748 matches found
VMware vSphere - Server-Side Request Forgery
VMware vSphere HTML5 is susceptible to server-side request forgery due to improper validation of URLs in a vCenter Server plugin. An attacker with network access to port 443 can exploit this issue by sending a POST request to the plugin. This affects VMware vCenter Server 7.x before 7.0 U1c, 6.7...
VMware vSphere Client (HTML5) - Remote Code Execution
The vSphere Client HTML5 contains a remote code execution vulnerability due to lack of input validation in the Virtual SAN Health Check plug-in which is enabled by default in vCenter Server. A malicious actor with network access to port 443 may exploit this issue to execute commands with...
GHSA-7MR4-XJXG-34G6 vulnerabilities
Vulnerabilities for packages: scorecard, modelmesh-runtime-adapter, falco-no-driver, k8sgpt-operator, rancher, kargo, secrets-store-csi-driver-provider-azure, cloud-provider-azure, flux-source-controller, falcoctl, step-issuer, gitaly, terraform-provider-time, cortex, flux-notification-controller...
CVE-2026-32281 vulnerabilities
Vulnerabilities for packages: scorecard, percona-server-mongodb-operator, rancher, falcoctl, step-issuer, gitaly, cortex, nri-couchbase, cue, gatus, influx, neuvector-scanner, gostatsd, knative-eventing, prometheus, govulncheck, kyverno-policy-reporter-kyverno-plugin, pluto, aws-flb-cloudwatch,...
CVE-2026-32288 vulnerabilities
Vulnerabilities for packages: backup-restore-operator-fips, cloud-provider-aws, ingress-nginx-controller-fips, libnvidia-container, vault-fips, gitaly, jfrog-cli, gitlab-kas, localstack, ipfs-cluster, helm-fips, gitlab-rails-ce-fips, helm-exporter-fips, docker-cli-buildx, seaweedfs-fips,...
GHSA-X4JJ-H2V8-HQQV vulnerabilities
Vulnerabilities for packages: backup-restore-operator-fips, cloud-provider-aws, ingress-nginx-controller-fips, libnvidia-container, vault-fips, gitaly, jfrog-cli, gitlab-kas, localstack, ipfs-cluster, helm-fips, gitlab-rails-ce-fips, helm-exporter-fips, docker-cli-buildx, seaweedfs-fips,...
PT-2026-28315
Name of the Vulnerable Software and Affected Versions Foreman versions prior to 3.16.3 Foreman versions prior to 3.17.2 Foreman versions prior to 3.18.1 Description A flaw exists in Foreman that allows a remote attacker to exploit a command injection vulnerability within the WebSocket proxy...
GHSA-8JVR-VH7G-F8GX vulnerabilities
Vulnerabilities for packages: flyte, kubernetes-csi-external-resizer-fips, crossplane-provider-aws-cloudformation-fips, swagger, rancher-telemetry, sftpgo-plugin-pubsub, backup-restore-operator-fips, src, boring-registry, cloud-provider-aws, ingress-nginx-controller-fips, libnvidia-container,...
CVE-2025-68121 vulnerabilities
Vulnerabilities for packages: flyte, kubernetes-csi-external-resizer-fips, crossplane-provider-aws-cloudformation-fips, swagger, rancher-telemetry, sftpgo-plugin-pubsub, backup-restore-operator-fips, src, boring-registry, cloud-provider-aws, ingress-nginx-controller-fips, libnvidia-container,...
CVE-2025-61732 vulnerabilities
Vulnerabilities for packages: flyte, kubernetes-csi-external-resizer-fips, crossplane-provider-aws-cloudformation-fips, swagger, rancher-telemetry, sftpgo-plugin-pubsub, backup-restore-operator-fips, src, boring-registry, cloud-provider-aws, ingress-nginx-controller-fips, libnvidia-container,...
CVE-2018-1000153
A cross-site request forgery vulnerability exists in Jenkins vSphere Plugin 2.16 and older in Clone.java, CloudSelectorParameter.java, ConvertToTemplate.java, ConvertToVm.java, Delete.java, DeleteSnapshot.java, Deploy.java, ExposeGuestInfo.java, FolderVSphereCloudProperty.java, PowerOff.java,...
CVE-2021-22049
The vSphere Web Client FLEX/Flash contains an SSRF Server Side Request Forgery vulnerability in the vSAN Web Client vSAN UI plug-in. A malicious actor with network access to port 443 on vCenter Server may exploit this issue by accessing a URL request outside of vCenter Server or accessing an...
CVE-2021-22018
The vCenter Server contains an arbitrary file deletion vulnerability in a VMware vSphere Life-cycle Manager plug-in. A malicious actor with network access to port 9087 on vCenter Server may exploit this issue to delete non critical files...
CVE-2022-23235
Active IQ Unified Manager for VMware vSphere, Linux, and Microsoft Windows versions prior to 9.10P1 are susceptible to a vulnerability which could allow an attacker to discover cluster, node and Active IQ Unified Manager specific information via AutoSupport telemetry data that is sent even when...
CVE-2022-23239
Active IQ Unified Manager for VMware vSphere, Linux, and Microsoft Windows versions prior to 9.11P1 are susceptible to a vulnerability which allows administrative users to perform a Stored Cross-Site Scripting XSS attack...
CVE-2023-43029
IBM Storage Virtualize vSphere Remote Plug-in 1.0 and 1.1 could allow a remote user to obtain sensitive credential information after deployment...
CISA Reports PRC Hackers Using BRICKSTORM for Long-Term Access in U.S. Systems
The U.S. Cybersecurity and Infrastructure Security Agency CISA on Thursday released details of a backdoor named BRICKSTORM that has been put to use by state-sponsored threat actors from the People's Republic of China PRC to maintain long-term persistence on compromised systems. "BRICKSTORM is a...
Exploit for CVE-2021-21980
CVE-2021-21980 Vulnerable Test Environment Overview Realis...
Exploit for CVE-2021-21980
Clippy of the Dead - CVE-2021-21980 testing environment and Nucl...
The State of Security Today: Setting the Stage for 2026
As we close out 2025, one thing is clear: the security landscape is evolving faster than most organizations can keep up. From surging ransomware campaigns and AI-enhanced phishing to data extortion, geopolitical fallout, and gaps in cyber readiness, the challenges facing security teams today are ...