cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2025-22215,https://securityvulnerability.io/vulnerability/CVE-2025-22215,Server-Side Request Forgery in VMware Aria Automation,"VMware Aria Automation exposes a server-side request forgery (SSRF) vulnerability that allows a malicious actor with 'Organization Member' access to exploit the system. By leveraging this vulnerability, the actor can enumerate and potentially access sensitive internal services running on the host or network, which could lead to unauthorized data exposure and compromise of the environment. It is crucial for organizations using this product to assess their risk and implement necessary security measures to protect against exploitation.",Vmware,"Vmware Aria Automation,Vmware Cloud Foundation (vmware Aria Automation)",4.3,MEDIUM,0.0004299999854993075,false,,false,false,false,false,false,false,2025-01-08T06:43:32.023Z,0
CVE-2024-38827,https://securityvulnerability.io/vulnerability/CVE-2024-38827,Authorization Rules May Not Work Properly Due to Locale-Dependent Exceptions in Java,The usage of String.toLowerCase() and String.toUpperCase() has some Locale dependent exceptions that could potentially result in authorization rules not working properly.,Spring By Vmware Tanzu,Spring Security,4.8,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,2024-12-02T14:32:12.471Z,0
CVE-2024-38834,https://securityvulnerability.io/vulnerability/CVE-2024-38834,VMware Aria Operations Exposes Cross-Site Scripting Vulnerability,VMware Aria Operations contains a stored cross-site scripting vulnerability. A malicious actor with editing access to cloud provider might be able to inject malicious script leading to stored cross-site scripting in the product VMware Aria Operations.,Vmware,Vmware Aria Operations,6.5,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,2024-11-26T11:56:48.573Z,0
CVE-2024-38833,https://securityvulnerability.io/vulnerability/CVE-2024-38833,VMware Aria Operations Vulnerability: Stored Cross-Site Scripting Flaw,VMware Aria Operations contains a stored cross-site scripting vulnerability. A malicious actor with editing access to email templates might inject malicious script leading to stored cross-site scripting in the product VMware Aria Operations.,Vmware,Vmware Aria Operations,6.8,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,2024-11-26T11:54:54.847Z,0
CVE-2024-38832,https://securityvulnerability.io/vulnerability/CVE-2024-38832,VMware Aria Operations Stored XSS Vulnerability,"VMware Aria Operations is affected by a stored cross-site scripting vulnerability that permits a malicious actor with editing access to views to inject harmful scripts. This flaw can compromise user data and session integrity, posing significant risks to application security. It is advised for users and administrators to review their access controls and apply any necessary patches to mitigate this vulnerability.",Vmware,Vmware Aria Operations,7.1,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,2024-11-26T11:51:39.551Z,0
CVE-2024-38831,https://securityvulnerability.io/vulnerability/CVE-2024-38831,VMware Aria Operations Local Privilege Escalation Vulnerability,"VMware Aria Operations is exposed to a local privilege escalation vulnerability that allows a malicious actor, who already possesses local administrative privileges, to escalate their privileges to that of a root user. This can be achieved by inserting malicious commands into the properties file on the appliance running VMware Aria Operations. Organizations using this product should review their permissions and implement appropriate security measures to prevent exploitation.",Vmware,Vmware Aria Operations,7.8,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,2024-11-26T11:50:20.202Z,0
CVE-2024-38830,https://securityvulnerability.io/vulnerability/CVE-2024-38830,Local Privilege Escalation Vulnerability Affects VMware Aria Operations,"VMware Aria Operations is susceptible to a local privilege escalation vulnerability that allows a malicious actor with existing local administrative privileges to escalate their access to the root user level on the appliance. This weakness poses a serious risk as it can lead to unauthorized control of the system, enabling the attacker to perform critical actions that can compromise the integrity and confidentiality of the underlying infrastructure. Organizations must assess their deployments and apply the necessary mitigations to protect their systems from potential exploitation.",Vmware,Vmware Aria Operations,7.8,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,2024-11-26T11:49:16.781Z,0
CVE-2024-38820,https://securityvulnerability.io/vulnerability/CVE-2024-38820,Insensitive Patterns in DataBinder Could Leave Fields Vulnerable,"A recent vulnerability in the Spring Framework's DataBinder arises from an insufficient fix implemented for a previous issue. The update intended to enhance the protection of fields by making disallowedFields patterns case insensitive. However, the method String.toLowerCase() exhibits certain locale-dependent behaviors that may lead to unexpected results, resulting in potential exposure of sensitive fields that should be restricted. This oversight may undermine the security measures expected from the DataBinder, making it crucial for developers to review their implementations and ensure necessary mitigations are in place.",Vmware,Spring,5.3,MEDIUM,0.000539999979082495,false,,true,false,false,,false,false,2024-10-18T05:39:05.275Z,0
CVE-2024-38814,https://securityvulnerability.io/vulnerability/CVE-2024-38814,VMware HCX Authenticated SQL Injection Vulnerability,"The article discusses a high-severity SQL injection vulnerability in VMware HCX, tracked as CVE-2024-38814, which allows non-admin users to execute remote code on the HCX manager. The vulnerability was privately reported to VMware, impacting multiple versions of the HCX platform. An authenticated user with non-admin rights could exploit the flaw and execute unauthorized remote code on the HCX manager. The article also mentions that updates are available to remediate this vulnerability in affected VMware products.",VMware,Vmware Hcx,8.8,HIGH,0.0006900000153109431,false,,true,false,true,,false,false,2024-10-16T17:15:00.000Z,0
CVE-2024-38818,https://securityvulnerability.io/vulnerability/CVE-2024-38818,VMware NSX: Local Privilege Escalation Vulnerability,"VMware NSX contains a local privilege escalation vulnerability. 

An authenticated malicious actor may exploit this vulnerability to obtain permissions from a separate group role than previously assigned.",VMware,,,,0.0004299999854993075,false,,false,false,false,,false,false,2024-10-09T20:15:00.000Z,0
CVE-2024-38817,https://securityvulnerability.io/vulnerability/CVE-2024-38817,VMware NSX Injection Vulnerability Allows Root Access,"VMware NSX contains a command injection vulnerability. 

A malicious actor with access to the NSX Edge CLI terminal may be able to craft malicious payloads to execute arbitrary commands on the operating system as root.",VMware,"Vmware Nsx, Vmware Cloud Foundation",6.7,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,2024-10-09T20:15:00.000Z,0
CVE-2024-38815,https://securityvulnerability.io/vulnerability/CVE-2024-38815,VMware NSX Content Spoofing Vulnerability,"VMware NSX contains a content spoofing vulnerability. 

An unauthenticated malicious actor may be able to craft a URL and redirect a victim to an attacker controlled domain leading to sensitive information disclosure.",VMware,,,,0.0004299999854993075,false,,false,false,false,,false,false,2024-10-09T20:15:00.000Z,0
CVE-2024-38813,https://securityvulnerability.io/vulnerability/CVE-2024-38813,Privilege escalation vulnerability,"A privilege escalation vulnerability exists in VMware vCenter Server, enabling a remote attacker with network access to elevate their privileges to root. This is exploited by sending specially crafted network packets aimed at the vCenter Server. It is crucial for organizations using affected versions to assess their security posture and implement necessary safeguards to protect their systems against potential exploits.",Vmware,"Vmware Vcenter Server,Vmware Cloud Foundation",7.5,HIGH,0.0041600000113248825,true,2024-11-20T00:00:00.000Z,true,false,true,,false,false,2024-09-17T18:15:00.000Z,0
