Lucene search
K

13053 matches found

Nuclei
Nuclei
added 13 hours ago46 views

VMware Aria Operations for Networks - Remote Code Execution

Aria Operations for Networks contains an authenticated deserialization vulnerability. A malicious actor with network access to VMware Aria Operations for Networks and valid 'member' role credentials may be able to perform a deserialization attack resulting in remote code execution. id:...

8.8CVSS7.8AI score0.82282EPSS
Exploits0References2
Nuclei
Nuclei
added 13 hours ago30 views

VMware Aria Operations for Networks - Code Injection Information Disclosure Vulnerability

Aria Operations for Networks contains an information disclosure vulnerability. A malicious actor with network access to VMware Aria Operations for Networks may be able to perform a command injection attack resulting in information disclosure. id: CVE-2023-20889 info: name: VMware Aria Operations...

7.5CVSS7.2AI score0.79117EPSS
Exploits0References3
Nuclei
Nuclei
added 13 hours ago38 views

Spring Cloud Netflix - Server-Side Request Forgery

Spring Cloud Netflix 2.2.x prior to 2.2.4, 2.1.x prior to 2.1.6, and older unsupported versions are susceptible to server-side request forgery. Applications can use the Hystrix Dashboard proxy.stream endpoint to make requests to any server reachable by the server hosting the dashboard. An attacke...

6.5CVSS6.8AI score0.10214EPSS
Exploits0References5
Nuclei
Nuclei
added 13 hours ago28 views

Spring Cloud Config - Local File Inclusion

Spring Cloud Config versions 2.2.x prior to 2.2.2, 2.1.x prior to 2.1.7, and older unsupported versions are vulnerable to local file inclusion because they allow applications to serve arbitrary configuration files through the spring-cloud-config-server module. id: CVE-2020-5405 info: name: Spring...

6.5CVSS7AI score0.6876EPSS
Exploits0References5
Nuclei
Nuclei
added 13 hours ago30 views

VMware Workspace ONE Access/Identity Manager/vRealize Automation - Authentication Bypass

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an authentication bypass vulnerability affecting local domain users. A malicious actor with network access to the UI may be able to obtain administrative access without the need to authenticate. id: CVE-2022-22972 info:...

9.8CVSS7.5AI score0.52813EPSS
Exploits3References5
Nuclei
Nuclei
added 13 hours ago11 views

VMWare Cloud Foundation NSX-V - XML External Entity (XXE)

VMware Cloud Foundation NSX-V contains an XML External Entity XXE vulnerability. On VCF 3.x instances with NSX-V deployed, this may allow a user to exploit this issue leading to a denial-of-service condition or unintended information disclosure. id: CVE-2022-31678 info: name: VMWare Cloud...

9.1CVSS7.2AI score0.08085EPSS
Exploits1References3
Nuclei
Nuclei
added 13 hours ago14 views

VMware vRealize Log Insight < v8.10.2 - Information Disclosure

VMware vRealize Log Insight contains an Information Disclosure Vulnerability. A malicious actor can remotely collect sensitive session and application information without authentication. id: CVE-2022-31711 info: name: VMware vRealize Log Insight v8.10.2 - Information Disclosure author: DhiyaneshD...

5.3CVSS7.1AI score0.21657EPSS
Exploits3References2
Nuclei
Nuclei
added 13 hours ago10 views

VMware NSX SD-WAN Edge - Command Injection

VMware NSX SD-WAN Edge formerly VeloCloud Edge before 3.1.2 contains an unauthenticated command injection in the local web UI diagnostic tools Ping/Traceroute. This template detects it reliably by injecting 'id', 'whoami', and a random marker. id: CVE-2018-6961 info: name: VMware NSX SD-WAN Edge ...

8.1CVSS7.2AI score0.86431EPSS
Exploits6References3
Nuclei
Nuclei
added 13 hours ago47 views

VMware - Local File Inclusion

VMware Workspace ONE Access, Identity Manager, and Realize Automation are vulnerable to local file inclusion because they contain an authentication bypass vulnerability affecting local domain users. A malicious actor with network access to the UI may be able to obtain administrative access withou...

9.8CVSS7.5AI score0.18428EPSS
Exploits1References5
Nuclei
Nuclei
added 13 hours ago101 views

VMware vSphere - Server-Side Request Forgery

VMware vSphere HTML5 is susceptible to server-side request forgery due to improper validation of URLs in a vCenter Server plugin. An attacker with network access to port 443 can exploit this issue by sending a POST request to the plugin. This affects VMware vCenter Server 7.x before 7.0 U1c, 6.7...

