1551 matches found
vCenter Server - Improper Access Control
Rhttproxy as used in vCenter Server contains a vulnerability due to improper implementation of URI normalization. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to bypass proxy leading to internal endpoints being accessed. id: CVE-2021-22017 info: name:...
VMware vCenter Server LDAP Broken Access Control
Under certain conditions, vmdir that ships with VMware vCenter Server, as part of an embedded or external Platform Services Controller PSC, does not correctly implement access controls. id: CVE-2020-3952 info: name: VMware vCenter Server LDAP Broken Access Control author: 0xAkoko severity: critic...
VMware vSphere - Server-Side Request Forgery
VMware vSphere HTML5 is susceptible to server-side request forgery due to improper validation of URLs in a vCenter Server plugin. An attacker with network access to port 443 can exploit this issue by sending a POST request to the plugin. This affects VMware vCenter Server 7.x before 7.0 U1c, 6.7...
VMware vSphere Client (HTML5) - Remote Code Execution
VMware vCenter vSphere Client HTML5 contains a remote code execution vulnerability in a vCenter Server plugin. A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server. Th...
Malicious Package
Overview @cloudplatform-single-spa/vcenter-virtual-machines is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that...
VMware vCenter Server - Arbitrary File Upload
VMware vCenter Server contains an arbitrary file upload vulnerability in the Analytics service. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to execute code on vCenter Server by uploading a specially crafted file. id: CVE-2021-22005 info: name: VMware...
VMware vCenter Server - Out-of-Bounds Write
vCenter Server contains an out-of-bounds write caused by a vulnerability in the DCERPC protocol implementation. A malicious actor with network access can trigger remote code execution on vCenter Server. id: CVE-2023-34048 info: name: VMware vCenter Server - Out-of-Bounds Write author: ritikchaddh...
PT-2026-26150
🚨 FRESH TOP THREAT ALERT 🚨 March 18, 2026: VMware vCenter Server CVSS 9.8! CVE-2026-54321 – Critical Unauthenticated Remote Code Execution in Flaw in the SOAP API lets attackers send one crafted packet to trigger arbitrary code execution and take over the entire virtualization management server —...
poc_automatisation_wallix
Automatisation WALLIX Bastion PoC d'automatisation pour deplo...
VMWare Aria Operations 8.x < 8.18.6 Multiple Vulnerabilities (VMSA-2026-0001)
According to its self-reported version, the instance of VMWare Aria Operations formerly vRealize Operations running on the remote web server is 8.x 8.18.6. It is, therefore, affected by the following: - VMware Aria Operations contains a command injection vulnerability. A malicious unauthenticated...
CVE-2026-22721
VMware Aria Operations contains a privilege escalation vulnerability. A malicious actor with privileges in vCenter to access Aria Operations may leverage this vulnerability to obtain administrative access in VMware Aria Operations. To remediate CVE-2026-22721, apply the patches listed in the 'Fix...
EUVD-2026-8725
VMware Aria Operations contains a privilege escalation vulnerability. A malicious actor with privileges in vCenter to access Aria Operations may leverage this vulnerability to obtain administrative access in VMware Aria Operations. To remediate CVE-2026-22721, apply the patches listed in the 'Fix...
CVE-2026-22721
VMware Aria Operations contains a privilege escalation vulnerability. A malicious actor with privileges in vCenter to access Aria Operations may leverage this vulnerability to obtain administrative access in VMware Aria Operations. To remediate CVE-2026-22721, apply the patches listed in the 'Fix...
CVE-2026-22721 VMware Aria Operations privilege escalation vulnerability
VMware Aria Operations contains a privilege escalation vulnerability. A malicious actor with privileges in vCenter to access Aria Operations may leverage this vulnerability to obtain administrative access in VMware Aria Operations. To remediate CVE-2026-22721, apply the patches listed in the 'Fix...
CVE-2026-22721
VMware Aria Operations contains a privilege escalation vulnerability. A malicious actor with privileges in vCenter to access Aria Operations may leverage this vulnerability to obtain administrative access in VMware Aria Operations. To remediate CVE-2026-22721, apply the patches listed in the 'Fix...
CVE-2026-22721 VMware Aria Operations privilege escalation vulnerability
VMware Aria Operations contains a privilege escalation vulnerability. A malicious actor with privileges in vCenter to access Aria Operations may leverage this vulnerability to obtain administrative access in VMware Aria Operations. To remediate CVE-2026-22721, apply the patches listed in the 'Fix...
CVE-2026-22721
CVE-2026-22721 affects VMware Aria Operations (8.x) prior to 8.18.6. A privileged actor in vCenter who can access Aria Operations can escalate to administrative rights. Remediation is via patches listed in the Fixed Version column of the VMSA-2026-0001 response matrix (Broadcom VMware security ad...
Security Bulletin: Due to use of VMware vCenter, IBM Cloud Pak System is affected by header injection and denial-of-service vulnerabilities [CVE-2025-41250,CVE-2025-41241]
Summary Due to use of VMware vCenter, IBM Cloud Pak System is affected by header injection and denial-of-service vulnerabilities CVE-2025-41250,CVE-2025-41241. IBM Cloud Pak System has addressed these vulnerabilities. IBM Cloud Pak System includes the patched vCenter Server 8.0 U3g release as par...
Exploit for Path Traversal in Vmware Cloud_Foundation
CTT-enhanced-VMware-vCenter Looking at current high-impact vul...
CISA Adds Actively Exploited VMware vCenter Flaw CVE-2024-37079 to KEV Catalog
The U.S. Cybersecurity and Infrastructure Security Agency CISA on Friday added a critical security flaw affecting Broadcom VMware vCenter Server that was patched in June 2024 to its Known Exploited Vulnerabilities KEV catalog, citing evidence of active exploitation in the wild. The vulnerability ...