Lucene search
K
VmwareTelco Cloud Platform

14 matches found

CVE
CVE
added 2025/03/04 11:56 a.m.796 views

CVE-2025-22226

CVE-2025-22226 affects VMware ESXi, Workstation, and Fusion via an out-of-bounds read in HGFS, allowing a VM-guest with local admin rights to leak memory from the vmx host process (information disclosure). Connected sources corroborate three related VMware flaws (CVE-2025-22224, CVE-2025-22225) a...

7.1CVSS7.7AI score0.01676EPSS
In wild
CVE
CVE
added 2025/03/04 11:56 a.m.572 views

CVE-2025-22224

CVE-2025-22224 refers to a TOCTOU race condition in VMware ESXi/Workstation that can cause an out-of-bounds write. IBM’s security bulletin ties this to Broadcom VMware ESXi vulnerabilities and details that a local admin within a VM can exploit the vulnerability to run code in the host’s VMX proce...

9.3CVSS9.3AI score0.01524EPSS
In wild
CVE
CVE
added 2026/06/08 7:5 a.m.440 views

CVE-2026-41722

CVE-2026-41722 is a stored cross-site scripting vulnerability affecting VMware Cloud Foundation Operations and related products. The NVD/Broadcom advisory describes that a malicious actor with privileges to create policies, views, or text-widgets can inject scripts to perform administrative actio...

8CVSS5.2AI score0.00399EPSS
CVE
CVE
added 2025/03/04 11:56 a.m.389 views

CVE-2025-22225

CVE-2025-22225 applies to VMware ESXi and involves an arbitrary write vulnerability where a malicious actor with privileges within the VMX process can trigger an arbitrary kernel write, leading to a sandbox escape. CVSS 3.1 base score 8.2 (HIGH) with LOCAL attack vector and HIGH impact on confide...

8.2CVSS8.8AI score0.00963EPSS
In wild
CVE
CVE
added 2025/09/29 4:9 p.m.151 views

CVE-2025-41244

CVE-2025-41244 covers a local privilege-escalation in Open VM Tools used with VMware Aria Operations; a non-administrative local user with access to a VM that has VMware Tools (SDMP enabled) can escalate to root within the same VM. Affected component: open-vm-tools bundled with VMware Tools; root...

7.8CVSS6.8AI score0.0788EPSS
In wild
CVE
CVE
added 2025/05/13 5:8 a.m.131 views

CVE-2025-22249

CVE-2025-22249 is a DOM-based Cross‑Site Scripting (XSS) flaw in VMware Aria Automation. Affected product: VMware Aria Automation (8.18.x line). Root cause: DOM-based XSS that enables an attacker to steal the access token of a logged-in user by convincing the user to click a malicious crafted pay...

8.2CVSS7.4AI score0.00317EPSS
CVE
CVE
added 2026/06/08 7:7 a.m.126 views

CVE-2026-41724

CVE-2026-41724 affects VMware Cloud Foundation Operations and is a stored cross-site scripting vulnerability. The NVD/NVD-derived data shows CVSSv3.1 base score 8.0 (Network, High impact on confidentiality, integrity, availability; Privileges Required: Low; User Interaction: Required). Exploitati...

8CVSS5.2AI score0.00313EPSS
CVE
CVE
added 2026/02/25 7:18 p.m.101 views

CVE-2026-22719

CVE-2026-22719 describes a command injection vulnerability in VMware Aria Operations that could allow an unauthenticated attacker to execute arbitrary commands and potentially achieve remote code execution during support‑assisted product migration. Affected product is VMware Aria Operations (8.x ...

8.1CVSS6.7AI score0.17424EPSS
In wild
CVE
CVE
added 2025/06/04 7:31 p.m.87 views

CVE-2025-22243

CVE-2025-22243 is a stored XSS vulnerability in VMware NSX Manager UI caused by improper input validation. The issue affects the NSX Manager UI component where an attacker with privileges to create or modify network settings could inject script that executes when a user views the affected page. T...

7.5CVSS5.7AI score0.00309EPSS
CVE
CVE
added 2026/06/08 7:6 a.m.76 views

CVE-2026-41723

VMware Cloud Foundation Operations is affected by CVE-2026-41723 (and related CVEs) with multiple stored cross-site scripting vulnerabilities. The NVD/NVD-derived details indicate an issue in VMware Cloud Foundation Operations where a malicious actor with privileges to create policies, views, or ...

8CVSS5.2AI score0.00399EPSS
CVE
CVE
added 2025/06/04 7:32 p.m.74 views

CVE-2025-22244

CVE-2025-22244 is a stored XSS in VMware NSX gateway firewall caused by improper input validation. Connected advisories confirm multiple NSX components are affected (gateway firewall among others) and provide fixed versions: NSX 4.2.2.1, NSX 4.2.1.4, and NSX 4.1.2.6 (and related NSX-T/Cloud Found...

6.9CVSS5.6AI score0.00263EPSS
CVE
CVE
added 2025/06/04 7:32 p.m.67 views

CVE-2025-22245

VMware NSX contains a stored XSS vulnerability in the router port due to improper input validation (CVE-2025-22245). The issue is addressed by VMware Broadcom VMSA-2025-0012/0012.1, with fixed versions listed for various NSX releases: NSX 4.2.2.1, 4.2.1.4, 4.1.2.6 (and NSX-T 3.2.4.2; higher-level...

5.9CVSS5.4AI score0.0022EPSS
CVE
CVE
added 2026/02/25 8:0 p.m.52 views

CVE-2026-22721

CVE-2026-22721 affects VMware Aria Operations (8.x) prior to 8.18.6. A privileged actor in vCenter who can access Aria Operations can escalate to administrative rights. Remediation is via patches listed in the Fixed Version column of the VMSA-2026-0001 response matrix (Broadcom VMware security ad...

7.2CVSS5.3AI score0.00686EPSS
CVE
CVE
added 2026/02/25 7:33 p.m.25 views

CVE-2026-22720

CVE-2026-22720 affects VMware Aria Operations 8.x prior to 8.18.6, with a stored XSS in custom benchmarks. Remediation is to apply the fixes listed in VMSA-2026-0001 (Aria Operations 8.18.6). Connected sources also note CVE-2026-22719 (command injection) and CVE-2026-22721 (privilege escalation) ...

9CVSS4.9AI score0.00411EPSS