5.3CVSS7.2AI score0.88012EPSS
Exploits8References5
Nuclei
Nuclei
added 13 hours ago91 views

VMWare Workspace ONE UEM - Server-Side Request Forgery

VMware Workspace ONE UEM console 20.0.8 prior to 20.0.8.37, 20.11.0 prior to 20.11.0.40, 21.2.0 prior to 21.2.0.27, and 21.5.0 prior to 21.5.0.37 contain a server-side request forgery vulnerability. This issue may allow a malicious actor with network access to UEM to send their requests without...

7.5CVSS7.5AI score0.97713EPSS
Exploits1References5
Nuclei
Nuclei
added 13 hours ago83 views

Spring MVC Framework - Local File Inclusion

Spring MVC Framework versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported are vulnerable to local file inclusion because they allow applications to configure Spring MVC to serve static resources e.g. CSS, JS, images. A malicious user can send a request using a...

5.9CVSS7.1AI score0.35681EPSS
Exploits1References5
Nuclei
Nuclei
added 13 hours ago22 views

VMware Workspace ONE Access - Authentication Bypass

VMware Workspace ONE Access has two authentication bypass vulnerabilities CVE-2022-22955 & CVE-2022-22956 in the OAuth2 ACS framework. A malicious actor may bypass the authentication mechanism and execute any operation due to exposed endpoints in the authentication framework. id: CVE-2022-22956...

9.8CVSS7.6AI score0.50694EPSS
Exploits5References4
Nuclei
Nuclei
added yesterday33 views

vRealize Operations Manager API - Server-Side Request Forgery

vRealize Operations Manager API is susceptible to server-side request forgery. A malicious actor with network access to the vRealize Operations Manager API can steal administrative credentials or trigger remote code execution using CVE-2021-21983. id: CVE-2021-21975 info: name: vRealize Operation...

8.5CVSS7.7AI score0.78435EPSS
Exploits12References3
Nuclei
Nuclei
added yesterday31 views

Spring Cloud Config Server - Local File Inclusion

Spring Cloud Config Server versions 2.1.x prior to 2.1.2, 2.0.x prior to 2.0.4, 1.4.x prior to 1.4.6, and older unsupported versions are vulnerable to local file inclusion because they allow applications to serve arbitrary configuration files. An attacker can send a request using a specially...

6.5CVSS6.7AI score0.85295EPSS
Exploits6References5
RedHat Linux
RedHat Linux
added 2 days ago3 views

kernel: RDMA/vmw_pvrdma: Fix double free on pvrdma_alloc_ucontext() error path

A flaw was found in the Linux kernel, specifically within the RDMA Remote Direct Memory Access vmwpvrdma module. This vulnerability is a double free, which means the system attempts to release the same memory resource twice. This can occur in an error handling path within the pvrdmaallocucontext...

7.8CVSS5.8AI score0.00138EPSS
Exploits0References5
Nuclei
Nuclei
added 3 days ago89 views

VMware VRealize Network Insight - Remote Code Execution

VMWare Aria Operations for Networks vRealize Network Insight is vulnerable to command injection when accepting user input through the Apache Thrift RPC interface. This vulnerability allows a remote unauthenticated attacker to execute arbitrary commands on the underlying operating system as the ro...

9.8CVSS8.3AI score0.98243EPSS
Exploits7References5
Nuclei
Nuclei
added 6 days ago55 views

VMware Aria Operations for Logs - Unauthenticated Remote Code Execution

VMware Aria Operations for Logs contains a deserialization vulnerability. An unauthenticated, malicious actor with network access to VMware Aria Operations for Logs may be able to execute arbitrary code as root. id: CVE-2023-20864 info: name: VMware Aria Operations for Logs - Unauthenticated Remo...

9.8CVSS7.9AI score0.7165EPSS
Exploits0References3
Nuclei
Nuclei
added 2026/06/25 1:31 a.m.17 views

VMware vCenter Server - Out-of-Bounds Write

vCenter Server contains an out-of-bounds write caused by a vulnerability in the DCERPC protocol implementation. A malicious actor with network access can trigger remote code execution on vCenter Server. id: CVE-2023-34048 info: name: VMware vCenter Server - Out-of-Bounds Write author: ritikchaddh...

9.8CVSS8.1AI score0.99428EPSS
Exploits1References3
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.3 views

Astra Linux – Vulnerability in Linux 6.12

In the Linux kernel, the following vulnerabilities have been resolved: x86/vmware: Fixed hypercall clobbering issues Fedora QA reported the following panic: BUG: Unable to handle a page fault for address: 0000000040003e54 PF: Supervisor write access in kernel mode PF: Errorcode0x0002 – Not-presen...

5.5CVSS5.8AI score0.00112EPSS
Exploits0References2
Rows per page
Query Builder