CVE-2024-38812,https://securityvulnerability.io/vulnerability/CVE-2024-38812,vCenter Server Heap Overflow Vulnerability,"A heap-overflow vulnerability exists in the vCenter Server's implementation of the DCERPC protocol, allowing a remote attacker with network access to exploit this weakness. By sending a specially crafted network packet, the attacker may be able to execute arbitrary code on the affected system. This vulnerability poses a significant risk, as it could lead to unauthorized access or control over the system, highlighting the importance of maintaining robust network security practices and applying updates promptly.",VMware,"Vmware Vcenter Server,Vmware Cloud Foundation",9.8,CRITICAL,0.0041600000113248825,true,2024-11-20T00:00:00.000Z,true,false,true,true,true,true,2024-09-17T18:15:00.000Z,6630
CVE-2024-38811,https://securityvulnerability.io/vulnerability/CVE-2024-38811,VMware Fusion Vulnerability Allows Code Execution with Standard User Privileges,"VMware Fusion versions prior to 13.6 are vulnerable to a code-execution issue stemming from the use of an insecure environment variable. This flaw enables an attacker with standard user privileges to execute arbitrary code within the context of the Fusion application, potentially leading to unauthorized actions or further exploitation of the environment. Organizations using VMware Fusion should address this vulnerability by updating to the latest version to mitigate potential risks associated with this security gap.",VMware,Fusion,7.8,HIGH,0.0004199999966658652,false,,true,false,false,,false,false,2024-09-03T09:47:28.120Z,0
CVE-2024-22280,https://securityvulnerability.io/vulnerability/CVE-2024-22280,VMware Aria Automation Vulnerability,"VMware Aria Automation exhibits a vulnerability due to insufficient input validation, enabling an authenticated user to execute crafted SQL queries. This flaw can lead to unauthorized data manipulation, allowing malicious actors to perform read or write operations directly in the underlying database. It is imperative for users of affected versions to assess their security measures and apply necessary updates or patches to safeguard their environments.",Vmware,Vmware Aria Automation,8.1,HIGH,0.0004600000102072954,false,,false,false,false,,false,false,2024-07-11T04:39:09.353Z,0
CVE-2024-22271,https://securityvulnerability.io/vulnerability/CVE-2024-22271,Spring Cloud Function Web DOS Vulnerability,"The Spring Cloud Function Framework is susceptible to a Denial of Service (DoS) attack when users attempt to compose functions that do not exist. This vulnerability is present in versions 4.1.x prior to 4.1.2 and 4.0.x prior to 4.0.8, specifically when the Spring Cloud Function Web module is employed. Exploiting this vulnerability could hinder the application's functionality and accessibility, as it can cause significant interruptions when improper function compositions occur.",Spring By Vmware Tanzu,Spring Cloud Function Framework,8.2,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,2024-07-09T13:15:00.000Z,0
CVE-2024-22232,https://securityvulnerability.io/vulnerability/CVE-2024-22232,Specially crafted url can be created which leads to a directory traversal in the salt file server,"A directory traversal vulnerability in the Salt File Server allows an attacker to craft a specially designed URL that exploits the server's file path handling. This vulnerability enables a malicious user to access arbitrary files on the Salt master’s filesystem, potentially leading to unauthorized disclosure of sensitive information. Admins of affected systems should implement security measures and updates to mitigate this vulnerability and protect against unauthorized file access.",Vmware,Salt Project,7.7,HIGH,0.0004400000034365803,false,,false,false,false,,false,false,2024-06-27T06:54:08.785Z,0
CVE-2024-22231,https://securityvulnerability.io/vulnerability/CVE-2024-22231,Syndic cache directory creation is vulnerable to a directory traversal attack,Syndic cache directory creation is vulnerable to a directory traversal attack in salt project which can lead a malicious attacker to create an arbitrary directory on a Salt master.,Vmware,Salt Project,5,MEDIUM,0.0004400000034365803,false,,false,false,false,,false,false,2024-06-27T06:51:44.428Z,0
