Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / Vendors / vmware

vmware

950 tracked vulnerabilities.

CVE-2025-41251 HIGH

VMware NSX/NSX-T/Cloud Foundation Unauthenticated Username Enumeration via Weak Password Recovery

CVE-2025-41250 HIGH

VMware vCenter 8.0-8.0 U3g, 7.0-7.0 U3w - SMTP Header Injection via Scheduled Task Notifications

CVE-2025-41245 MEDIUM

VMware Aria Operations - Info Disclosure

CVE-2025-41244 HIGH KEV

VMware Aria Operations and VMware Tools - Local Privilege Escalation via SDMP

CVE-2025-41246 HIGH

VMware Tools for Windows - Privilege Escalation

CVE-2025-41249 HIGH

Spring Framework 5.3.0-5.3.44, 6.1.0-6.1.22, 6.2.0-6.2.10 - Improper Authorization via Annotation Detection Mechanism

CVE-2025-41248 HIGH

Spring Security 6.4.0-6.4.9, 6.4.10-6.4.10, 6.5.0-6.5.4 - Authentication Bypass via Incorrect Annotation Resolution

CVE-2025-41242 MEDIUM NUCLEI

Spring Framework 5.3.x-5.3.43 6.1.x-6.1.21 6.2.x-6.2.9 - Path Traversal via Static Resource Handling

CVE-2025-41241 MEDIUM

VMware vCenter 8.0-8.0 U3g, 7.0-7.0 U3v - Authenticated Denial of Service via Guest OS Customization API

CVE-2025-41240 CRITICAL

Bitnami Helm charts - Info Disclosure

CVE-2025-22227 MEDIUM

Reactor Netty HTTP Client - Credential Leak via Chained Redirects

CVE-2025-41239 HIGH

VMware ESXi, Workstation, Fusion, VMware Tools - Info Disclosure

CVE-2025-41238 CRITICAL

VMware ESXi/Fusion/Workstation - Heap-Overflow

CVE-2025-41237 CRITICAL

VMware ESXi/Fusion/Workstation - Code Execution

CVE-2025-41236 CRITICAL

VMware ESXi, Workstation, and Fusion - RCE

CVE-2025-22242 MEDIUM

Salt 3006.x < 3006.12 and 3007.x < 3007.4 - Denial of Service via File Read Operation

CVE-2025-22241 MEDIUM

Salt 3006.x < 3006.12 and 3007.x < 3007.4 - Path Traversal in VirtKey Class

CVE-2025-22240 MEDIUM

Salt 3006.x < 3006.12 and 3007.x < 3007.4 - Arbitrary File Deletion via GitFS find_file Method

CVE-2025-22239 HIGH

Salt 3006.0rc1-3006.11 and 3007.0-3007.3 - Arbitrary Event Injection via _minion_event Method

CVE-2025-22238 MEDIUM

Salt 3006.0rc1-3006.11 and 3007.0-3007.3 - Path Traversal and Arbitrary File Write in Minion File Cache

CVE-2025-22237 MEDIUM

SaltStack <version> - Command Injection

CVE-2025-22236 HIGH

Salt 3007.0-3007.3 and 3006.0-3006.11 - Minion Event Bus Authorization Bypass

CVE-2025-41234 MEDIUM

Spring Framework <6.0.5, 6.1.x, 6.2.x - RFD

CVE-2025-41233 MEDIUM

VMware AVI Load Balancer - Authenticated SQL Injection

CVE-2025-22245 MEDIUM

VMware NSX 3.2-4.1.2.5 - Stored Cross-Site Scripting in Router Port

Previous Page 3 of 38 Next

Products

workstation 213 esxi 139 cloud_foundation 132 fusion 131 player 89 esx 86 vcenter_server 79 server 58 spring_framework 48 ace 44 identity_manager 28 workstation_pro 27 workstation_player 26 horizon_client 25 spring_security 24 Workstation 23 tools 22 vrealize_suite_lifecycle_manager 21 vrealize_automation 20 spring_boot 18 vrealize_operations 18 ESXi 16 vmware_workstation 15 vrealize_log_insight 15 workspace_one_access 15 horizon_view 14 spring_ai 14 vcenter_server_appliance 14 Fusion 13 aria_operations 13

Quick Filters

Critical CVEs With Exploits In CISA KEV

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy