VYPR

Vendor CVEs

VMware

All CVEs

967 total · sorted by risk
  • CVE-2026-41847MedJun 9, 2026
    risk 0.31cvss 4.8epss 0.00

    Spring WebFlux applications may be vulnerable to a security bypass when using the Kotlin Router DSL. Affected versions: Spring Framework 5.3.0 through 5.3.48.

  • CVE-2026-40977MedApr 28, 2026
    risk 0.31cvss 4.7epss 0.00

    When an application is configured to use `ApplicationPidFileWriter`, a local attacker with write access to the PID file's location can corrupt one file on the host each time the application is started. Affected: Spring Boot 4.0.0–4.0.5 (fix 4.0.6), 3.5.0–3.5.13 (fix…

  • CVE-2026-40975MedApr 28, 2026
    risk 0.31cvss 4.8epss 0.00

    Values produced by ${random.value} are not suitable for use as secrets. ${random.uuid} is not affected. ${random.int} and ${random.long} should never be used for secrets as they are numeric values with a predictable range. Affected: Spring Boot 4.0.0–4.0.5 (fix 4.0.6),…

  • CVE-2024-22247MedApr 2, 2024
    risk 0.31cvss 4.8epss 0.00

    VMware SD-WAN Edge contains a missing authentication and protection mechanism vulnerability. A malicious actor with physical access to the SD-WAN Edge appliance during activation can potentially exploit this vulnerability to access the BIOS configuration. In addition, the…

  • CVE-2017-4899MedJun 7, 2017
    risk 0.31cvss 4.7epss 0.00

    VMware Workstation Pro/Player 12.x before 12.5.3 contains a security vulnerability that exists in the SVGA driver. An attacker may exploit this issue to crash the VM or trigger an out-of-bound read. Note: This issue can be triggered only when the host has no graphics card or no…

  • CVE-2026-40989MedJun 1, 2026
    risk 0.30cvss 5.7epss 0.00

    Under infinite recursion in the routing layer, request-handling can cause OOM error. Affected Spring Products and Versions: Spring Cloud Function 3.2.x: versions prior to 3.2.16 Spring Cloud Function 4.1.x: versions prior to 4.1.10 Spring Cloud Function 4.2.x: versions prior to…

  • CVE-2022-22954KEVApr 11, 2022
    risk 0.29cvss epss 1.00

    VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability due to server-side template injection. A malicious actor with network access can trigger a server-side template injection that may result in remote code execution.

  • CVE-2021-22005KEVSep 23, 2021
    risk 0.29cvss epss 1.00

    The vCenter Server contains an arbitrary file upload vulnerability in the Analytics service. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to execute code on vCenter Server by uploading a specially crafted file.

  • CVE-2021-21985KEVMay 26, 2021
    risk 0.29cvss epss 1.00

    The vSphere Client (HTML5) contains a remote code execution vulnerability due to lack of input validation in the Virtual SAN Health Check plug-in which is enabled by default in vCenter Server. A malicious actor with network access to port 443 may exploit this issue to execute…

  • CVE-2021-21975KEVMar 31, 2021
    risk 0.29cvss epss 0.78

    Server Side Request Forgery in vRealize Operations Manager API (CVE-2021-21975) prior to 8.4 may allow a malicious actor with network access to the vRealize Operations Manager API can perform a Server Side Request Forgery attack to steal administrative credentials.

  • CVE-2021-21972KEVFeb 24, 2021
    risk 0.29cvss epss 1.00

    The vSphere Client (HTML5) contains a remote code execution vulnerability in a vCenter Server plugin. A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter…

  • CVE-2015-3192MedJul 12, 2016
    risk 0.29cvss 5.5epss 0.03

    Pivotal Spring Framework before 3.2.14 and 4.x before 4.1.7 do not properly process inline DTD declarations when DTD is not entirely disabled, which allows remote attackers to cause a denial of service (memory consumption and out-of-memory errors) via a crafted XML file.

