VMWare Cloud Foundation NSX-V - XML External Entity (XXE)

VMware Cloud Foundation NSX-V contains an XML External Entity XXE vulnerability. On VCF 3.x instances with NSX-V deployed, this may allow a user to exploit this issue leading to a denial-of-service condition or unintended information disclosure. id: CVE-2022-31678 info: name: VMWare Cloud...

EUVD-2022-28065

Malicious code in bioql PyPI...

EUVD-2025-15838

Malicious code in bioql PyPI...

EUVD-2022-53105

Malicious code in bioql PyPI...

EUVD-2025-31599

Malicious code in bioql PyPI...

VMware NSX Weak Password Recovery Mechanism Vulnerability

VMware NSX is a network virtualization solution within VMware Cloud Foundation that enables administrators to deploy legacy and modern applications in a private/hybrid cloud.VMware Cloud Foundation is an all-in-one hybrid cloud platform from VMware, Inc. The platform includes features such as...

VMware Cloud Foundation and VMware NSX Username Enumeration Vulnerability

VMware Cloud Foundation and VMware NSX are both products of VMware, Inc. VMware Cloud Foundation is an all-in-one hybrid cloud platform that includes capabilities for operations automation and infrastructure auto-configuration and integrated lifecycle management. VMware Cloud Foundation is an...

Support for AWS Elastic VMware Service (EVS) with Veeam Backup & Replication

Support Statement Veeam Backup & Replication fully supports AWS Elastic VMware Service EVS, treating it as a standard vSphere environment. Built on VMware Cloud Foundation VCF 5.2.x, EVS provides customers with comprehensive administrative access to vCenter, NSX, and other essential VMware...

VMware Cloud Foundation License Issue Vulnerability

VMware Cloud Foundation is an all-in-one hybrid cloud platform from VMware. The platform includes features such as operations automation, infrastructure auto-configuration and integrated lifecycle management. VMware Cloud Foundation suffers from an authorization issue vulnerability that stems fro...

VMware Cloud Foundation Directory Traversal Vulnerability

VMware Cloud Foundation is an all-in-one hybrid cloud platform from VMware. The platform includes features such as operations automation, infrastructure auto-configuration and integrated lifecycle management. A directory traversal vulnerability exists in VMware Cloud Foundation, which stems from ...

VMware Cloud Foundation Information Disclosure Vulnerability

VMware Cloud Foundation is an all-in-one hybrid cloud platform from VMware. The platform includes features such as operations automation, infrastructure auto-configuration and integrated lifecycle management. An information disclosure vulnerability exists in VMware Cloud Foundation, which can be...

CVE-2022-31678

VMware Cloud Foundation NSX-V contains an XML External Entity XXE vulnerability. On VCF 3.x instances with NSX-V deployed, this may allow a user to exploit this issue leading to a denial-of-service condition or unintended information disclosure...

CVE-2022-22939

VMware Cloud Foundation contains an information disclosure vulnerability due to logging of credentials in plain-text within multiple log files on the SDDC Manager. A malicious actor with root access on VMware Cloud Foundation SDDC Manager may be able to view credentials in plaintext within one or...

CVE-2021-21972

The vSphere Client HTML5 contains a remote code execution vulnerability in a vCenter Server plugin. A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server. This affects...

CVE-2021-21973

The vSphere Client HTML5 contains an SSRF Server Side Request Forgery vulnerability due to improper validation of URLs in a vCenter Server plugin. A malicious actor with network access to port 443 may exploit this issue by sending a POST request to vCenter Server plugin leading to information...

CVE-2020-3999

VMware ESXi 7.0 prior to ESXi70U1c-17325551, VMware Workstation 16.x prior to 16.0 and 15.x prior to 15.5.7, VMware Fusion 12.x prior to 12.0 and 11.x prior to 11.5.7 and VMware Cloud Foundation contain a denial of service vulnerability due to improper input validation in GuestInfo. A malicious...

Vulnerabilities fixed in VMware Cloud Foundation

Broadcom has fixed vulnerabilities in VMware Cloud Foundation. The vulnerabilities include a directory traversal vulnerability that allows unauthorized access to internal services by attackers with network access to port 443. In addition, a vulnerability that could expose sensitive information to...

CVE-2025-41231

VMware Cloud Foundation contains a missing authorisation vulnerability. A malicious actor with access to VMware Cloud Foundation appliance may be able to perform certain unauthorised actions and access limited sensitive information...

CVE-2025-41230

VMware Cloud Foundation contains an information disclosure vulnerability. A malicious actor with network access to port 443 on VMware Cloud Foundation may exploit this issue to gain access to sensitive information...

CVE-2025-41229

VMware Cloud Foundation contains a directory traversal vulnerability. A malicious actor with network access to port 443 on VMware Cloud Foundation may exploit this issue to access certain internal services...