9
CVEs
1
Critical
6
High
0
KEV
0
PoC
6
Unpatched C/H
11.1%
Patch Rate
0.0%
Avg EPSS
Severity Breakdown
CRITICAL
1
HIGH
6
MEDIUM
1
LOW
1
Monthly CVE Trend
Affected Products (30)
Cloud Foundation
17
Telco Cloud Platform
11
Telco Cloud Infrastructure
10
Aria Operations
5
Aria Operations For Logs
4
Windows
4
ESXi
3
Linux Kernel
3
Vmware Nsx
3
Workstation
2
Ubuntu
2
Fastconnect 7800 Firmware
1
Cloud Foundation Operations
1
Fusion
1
Fastconnect 6900 Firmware
1
Qam8650p Firmware
1
Fastconnect 6800 Firmware
1
Aria Automation
1
Qam8295p Firmware
1
Fastconnect 6700 Firmware
1
Qam8255p Firmware
1
Qam8620p Firmware
1
Open Vm Tools
1
Qam8775p Firmware
1
Qamsrv1h Firmware
1
Qamsrv1m Firmware
1
Qca6174a Firmware
1
Qca6310 Firmware
1
Qca6335 Firmware
1
Fastconnect 6200 Firmware
1
Top Risky CVEs
| CVE | Summary | Severity | CVSS | EPSS | Priority | Signals |
|---|---|---|---|---|---|---|
| CVE-2026-20794 | Buffer overflow for the Intel(R) Data Center Graphics Driver for VMware ESXi software before version 2.0.2 within Ring 1: Device Drivers may allow an | CRITICAL | 9.3 | 0.0% | 47 |
No patch
|
| CVE-2025-62623 | A heap-based buffer overflow in the ionic cloud driver for VMware ESXi could allow an attacker to achieve privilege escalation, potentially resulting | HIGH | 8.8 | 0.0% | 44 |
No patch
|
| CVE-2025-62624 | A heap-based buffer overflow in the ionic cloud driver for VMware ESXi could allow an attacker to achieve privilege escalation, potentially resulting | HIGH | 8.8 | 0.0% | 44 |
No patch
|
| CVE-2026-20751 | Out-of-bounds read for the Intel(R) Data Center Graphics Driver for VMware ESXi software before version 2.0.2 within Ring 1: Device Drivers may allow | HIGH | 8.3 | 0.0% | 42 |
No patch
|
| CVE-2026-20879 | Out-of-bounds write for the Intel(R) Data Center Graphics Driver for VMware ESXi software before version 2.0.2 within Ring 1: Device Drivers may allow | HIGH | 8.3 | 0.0% | 42 |
No patch
|
| CVE-2026-41702 | Local privilege escalation in VMware Fusion allows authenticated users with non-administrative privileges to gain root access by exploiting a TOCTOU race condition in a SETUID binary. The vulnerability requires local access and low attack complexity (CVSS:3.1 AV:L/AC:L/PR:L), enabling complete system compromise on macOS hosts running affected Fusion versions. EPSS and KEV status data not available; exploitation requires existing local user access but can bypass all privilege boundaries once triggered. | HIGH | 7.8 | 0.0% | 39 |
|
| CVE-2025-62627 | An untrusted pointer dereference in the ionic cloud driver for VMWare ESXi could allow an attacker with an unprivileged VM to read kernel memory or co | HIGH | 7.2 | 0.0% | 36 |
No patch
|
| CVE-2026-22716 | VMware Workstation 25H1 and earlier contains an out-of-bounds write vulnerability that allows unprivileged guest VM users to crash specific Workstation processes. The vulnerability requires user interaction and does not enable privilege escalation or data theft, making it suitable for denial-of-service attacks against the host virtualization platform. No patch is currently available for this medium-severity flaw. | MEDIUM | 5.0 | 0.0% | 25 |
No patch
|
| CVE-2026-22717 | Out-of-bound read vulnerability in VMware Workstation 25H1 and below on any platform allows an actor with non-administrative privileges on a guest VM to obtain limited information disclosure from the machine where VMware Workstation is installed. [CVSS 2.7 LOW] | LOW | 2.7 | 0.0% | 14 |
No patch
|