  • CVE-2026-33371MedMar 20, 2026
    risk 0.28cvss 4.3epss 0.00

    An issue was discovered in Zimbra Collaboration (ZCS) 10.0 and 10.1. An XML External Entity (XXE) vulnerability exists in the Zimbra Exchange Web Services (EWS) SOAP interface due to improper handling of XML input. An authenticated attacker can submit crafted XML data that is…

  • CVE-2026-33369MedMar 20, 2026
    risk 0.28cvss 4.3epss 0.00

    Zimbra Collaboration (ZCS) 10.0 and 10.1 contains an LDAP injection vulnerability in the Mailbox SOAP service within a FolderAction operation. The application fails to properly sanitize user-supplied input before incorporating it into an LDAP search filter. An authenticated…

  • CVE-2024-38815MedOct 9, 2024
    risk 0.28cvss 4.3epss 0.00

    VMware NSX contains a content spoofing vulnerability.  An unauthenticated malicious actor may be able to craft a URL and redirect a victim to an attacker controlled domain leading to sensitive information disclosure.

  • CVE-2026-41844MedJun 9, 2026
    risk 0.27cvss 4.2epss 0.00

    A Spring MVC or Spring WebFlux application which configures a mapping for "/**" where the view name is not explicitly specified allows an attacker to craft a link resulting in a 302 redirect to an arbitrary external host via the redirect: prefix. Affected versions: Spring…

  • CVE-2026-40968MedApr 28, 2026
    risk 0.27cvss 4.2epss 0.00

    When an authenticated user is denied access to a gRPC method, their authenticated identity remains bound to the gRPC worker thread and can be inherited by a subsequent unauthenticated request on the same thread. This may allow the subsequent user to gain escalated permissions. …

  • CVE-2026-40970MedApr 27, 2026
    risk 0.26cvss 5.0epss 0.00

    When configured to use an SSL bundle, Spring Boot's Elasticsearch auto-configuration does not perform hostname verification when connecting to the Elasticsearch server. Affected: Spring Boot 4.0.0–4.0.5; upgrade to 4.0.6 or later per vendor advisory.

  • CVE-2020-3992KEVOct 20, 2020
    risk 0.25cvss epss 0.83

    OpenSLP as used in VMware ESXi (7.0 before ESXi_7.0.1-0.0.16850804, 6.7 before ESXi670-202010401-SG, 6.5 before ESXi650-202010401-SG) has a use-after-free issue. A malicious actor residing in the management network who has access to port 427 on an ESXi machine may be able to…

  • CVE-2019-5544KEVDec 6, 2019
    risk 0.25cvss epss 0.97

    OpenSLP as used in ESXi and the Horizon DaaS appliances has a heap overwrite issue. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.8.

  • CVE-2017-4896LowMay 10, 2017
    risk 0.25cvss 3.8epss 0.00

    Airwatch Inbox for Android contains a vulnerability that may allow a rooted device to decrypt the local data used by the application. Successful exploitation of this issue may result in an unauthorized disclosure of confidential data.

  • CVE-2026-41848LowJun 9, 2026
    risk 0.24cvss 3.7epss 0.00

    Applications may be vulnerable to a Regular Expression Denial of Service (ReDoS) attack if an attacker is able to provide a pattern which is then directly or indirectly supplied to one of the following methods in AntPathMatcher: match(String pattern, String path),…

  • CVE-2026-40969LowApr 28, 2026
    risk 0.24cvss 3.7epss 0.00

    The raw message of every server-side AuthenticationException is returned to the unauthenticated remote caller in the gRPC status description. This allows an attacker to obtain information about the authentication failure, which may be useful for further attacks. Affected…

  • CVE-2026-22746LowApr 22, 2026
    risk 0.24cvss 3.7epss 0.00

    Vulnerability in Spring Spring Security. If an application is using the UserDetails#isEnabled, #isAccountNonExpired, or #isAccountNonLocked user attributes, to enable, expire, or lock users, then DaoAuthenticationProvider's timing attack defense can be bypassed for users…

