Vmware Security Vulnerabilities (CVEs)
Track 104 security vulnerabilities affecting Vmware products and software. Get instant email alerts when new CVEs are discovered, automated security monitoring, and patch guidance.
CVE-2026-22719 is a command injection vulnerability in VMware Aria Operations that allows unauthenticated attackers to execute arbitrary commands duri...
Feb 25, 2026This CVE describes a local privilege escalation vulnerability in VMware Aria Operations and VMware Tools. A malicious local user with non-administrati...
Sep 29, 2025VMware NSX Manager UI has a stored XSS vulnerability that allows attackers to inject malicious scripts into web pages viewed by other users. This affe...
Jun 4, 2025VMware NSX contains a stored Cross-Site Scripting vulnerability in the router port due to improper input validation. This allows authenticated attacke...
Jun 4, 2025VMware Cloud Foundation contains a missing authorization vulnerability that allows authenticated users to perform unauthorized actions and access limi...
May 20, 2025This DOM-based XSS vulnerability in VMware Aria Automation allows attackers to steal authenticated users' access tokens by tricking them into clicking...
May 13, 2025This CVE describes a TOCTOU vulnerability in VMware ESXi and Workstation that allows local administrative users within a virtual machine to execute ar...
Mar 4, 2025This vulnerability allows attackers with administrative privileges on a virtual machine to read memory from the host's vmx process, potentially exposi...
Mar 4, 2025VMware Aria Operations for Logs contains a stored cross-site scripting vulnerability that allows authenticated non-administrative users to inject mali...
Jan 30, 2025VMware Aria Operations for Logs contains a stored cross-site scripting vulnerability where an authenticated admin user can inject malicious scripts. W...
Jan 30, 2025VMware Aria Operations contains an information disclosure vulnerability where authenticated non-administrative users can retrieve credentials for outb...
Jan 30, 2025VMware Aria Operations for Logs contains an information disclosure vulnerability where authenticated users with View Only Admin permissions can read c...
Jan 30, 2025CVE-2024-38830 is a local privilege escalation vulnerability in VMware Aria Operations. Attackers with local administrative access can exploit this to...
Nov 26, 2024VMware Aria Operations contains a stored cross-site scripting vulnerability that allows authenticated users with editing access to inject malicious sc...
Nov 26, 2024VMware Aria Operations contains a stored cross-site scripting vulnerability that allows authenticated users with editing access to cloud providers to ...
Nov 26, 2024An authenticated SQL injection vulnerability in VMware HCX allows authenticated non-administrator users to execute arbitrary SQL queries, potentially ...
Oct 16, 2024CVE-2024-38812 is a critical heap-overflow vulnerability in vCenter Server's DCERPC protocol implementation that allows remote code execution. Attacke...
Sep 17, 2024CVE-2024-38811 is a code execution vulnerability in VMware Fusion where attackers with standard user privileges can exploit an insecure environment va...
Sep 3, 2024This vulnerability allows authenticated malicious users with access to the Skipper server API in Spring Cloud Data Flow to write arbitrary files anywh...
Jul 25, 2024CVE-2024-22280 is a SQL injection vulnerability in VMware Aria Automation that allows authenticated attackers to execute arbitrary SQL queries. This e...
Jul 11, 2024This vulnerability allows a malicious actor with local administrative privileges on a virtual machine with an existing snapshot to trigger an out-of-b...
Jun 25, 2024CVE-2024-37079 is a critical heap overflow vulnerability in vCenter Server's DCERPC protocol implementation that allows remote code execution. Attacke...
Jun 18, 2024CVE-2024-37081 is a local privilege escalation vulnerability in VMware vCenter Server caused by sudo misconfigurations. Authenticated local users with...
Jun 18, 2024CVE-2024-22274 is an authenticated remote code execution vulnerability in VMware vCenter Server. Attackers with administrative shell access on the vCe...
May 21, 2024This vulnerability allows a malicious actor with local administrative privileges on a VMware virtual machine to read privileged information from hyper...
May 14, 2024CVE-2024-22267 is a use-after-free vulnerability in VMware Workstation and Fusion's vbluetooth device that allows a malicious actor with local adminis...
May 14, 2024Spring Framework applications using UriComponentsBuilder to parse external URLs with host validation are vulnerable to open redirect and SSRF attacks....
Mar 16, 2024This CVE describes an out-of-bounds write vulnerability in VMware ESXi that could allow a malicious actor with VMX process privileges to escape the sa...
Mar 5, 2024This CVE describes a use-after-free vulnerability in VMware's XHCI USB controller that allows a malicious actor with local administrative privileges o...
Mar 5, 2024This vulnerability in Spring Security allows broken access control when applications directly use AuthenticationTrustResolver.isFullyAuthenticated() w...
Feb 20, 2024This CVE describes a local privilege escalation vulnerability in VMware Aria Operations for Networks. Console users with existing access can exploit t...
Feb 6, 2024This vulnerability in Spring Framework allows attackers to cause denial-of-service (DoS) conditions by sending specially crafted HTTP requests. Applic...
Jan 22, 2024CVE-2023-34063 is a missing access control vulnerability in VMware Aria Automation that allows authenticated malicious actors to access remote organiz...
Jan 16, 2024CVE-2022-22942 is a local privilege escalation vulnerability in the vmwgfx driver that allows unprivileged local users to access files opened by other...
Dec 13, 2023This CVE describes an authentication bypass vulnerability in VMware Cloud Director Appliance 10.5 when upgraded from older versions. Attackers with ne...
Nov 14, 2023This CVE is an open redirect vulnerability in VMware Workspace ONE UEM console that allows attackers to redirect victims to malicious sites and potent...
Oct 31, 2023CVE-2023-34059 is a file descriptor hijack vulnerability in open-vm-tools' vmware-user-suid-wrapper that allows non-root users to hijack the /dev/uinp...
Oct 27, 2023CVE-2023-34057 is a local privilege escalation vulnerability in VMware Tools that allows a user with local access to a guest virtual machine to elevat...
Oct 27, 2023CVE-2023-34048 is a critical out-of-bounds write vulnerability in vCenter Server's DCERPC protocol implementation that allows remote code execution. A...
Oct 25, 2023This vulnerability allows an attacker with local administrative privileges on a VMware virtual machine to read privileged information from hypervisor ...
Oct 20, 2023CVE-2023-34051 is an authentication bypass vulnerability in VMware Aria Operations for Logs that allows unauthenticated attackers to inject files and ...
Oct 20, 2023This CVE describes a privilege escalation vulnerability in VMware vSphere where a malicious actor with Guest Operation Privileges in a target virtual ...
Aug 31, 2023This vulnerability allows authenticated administrative users in VMware Aria Operations for Networks to write files to arbitrary locations, potentially...
Aug 29, 2023CVE-2023-34039 allows attackers to bypass SSH authentication in VMware Aria Operations for Networks due to weak cryptographic key generation. This ena...
Aug 29, 2023This vulnerability allows attackers with network access to VMware vCenter Server to send specially crafted DCERPC packets causing memory corruption th...
Jun 22, 2023This CVE describes a heap overflow vulnerability in vCenter Server's DCERPC protocol implementation due to uninitialized memory usage. Attackers with ...
Jun 22, 2023CVE-2023-20887 is a command injection vulnerability in VMware Aria Operations for Networks that allows remote code execution. Attackers with network a...
Jun 7, 2023This vulnerability in VMware Aria Operations for Networks allows attackers with network access to execute arbitrary commands through command injection...
Jun 7, 2023This vulnerability in Spring Boot allows denial-of-service attacks when Spring MVC applications are deployed behind reverse proxy caches. Attackers ca...
May 26, 2023Greenplum Database versions before 6.22.3 have a path traversal vulnerability in tar file extraction within GPPKGs. This allows attackers to write arb...
May 15, 2023Why Monitor Vmware Security Vulnerabilities?
Real-time CVE tracking: Our automated system monitors 104+ known vulnerabilities affecting Vmware products and software packages. Stay ahead of emerging threats with instant email notifications when new security issues are discovered.
Automated security monitoring: Unlike manual CVE checking, FixTheCVE automatically scans your servers and detects vulnerable Vmware packages in under 60 seconds. No agents required - completely agentless scanning that works across Vmware deployments.
Free vulnerability database: Access detailed information about every Vmware CVE including CVSS scores, severity ratings, affected versions, and actionable patch guidance. Filter by critical, high, medium, or low severity to prioritize your security remediation efforts.
🚀 Get Started in 60 Seconds
- Register free account & add your servers
- Run one-time scan or schedule automatic monitoring (every 1-24 hours)
- Receive instant alerts when new Vmware CVEs affect your systems
- Access dashboard with severity breakdown & fix instructions
