CVE-2026-22721
- EPSS 0.03%
- Veröffentlicht 25.02.2026 20:00:15
- Zuletzt bearbeitet 04.03.2026 15:54:26
VMware Aria Operations contains a privilege escalation vulnerability. A malicious actor with privileges in vCenter to access Aria Operations may leverage this vulnerability to obtain administrative access in VMware Aria Operations. To remediate CVE-2...
- EPSS 0.08%
- Veröffentlicht 25.02.2026 19:33:14
- Zuletzt bearbeitet 04.03.2026 15:55:32
VMware Aria Operations contains a stored cross-site scripting vulnerability. A malicious actor with privileges to create custom benchmarks may be able to inject script to perform administrative actions in VMware Aria Operations. To remediate CVE-20...
CVE-2026-22719
- EPSS 1.98%
- Veröffentlicht 25.02.2026 19:18:59
- Zuletzt bearbeitet 04.03.2026 15:08:13
VMware Aria Operations contains a command injection vulnerability. A malicious unauthenticated actor may exploit this issue to execute arbitrary commands which may lead to remote code execution in VMware Aria Operations while support-assisted product...
CVE-2025-41252
- EPSS 0.06%
- Veröffentlicht 29.09.2025 19:15:35
- Zuletzt bearbeitet 29.09.2025 19:34:10
Description: VMware NSX contains a username enumeration vulnerability. An unauthenticated malicious actor may exploit this to enumerate valid usernames, potentially leading to unauthorized access attempts. Impact: Username enumeration → facilitates...
CVE-2025-41251
- EPSS 0.06%
- Veröffentlicht 29.09.2025 19:15:35
- Zuletzt bearbeitet 29.09.2025 19:34:10
VMware NSX contains a weak password recovery mechanism vulnerability. An unauthenticated malicious actor may exploit this to enumerate valid usernames, potentially enabling brute-force attacks. Impact: Username enumeration → credential brute force r...
CVE-2025-41250
- EPSS 0.08%
- Veröffentlicht 29.09.2025 18:15:31
- Zuletzt bearbeitet 29.09.2025 19:34:10
VMware vCenter contains an SMTP header injection vulnerability. A malicious actor with non-administrative privileges on vCenter who has permission to create scheduled tasks may be able to manipulate the notification emails sent for scheduled tasks.
CVE-2025-41245
- EPSS 0.04%
- Veröffentlicht 29.09.2025 17:15:31
- Zuletzt bearbeitet 29.09.2025 19:34:10
VMware Aria Operations contains an information disclosure vulnerability. A malicious actor with non-administrative privileges in Aria Operations may exploit this vulnerability to disclose credentials of other users of Aria Operations.
CVE-2025-41244
- EPSS 0.37%
- Veröffentlicht 29.09.2025 17:15:30
- Zuletzt bearbeitet 06.11.2025 13:58:13
VMware Aria Operations and VMware Tools contain a local privilege escalation vulnerability. A malicious local actor with non-administrative privileges having access to a VM with VMware Tools installed and managed by Aria Operations with SDMP enabled ...
CVE-2025-41241
- EPSS 0.05%
- Veröffentlicht 29.07.2025 12:25:55
- Zuletzt bearbeitet 29.07.2025 14:14:29
VMware vCenter contains a denial-of-service vulnerability. A malicious actor who is authenticated through vCenter and has permission to perform API calls for guest OS customisation may trigger this vulnerability to create a denial-of-service conditio...
CVE-2025-41239
- EPSS 0.04%
- Veröffentlicht 15.07.2025 18:35:03
- Zuletzt bearbeitet 15.07.2025 20:07:28
VMware ESXi, Workstation, Fusion, and VMware Tools contains an information disclosure vulnerability due to the usage of an uninitialised memory in vSockets. A malicious actor with local administrative privileges on a virtual machine may be able to ex...