  • CVE-2026-22751MedApr 21, 2026
    risk 0.24cvss 4.8epss 0.00

    Vulnerability in Spring Spring Security. Applications that explicitly configure One-Time Token login with JdbcOneTimeTokenService are vulnerable to a Time-of-check Time-of-use (TOCTOU) race condition. This issue affects Spring Security: from 6.4.0 through 6.4.15, from 6.5.0…

  • CVE-2024-37085KEVJun 25, 2024
    risk 0.24cvss epss 0.27

    VMware ESXi contains an authentication bypass vulnerability. A malicious actor with sufficient Active Directory (AD) permissions can gain full access to an ESXi host that was previously configured to use AD for user management https://blogs.vmware.com/vsphere/2012/09/joining-vs…

  • CVE-2023-20887KEVJun 7, 2023
    risk 0.23cvss epss 0.98

    Aria Operations for Networks contains a command injection vulnerability. A malicious actor with network access to VMware Aria Operations for Networks may be able to perform a command injection attack resulting in remote code execution.

  • CVE-2020-3952KEVApr 10, 2020
    risk 0.23cvss epss 0.90

    Under certain conditions, vmdir that ships with VMware vCenter Server, as part of an embedded or external Platform Services Controller (PSC), does not correctly implement access controls.

  • CVE-2026-41004MedMay 7, 2026
    risk 0.22cvss 4.4epss 0.00

    When enabling trace logging in Spring Cloud Config Server sensitive information was placed in plain text in the logs. Spring Cloud Config 3.1.x: affected from 3.1.0 through 3.1.13 (inclusive); upgrade to 3.1.14 or greater (Enterprise Support Only). Spring Cloud Config 4.1.x:…

  • CVE-2022-22960KEVApr 13, 2022
    risk 0.21cvss epss 0.37

    VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a privilege escalation vulnerability due to improper permissions in support scripts. A malicious actor with local access can escalate privileges to 'root'.

  • CVE-2026-22741LowApr 29, 2026
    risk 0.20cvss 3.1epss 0.00

    Spring MVC and WebFlux applications are vulnerable to cache poisoning when resolving static resources. More precisely, an application can be vulnerable when all the following are true: * the application is using Spring MVC or Spring WebFlux * the application is…

  • CVE-2021-22054KEVDec 17, 2021
    risk 0.20cvss epss 0.98

    VMware Workspace ONE UEM console 20.0.8 prior to 20.0.8.37, 20.11.0 prior to 20.11.0.40, 21.2.0 prior to 21.2.0.27, and 21.5.0 prior to 21.5.0.37 contain an SSRF vulnerability. This issue may allow a malicious actor with network access to UEM to send their requests without…

  • CVE-2025-22225KEVMar 4, 2025
    risk 0.19cvss epss 0.01

    VMware ESXi contains an arbitrary write vulnerability. A malicious actor with privileges within the VMX process may trigger an arbitrary kernel write leading to an escape of the sandbox.

  • CVE-2024-37079KEVJun 18, 2024
    risk 0.19cvss epss 0.22

    vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger this vulnerability by sending a specially crafted network packet potentially leading to remote code execution.

  • CVE-2023-34048KEVOct 25, 2023
    risk 0.19cvss epss 0.99

    vCenter Server contains an out-of-bounds write vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger an out-of-bounds write potentially leading to remote code execution.

  • CVE-2021-21973KEVFeb 24, 2021
    risk 0.19cvss epss 0.88

    The vSphere Client (HTML5) contains an SSRF (Server Side Request Forgery) vulnerability due to improper validation of URLs in a vCenter Server plugin. A malicious actor with network access to port 443 may exploit this issue by sending a POST request to vCenter Server plugin…

  • CVE-2026-22717LowFeb 27, 2026
    risk 0.18cvss 2.7epss 0.00

    Out-of-bound read vulnerability in VMware Workstation 25H1 and below on any platform allows an actor with non-administrative privileges on a guest VM to obtain limited information disclosure from the machine where VMware Workstation is installed.

