Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (145 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-22245 2 Broadcom, Vmware 4 Vmware Nsx, Cloud Foundation, Telco Cloud Infrastructure and 1 more 2025-07-14 5.9 Medium
VMware NSX contains a stored Cross-Site Scripting (XSS) vulnerability in the router port due to improper input validation.
CVE-2025-22249 1 Vmware 3 Aria Automation, Cloud Foundation, Telco Cloud Platform 2025-07-11 8.2 High
VMware Aria automation contains a DOM based Cross-Site Scripting (XSS) vulnerability. A malicious actor may exploit this issue to steal the access token of a logged in user of VMware Aria automation appliance by tricking the user into clicking a malicious crafted payload URL.
CVE-2024-37087 1 Vmware 2 Cloud Foundation, Vcenter Server 2025-06-27 5.3 Medium
The vCenter Server contains a denial-of-service vulnerability. A malicious actor with network access to vCenter Server may create a denial-of-service condition.
CVE-2024-37086 1 Vmware 2 Cloud Foundation, Esxi 2025-06-27 6.8 Medium
VMware ESXi contains an out-of-bounds read vulnerability. A malicious actor with local administrative privileges on a virtual machine with an existing snapshot may trigger an out-of-bounds read leading to a denial-of-service condition of the host.
CVE-2024-22275 1 Vmware 2 Cloud Foundation, Vcenter Server 2025-06-27 4.9 Medium
The vCenter Server contains a partial file read vulnerability. A malicious actor with administrative privileges on the vCenter appliance shell may exploit this issue to partially read arbitrary files containing sensitive data.
CVE-2024-22274 1 Vmware 2 Cloud Foundation, Vcenter Server 2025-06-27 7.2 High
The vCenter Server contains an authenticated remote code execution vulnerability. A malicious actor with administrative privileges on the vCenter appliance shell may exploit this issue to run arbitrary commands on the underlying operating system.
CVE-2025-41229 1 Vmware 1 Cloud Foundation 2025-06-24 8.2 High
VMware Cloud Foundation contains a directory traversal vulnerability. A malicious actor with network access to port 443 on VMware Cloud Foundation may exploit this issue to access certain internal services.
CVE-2025-41230 1 Vmware 1 Cloud Foundation 2025-06-24 7.5 High
VMware Cloud Foundation contains an information disclosure vulnerability. A malicious actor with network access to port 443 on VMware Cloud Foundation may exploit this issue to gain access to sensitive information.
CVE-2024-37081 1 Vmware 2 Cloud Foundation, Vcenter Server 2025-06-20 7.8 High
The vCenter Server contains multiple local privilege escalation vulnerabilities due to misconfiguration of sudo. An authenticated local user with non-administrative privileges may exploit these issues to elevate privileges to root on vCenter Server Appliance.
CVE-2023-34063 1 Vmware 2 Aria Automation, Cloud Foundation 2025-06-20 9.9 Critical
Aria Automation contains a Missing Access Control vulnerability. An authenticated malicious actor may exploit this vulnerability leading to unauthorized access to remote organizations and workflows.
CVE-2025-41231 1 Vmware 1 Cloud Foundation 2025-06-12 7.3 High
VMware Cloud Foundation contains a missing authorisation vulnerability. A malicious actor with access to VMware Cloud Foundation appliance may be able to perform certain unauthorised actions and access limited sensitive information.
CVE-2025-22222 1 Vmware 2 Aria Operations, Cloud Foundation 2025-05-14 7.7 High
VMware Aria Operations contains an information disclosure vulnerability. A malicious user with non-administrative privileges may exploit this vulnerability to retrieve credentials for an outbound plugin if a valid service credential ID is known.
CVE-2025-22221 1 Vmware 2 Aria Operations For Logs, Cloud Foundation 2025-05-14 5.2 Medium
VMware Aria Operation for Logs contains a stored cross-site scripting vulnerability. A malicious actor with admin privileges to VMware Aria Operations for Logs may be able to inject a malicious script that could be executed in a victim's browser when performing a delete action in the Agent Configuration.
CVE-2025-22219 1 Vmware 2 Aria Operations For Logs, Cloud Foundation 2025-05-14 6.8 Medium
VMware Aria Operations for Logs contains a stored cross-site scripting vulnerability. A malicious actor with non-administrative privileges may be able to inject a malicious script that (can perform stored cross-site scripting) may lead to arbitrary operations as admin user.
CVE-2025-22218 1 Vmware 2 Aria Operations For Logs, Cloud Foundation 2025-05-14 8.5 High
VMware Aria Operations for Logs contains an information disclosure vulnerability. A malicious actor with View Only Admin permissions may be able to read the credentials of a VMware product integrated with VMware Aria Operations for Logs
CVE-2024-38830 1 Vmware 2 Aria Operations, Cloud Foundation 2025-05-14 7.8 High
VMware Aria Operations contains a local privilege escalation vulnerability. A malicious actor with local administrative privileges may trigger this vulnerability to escalate privileges to root user on the appliance running VMware Aria Operations.
CVE-2024-38831 1 Vmware 2 Aria Operations, Cloud Foundation 2025-05-14 7.8 High
VMware Aria Operations contains a local privilege escalation vulnerability.  A malicious actor with local administrative privileges can insert malicious commands into the properties file to escalate privileges to  a root user on the appliance running VMware Aria Operations.
CVE-2024-38832 1 Vmware 2 Aria Operations, Cloud Foundation 2025-05-14 7.1 High
VMware Aria Operations contains a stored cross-site scripting vulnerability. A malicious actor with editing access to views may be able to inject malicious script leading to stored cross-site scripting in the product VMware Aria Operations.
CVE-2024-38833 1 Vmware 2 Aria Operations, Cloud Foundation 2025-05-14 6.8 Medium
VMware Aria Operations contains a stored cross-site scripting vulnerability. A malicious actor with editing access to email templates might inject malicious script leading to stored cross-site scripting in the product VMware Aria Operations.
CVE-2024-38834 1 Vmware 2 Aria Operations, Cloud Foundation 2025-05-14 6.5 Medium
VMware Aria Operations contains a stored cross-site scripting vulnerability. A malicious actor with editing access to cloud provider might be able to inject malicious script leading to stored cross-site scripting in the product VMware Aria Operations.