Vulnerabilities in vmware
225 resultsCVE-2017-4938—VMware Workstation (12.x before 12.5.8) and Fusion (8.x before 8.5.9) contain a guest RPC NULL pointer dereference vulnerability. SuccessfulEPSS 0.4%CVE-2020-3966—VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x beEPSS 0.4%CVE-2017-4943—VMware vCenter Server Appliance (vCSA) (6.5 before 6.5 U1d) contains a local privilege escalation vulnerability via the 'showlog' plugin. SuEPSS 0.4%CVE-2017-4895—Airwatch Agent for Android contains a vulnerability that may allow a device to bypass root detection. Successful exploitation of this issue EPSS 0.4%CVE-2024-22250HIGHSession Hijack Vulnerability in Deprecated EAP Browser PluginEPSS 0.3%CVE-2026-22740MEDIUMSpring Framework DoS with Multipart Temp Files in WebFluxEPSS 0.3%CVE-2026-22745MEDIUMCVE-2026-22745 : Denial of service in static resource handling on Windows platformsEPSS 0.3%CVE-2025-22227MEDIUMCVE-2025-22227: Authentication Leak On Redirect With Reactor Netty HTTP ClientEPSS 0.3%CVE-2017-4900—VMware Workstation Pro/Player 12.x before 12.5.3 contains a NULL pointer dereference vulnerability that exists in the SVGA driver. SuccessfuEPSS 0.3%CVE-2017-4896—Airwatch Inbox for Android contains a vulnerability that may allow a rooted device to decrypt the local data used by the application. SuccesEPSS 0.3%CVE-2020-3971—VMware ESXi (6.7 before ESXi670-201904101-SG and 6.5 before ESXi650-201907101-SG), Workstation (15.x before 15.0.2), and Fusion (11.x beforeEPSS 0.3%CVE-2015-5191—VMware Tools prior to 10.0.9 contains multiple file system races in libDeployPkg, related to the use of hard-coded paths under /tmp. SuccessEPSS 0.3%CVE-2024-38834MEDIUMStored cross-site scripting vulnerability (CVE-2024-38834)EPSS 0.3%CVE-2025-22249HIGHVMSA-2025-0008: VMware Aria automation updates address a DOM based Cross-site scripting vulnerability (CVE-2025-22249)EPSS 0.3%CVE-2026-41724HIGHVMSA-2026-0004: VMware Cloud Foundation Operations updates address multiple vulnerabilities (CVE-2026-41722, CVE-2026-41723 and CVE-2026-41724)EPSS 0.3%CVE-2025-22243HIGHVMware NSX Manager UI is vulnerable to a stored Cross-Site Scripting (XSS) attack due to improper input validation.EPSS 0.3%CVE-2025-22220MEDIUMVMware Aria Operations for Logs broken access control vulnerability (CVE-2025-22220)EPSS 0.3%CVE-2026-41722HIGHVMSA-2026-0004: VMware Cloud Foundation Operations updates address multiple vulnerabilities (CVE-2026-41722, CVE-2026-41723 and CVE-2026-41724)EPSS 0.3%CVE-2020-3941—The repair operation of VMware Tools for Windows 10.x.y has a race condition which may allow for privilege escalation in the Virtual MachineEPSS 0.3%CVE-2017-4899—VMware Workstation Pro/Player 12.x before 12.5.3 contains a security vulnerability that exists in the SVGA driver. An attacker may exploit tEPSS 0.3%