CVE-2024-37087,https://securityvulnerability.io/vulnerability/CVE-2024-37087,VMware vCenter Server Denial-of-Service Vulnerability,The vCenter Server contains a denial-of-service vulnerability. A malicious actor with network access to vCenter Server may create a denial-of-service condition.,VMware,"Vcenter Server,Vmware Cloud Foundation",5.3,MEDIUM,0.0006500000017695129,false,,false,false,false,,false,false,2024-06-25T14:16:13.273Z,0
CVE-2024-37086,https://securityvulnerability.io/vulnerability/CVE-2024-37086,VMware ESXi Out-of-Bounds Read Vulnerability Could Lead to Denial of Service,"VMware ESXi contains an out-of-bounds read vulnerability. A
 malicious actor with local administrative privileges on a virtual 
machine with an existing snapshot may trigger an out-of-bounds read 
leading to a denial-of-service condition of the host.",VMware,"Esxi,Vmware Cloud Foundation",6.8,MEDIUM,0.0004299999854993075,false,,true,false,false,,false,false,2024-06-25T14:16:08.233Z,0
CVE-2024-37085,https://securityvulnerability.io/vulnerability/CVE-2024-37085,VMware ESXi Authentication Bypass Vulnerability,"VMware ESXi is susceptible to a critical authentication bypass vulnerability that enables a malicious actor with appropriate Active Directory permissions to gain unauthorized access to the ESXi host. This situation arises when the 'ESXi Admins' AD group, used for user management, is deleted from Active Directory and subsequently recreated by the attacker. Restoring this group allows elevated access rights, compromising the integrity of the host and potentially exposing sensitive information and functionalities. Administrators are advised to review access control measures and implement best practices to mitigate the risk associated with this vulnerability.",VMware,"Vmware Esxi,Vmware Cloud Foundation",7.2,HIGH,0.010470000095665455,true,2024-07-30T00:00:00.000Z,true,true,true,true,true,true,2024-06-25T14:16:01.280Z,65164
CVE-2024-22263,https://securityvulnerability.io/vulnerability/CVE-2024-22263,Malicious File Write Vulnerability in Skipper Server,"The vulnerability allows a malicious user with access to the Skipper server API of Spring Cloud Data Flow to exploit improper sanitization of upload paths. This can lead to crafted upload requests that write arbitrary files to any location in the file system, potentially compromising the integrity of the server and exposing sensitive data.",Spring By Vmware Tanzu,Spring Cloud Skipper,8.8,HIGH,0.0004299999854993075,false,,false,false,true,true,false,false,2024-06-19T14:48:10.644Z,0
CVE-2024-37081,https://securityvulnerability.io/vulnerability/CVE-2024-37081,VMware vCenter Server Local Privilege Escalation Vulnerabilities,"The CVE-2024-37081 vulnerability in VMware vCenter Server allows an authenticated local user with non-administrative privileges to elevate privileges to root on the vCenter Server Appliance. This is a local privilege escalation vulnerability due to misconfiguration of sudo. The potential impact of this vulnerability is significant, as it can allow unauthorized elevation of privileges on the vCenter Server. The vendor affected by this vulnerability is VMware. There are no known exploits of this vulnerability by ransomware groups at this time.",VMware,"Vmware Vcenter Server,Vmware Cloud Foundation",7.8,HIGH,0.00279000005684793,false,,true,false,true,true,false,false,2024-06-18T05:43:20.580Z,0
CVE-2024-37080,https://securityvulnerability.io/vulnerability/CVE-2024-37080,vCenter Server Heap Overflow Vulnerability,"VMware vCenter Server is susceptible to a heap overflow vulnerability associated with the DCERPC protocol implementation. Malicious actors with network access can exploit this flaw by sending a specially crafted network packet. This breach may result in remote code execution, granting unauthorized access and control over affected systems. Organizations utilizing vCenter Server should prioritize applying patches and updates to mitigate potential risks.",VMware,"Vmware Vcenter Server,Vmware Cloud Foundation",9.8,CRITICAL,0.0009299999801442027,false,,true,false,true,,false,false,2024-06-18T05:43:10.901Z,0