vmware

950 tracked vulnerabilities.

CVE-2025-22244 MEDIUM
VMware NSX - Stored Cross-Site Scripting in Gateway Firewall
Jun 04, 2025
CVSS 6.9
EPSS 0.00
CVE-2025-22243 HIGH
VMware NSX Manager UI - Stored Cross-Site Scripting
Jun 04, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-41235 HIGH
Spring Cloud Gateway Server 4.2.0-4.2.2 - HTTP Request Smuggling via Forwarded Header Handling
May 30, 2025
CVSS 8.6
EPSS 0.00
CVE-2025-41228 MEDIUM
VMware vCenter Server 8.0-8.0 U3e and Cloud Foundation 4.5.x-5.x - Reflected Cross-Site Scripting
May 20, 2025
CVSS 4.3
EPSS 0.06
CVE-2025-41227 MEDIUM
VMware ESXi, Workstation, and Fusion - DoS
May 20, 2025
CVSS 5.5
EPSS 0.00
CVE-2025-41226 MEDIUM
VMware ESXi 7.0-8.0 - Denial of Service via Guest Operation
May 20, 2025
CVSS 6.8
EPSS 0.00
CVE-2025-41225 HIGH
VMware vCenter Server 7.0-7.0 U3v, 8.0-8.0 U3e - Authenticated OS Command Injection via Alarm Script Action
May 20, 2025
CVSS 8.8
EPSS 0.00
CVE-2025-41231 HIGH
VMware Cloud Foundation 4.5-4.5.1 - Missing Authorization
May 20, 2025
CVSS 7.3
EPSS 0.00
CVE-2025-41230 HIGH
VMware Cloud Foundation - Info Disclosure
May 20, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-41229 HIGH
VMware Cloud Foundation - Path Traversal
May 20, 2025
CVSS 8.2
EPSS 0.02
CVE-2025-22249 HIGH
VMware Aria Automation - DOM-Based Cross-Site Scripting via Crafted Payload URL
May 13, 2025
CVSS 8.2
EPSS 0.00
CVE-2025-22231 HIGH
VMware Aria Operations - Privilege Escalation
Apr 01, 2025
CVSS 7.8
EPSS 0.00
CVE-2025-22226 HIGH KEV
VMware ESXi, Workstation, and Fusion - Info Disclosure
Mar 04, 2025
CVSS 7.1
EPSS 0.04
CVE-2025-22225 HIGH KEV
VMware ESXi - Arbitrary Kernel Write via VMX Process
Mar 04, 2025
CVSS 8.2
EPSS 0.10
CVE-2025-22224 CRITICAL KEV
VMware ESXi, Workstation - Code Injection
Mar 04, 2025
CVSS 9.3
EPSS 0.47
CVE-2025-22222 HIGH
VMware Aria Operations - Info Disclosure
Jan 30, 2025
CVSS 7.7
EPSS 0.01
CVE-2025-22221 MEDIUM
VMware Aria Operation for Logs - XSS
Jan 30, 2025
CVSS 5.2
EPSS 0.00
CVE-2025-22220 MEDIUM
VMware Aria Operations for Logs - Privilege Escalation
Jan 30, 2025
CVSS 4.3
EPSS 0.00
CVE-2025-22219 MEDIUM
VMware Aria Operations for Logs - XSS
Jan 30, 2025
CVSS 6.8
EPSS 0.00
CVE-2025-22218 HIGH
VMware Aria Operations for Logs - Info Disclosure
Jan 30, 2025
CVSS 8.5
EPSS 0.01
CVE-2025-22215 MEDIUM
VMware Aria Automation < 8.18.1 patch 1 - Server-Side Request Forgery
Jan 08, 2025
CVSS 4.3
EPSS 0.00
CVE-2024-38825 MEDIUM
Salt 3006.0rc1-3006.11 and 3007.0-3007.3 - Improper Authentication in PKI Module
Jun 13, 2025
CVSS 6.4
EPSS 0.00
CVE-2024-38823 LOW
Salt's Request Server - Replay Attack
Jun 13, 2025
CVSS 2.7
EPSS 0.00
CVE-2024-38822 LOW
Salt Master <unknown - Privilege Escalation
Jun 13, 2025
CVSS 2.7
EPSS 0.00
CVE-2024-38834 MEDIUM
VMware Aria Operations 8.0-8.18.1 - Stored Cross-Site Scripting
Nov 26, 2024
CVSS 6.5
EPSS 0.01
Products
workstation 213 esxi 139 cloud_foundation 132 fusion 131 player 89 esx 86 vcenter_server 79 server 58 spring_framework 48 ace 44 identity_manager 28 workstation_pro 27 workstation_player 26 horizon_client 25 spring_security 24 Workstation 23 tools 22 vrealize_suite_lifecycle_manager 21 vrealize_automation 20 spring_boot 18 vrealize_operations 18 ESXi 16 vmware_workstation 15 vrealize_log_insight 15 workspace_one_access 15 horizon_view 14 spring_ai 14 vcenter_server_appliance 14 Fusion 13 aria_operations 13
Quick Filters
Critical CVEs With Exploits In CISA KEV