20
CVEs
2
Critical
11
High
1
KEV
0
PoC
11
Unpatched C/H
15.0%
Patch Rate
0.4%
Avg EPSS
Severity Breakdown
CRITICAL
2
HIGH
11
MEDIUM
5
LOW
0
Monthly CVE Trend
Affected Products (13)
Top Risky CVEs
| CVE | Summary | Severity | CVSS | EPSS | Priority | Signals |
|---|---|---|---|---|---|---|
| CVE-2026-22719 | VMware Aria Operations contains a command injection vulnerability (CVE-2026-22719, CVSS 8.1) that allows unauthenticated remote attackers to execute arbitrary commands during support-assisted product migration. KEV-listed with patches available, this vulnerability targets the infrastructure monitoring platform that has visibility into the entire virtualized environment. | HIGH | 8.1 | 7.4% | 98 |
KEV
|
| CVE-2025-69269 | Broadcom DX NetOps Spectrum (23.3.6 and earlier) has unauthenticated OS command injection on both Windows and Linux platforms. As a network management system, compromise gives attackers visibility and control over the entire monitored infrastructure. | CRITICAL | 9.8 | 0.1% | 49 |
No patch
|
| CVE-2025-69270 | Broadcom DX NetOps Spectrum (24.3.8 and earlier) exposes session tokens in URL query strings, enabling session hijacking through browser history, referer headers, or proxy logs. | CRITICAL | 9.8 | 0.1% | 49 |
No patch
|
| CVE-2025-69276 | Deserialization of Untrusted Data vulnerability in Broadcom DX NetOps Spectrum on Windows, Linux allows Object Injection.This issue affects DX NetOps Spectrum: 24.3.13 and earlier. [CVSS 8.8 HIGH] | HIGH | 8.8 | 0.2% | 44 |
No patch
|
| CVE-2025-69274 | Authorization Bypass Through User-Controlled Key vulnerability in Broadcom DX NetOps Spectrum on Windows, Linux allows Privilege Escalation.This issue affects DX NetOps Spectrum: 24.3.10 and earlier. [CVSS 8.8 HIGH] | HIGH | 8.8 | 0.1% | 44 |
No patch
|
| CVE-2026-22720 | Stored XSS in VMware Aria Operations allows authenticated users with benchmark creation privileges to inject malicious scripts and execute arbitrary administrative actions within the platform. This vulnerability affects VMware, Broadcom, and Telco Cloud Infrastructure products with a CVSS score of 8.0, requiring user interaction to trigger the attack. Patches are available through VMSA-2026-0001. | HIGH | 8.0 | 0.1% | 40 |
|
| CVE-2025-69273 | Improper Authentication vulnerability in Broadcom DX NetOps Spectrum on Windows, Linux allows Authentication Bypass.This issue affects DX NetOps Spectrum: 24.3.10 and earlier. [CVSS 7.5 HIGH] | HIGH | 7.5 | 0.1% | 38 |
No patch
|
| CVE-2025-69271 | Insufficiently Protected Credentials vulnerability in Broadcom DX NetOps Spectrum on Windows, Linux allows Sniffing Attacks.This issue affects DX NetOps Spectrum: 24.3.13 and earlier. [CVSS 7.5 HIGH] | HIGH | 7.5 | 0.0% | 38 |
No patch
|
| CVE-2025-69272 | Cleartext Transmission of Sensitive Information vulnerability in Broadcom DX NetOps Spectrum on Windows, Linux allows Sniffing Attacks.This issue affects DX NetOps Spectrum: 21.2.1 and earlier. [CVSS 7.5 HIGH] | HIGH | 7.5 | 0.0% | 38 |
No patch
|
| CVE-2025-13918 | Symantec Endpoint Protection, prior to 14.3 RU10 Patch 1, RU9 Patch 2, and RU8 Patch 3, may be susceptible to a Elevation of Privilege vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user. [CVSS 6.7 MEDIUM] | MEDIUM | 6.7 | 0.0% | 34 |
No patch
|
| CVE-2025-69267 | Improper Limitation of a Pathname to a Restricted Directory (Path Traversal) vulnerability in Broadcom DX NetOps Spectrum on Windows, Linux allows Path Traversal.This issue affects DX NetOps Spectrum: 24.3.8 and earlier. [CVSS 6.5 MEDIUM] | MEDIUM | 6.5 | 0.1% | 33 |
No patch
|
| CVE-2026-22721 | Privilege escalation in VMware Aria Operations allows authenticated users with vCenter access to escalate their privileges to administrative level within Aria Operations. The vulnerability affects multiple Broadcom products including Telco Cloud Platform, Aria Operations, and Cloud Foundation, requiring administrative intervention but no user interaction to exploit. Patches are available through VMSA-2026-0001. | MEDIUM | 6.2 | 0.1% | 31 |
|
| CVE-2025-69268 | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Broadcom DX NetOps Spectrum on Windows, Linux allows Reflected XSS.This issue affects DX NetOps Spectrum: 24.3.8 and earlier. [CVSS 6.1 MEDIUM] | MEDIUM | 6.1 | 0.0% | 31 |
No patch
|
| CVE-2025-69275 | Dependency on Vulnerable Third-Party Component vulnerability in Broadcom DX NetOps Spectrum on Windows, Linux allows DOM-Based XSS.This issue affects DX NetOps Spectrum: 24.3.9 and earlier. [CVSS 6.1 MEDIUM] | MEDIUM | 6.1 | 0.0% | 31 |
No patch
|
| CVE-2026-23041 | In the Linux kernel, the following vulnerability has been resolved: bnxt_en: Fix NULL pointer crash in bnxt_ptp_enable during error cleanup When bnxt_init_one() fails during initialization (e.g., bnxt_init_int_mode returns -ENODEV), the error path calls bnxt_free_hwrm_resources() which destroys the DMA pool and sets bp->hwrm_dma_pool to NULL. | – | 0.0% | 0 |
No patch
|