  • CVE-2024-38812KEVSep 17, 2024
    risk 0.18cvss epss 0.54

    The vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger this vulnerability by sending a specially crafted network packet potentially leading to remote code…

  • CVE-2021-22017KEVSep 23, 2021
    risk 0.18cvss epss 0.47

    Rhttproxy as used in vCenter Server contains a vulnerability due to improper implementation of URI normalization. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to bypass proxy leading to internal endpoints being accessed.

  • CVE-2026-41694LowJun 10, 2026
    risk 0.17cvss 3.7epss 0.00

    Since Spring Security SAML decrypts SAML Responses as well as elements of SAML LogoutRequests and LogoutResponses without requiring a valid signature, attackers may be able to craft these SAML payloads and use the Service Provider as a decryption oracle. Affected versions:…

  • CVE-2026-41852LowJun 9, 2026
    risk 0.17cvss 3.7epss 0.00

    A vulnerability in Spring Expression Language (SpEL) evaluation logic allows for arbitrary zero-argument method invocation, even within restricted or read-only contexts, which may allow an attacker to invoke unintended application logic. Affected versions: Spring Framework…

  • CVE-2026-22735LowMar 20, 2026
    risk 0.17cvss 2.6epss 0.00

    Spring MVC and WebFlux applications are vulnerable to stream corruption when using Server-Sent Events (SSE). This issue affects Spring Foundation: from 7.0.0 through 7.0.5, from 6.2.0 through 6.2.16, from 6.1.0 through 6.1.25, from 5.3.0 through 5.3.46.

  • CVE-2022-22948KEVMar 29, 2022
    risk 0.17cvss epss 0.14

    The vCenter Server contains an information disclosure vulnerability due to improper permission of files. A malicious actor with non-administrative access to the vCenter Server may exploit this issue to gain access to sensitive information.

  • CVE-2025-22224KEVMar 4, 2025
    risk 0.16cvss epss 0.02

    VMware ESXi, and Workstation contain a TOCTOU (Time-of-Check Time-of-Use) vulnerability that leads to an out-of-bounds write. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process…

  • CVE-2020-3950KEVMar 17, 2020
    risk 0.16cvss epss 0.07

    VMware Fusion (11.x before 11.5.2), VMware Remote Console for Mac (11.x and prior before 11.0.1) and Horizon Client for Mac (5.x and prior before 5.4.0) contain a privilege escalation vulnerability due to improper use of setuid binaries. Successful exploitation of this issue may…

  • CVE-2024-38813KEVSep 17, 2024
    risk 0.14cvss epss 0.17

    The vCenter Server contains a privilege escalation vulnerability. A malicious actor with network access to vCenter Server may trigger this vulnerability to escalate privileges to root by sending a specially crafted network packet.

  • CVE-2020-4006KEVNov 23, 2020
    risk 0.13cvss epss 0.24

    VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector address have a command injection vulnerability.

  • CVE-2026-22719KEVFeb 25, 2026
    risk 0.12cvss epss 0.17

    VMware Aria Operations contains a command injection vulnerability. A malicious unauthenticated actor may exploit this issue to execute arbitrary commands which may lead to remote code execution in VMware Aria Operations while support-assisted product migration is in progress.  …

  • CVE-2025-41244KEVSep 29, 2025
    risk 0.12cvss epss 0.08

    VMware Aria Operations and VMware Tools contain a local privilege escalation vulnerability. A malicious local actor with non-administrative privileges having access to a VM with VMware Tools installed and managed by Aria Operations with SDMP enabled may exploit this…

  • CVE-2025-22226KEVMar 4, 2025
    risk 0.12cvss epss 0.02

    VMware ESXi, Workstation, and Fusion contain an information disclosure vulnerability due to an out-of-bounds read in HGFS. A malicious actor with administrative privileges to a virtual machine may be able to exploit this issue to leak memory from the vmx process.

Page 6 of 20