcoctl, ko-fips, flux-source-controller-fips, spire-server, gitlab-workhorse-ce, opentofu, zitadel, commercial-grafana, prometheus, flux-operator, net-kourier-fips, libnvidia-container, prometheus-podman-exporter,...
CVE-2026-32288 vulnerabilities
Vulnerabilities for packages: external-secrets-operator-fips, kube-mgmt-fips, gh, falcoctl, ko-fips, flux-source-controller-fips, spire-server, gitlab-workhorse-ce, opentofu, zitadel, commercial-grafana, prometheus, flux-operator, net-kourier-fips, libnvidia-container, prometheus-podman-exporter,...
PT-2026-28315
Name of the Vulnerable Software and Affected Versions Foreman versions prior to 3.16.3 Foreman versions prior to 3.17.2 Foreman versions prior to 3.18.1 Description A flaw exists in Foreman that allows a remote attacker to exploit a command injection vulnerability within the WebSocket proxy...
CVE-2025-61732 vulnerabilities
Vulnerabilities for packages: external-secrets-operator-fips, kyverno-policy-reporter-ui-fips, harbor-scanner-trivy, actions-runner-controller-fips, gh, cluster-proportional-autoscaler, helm-operator-fips, ko-fips, prometheus-statsd-exporter-fips, gofumpt, mongodb-kubernetes-operator,...
GHSA-8JVR-VH7G-F8GX vulnerabilities
Vulnerabilities for packages: external-secrets-operator-fips, kyverno-policy-reporter-ui-fips, harbor-scanner-trivy, actions-runner-controller-fips, gh, cluster-proportional-autoscaler, helm-operator-fips, ko-fips, prometheus-statsd-exporter-fips, gofumpt, mongodb-kubernetes-operator,...
CVE-2025-68121 vulnerabilities
Vulnerabilities for packages: external-secrets-operator-fips, kyverno-policy-reporter-ui-fips, harbor-scanner-trivy, actions-runner-controller-fips, gh, cluster-proportional-autoscaler, helm-operator-fips, ko-fips, prometheus-statsd-exporter-fips, mongodb-kubernetes-operator,...
CVE-2018-1000153
A cross-site request forgery vulnerability exists in Jenkins vSphere Plugin 2.16 and older in Clone.java, CloudSelectorParameter.java, ConvertToTemplate.java, ConvertToVm.java, Delete.java, DeleteSnapshot.java, Deploy.java, ExposeGuestInfo.java, FolderVSphereCloudProperty.java, PowerOff.java,...
CVE-2021-22049
The vSphere Web Client FLEX/Flash contains an SSRF Server Side Request Forgery vulnerability in the vSAN Web Client vSAN UI plug-in. A malicious actor with network access to port 443 on vCenter Server may exploit this issue by accessing a URL request outside of vCenter Server or accessing an...
CVE-2021-22018
The vCenter Server contains an arbitrary file deletion vulnerability in a VMware vSphere Life-cycle Manager plug-in. A malicious actor with network access to port 9087 on vCenter Server may exploit this issue to delete non critical files...
CVE-2022-23235
Active IQ Unified Manager for VMware vSphere, Linux, and Microsoft Windows versions prior to 9.10P1 are susceptible to a vulnerability which could allow an attacker to discover cluster, node and Active IQ Unified Manager specific information via AutoSupport telemetry data that is sent even when...
CVE-2022-23239
Active IQ Unified Manager for VMware vSphere, Linux, and Microsoft Windows versions prior to 9.11P1 are susceptible to a vulnerability which allows administrative users to perform a Stored Cross-Site Scripting XSS attack...
CVE-2023-43029
IBM Storage Virtualize vSphere Remote Plug-in 1.0 and 1.1 could allow a remote user to obtain sensitive credential information after deployment...
CISA Reports PRC Hackers Using BRICKSTORM for Long-Term Access in U.S. Systems
The U.S. Cybersecurity and Infrastructure Security Agency CISA on Thursday released details of a backdoor named BRICKSTORM that has been put to use by state-sponsored threat actors from the People's Republic of China PRC to maintain long-term persistence on compromised systems. "BRICKSTORM is a...
Exploit for CVE-2021-21980
CVE-2021-21980 Vulnerable Test Environment Overview Realis...
Exploit for CVE-2021-21980
Clippy of the Dead - CVE-2021-21980 testing environment and Nucl...
The State of Security Today: Setting the Stage for 2026
As we close out 2025, one thing is clear: the security landscape is evolving faster than most organizations can keep up. From surging ransomware campaigns and AI-enhanced phishing to data extortion, geopolitical fallout, and gaps in cyber readiness, the challenges facing security teams today are ...