Proxmox Virtual_environment
8 CVEs affecting Proxmox Virtual_environment. Latest disclosed: 2025-09-09. Critical: 2, High: 2.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2022-35508 | Critical | 9.8 | 2022-12-04 | Proxmox Virtual Environment (PVE) and Proxmox Mail Gateway (PMG) are vulnerable to SSRF when proxying HTTP requests between pve(pmg)proxy and pve(pmg)daemon. A… |
CVE-2022-31358 | Critical | 9.0 | 2022-12-14 | A reflected cross-site scripting (XSS) vulnerability in Proxmox Virtual Environment prior to v7.2-3 allows remote attackers to execute arbitrary web scripts or… |
CVE-2023-43320 | High | 8.8 | 2023-09-27 | An issue in Proxmox Server Solutions GmbH Proxmox VE v.5.4 thru v.8.0, Proxmox Backup Server v.1.1 thru v.3.0, and Proxmox Mail Gateway v.7.1 thru v.8.0 allows… |
CVE-2022-35507 | High | 7.1 | 2022-12-04 | A response-header CRLF injection vulnerability in the Proxmox Virtual Environment (PVE) and Proxmox Mail Gateway (PMG) web interface allows a remote attacker t… |
CVE-2025-57540 | Medium | 5.4 | 2025-09-09 | A stored cross-site scripting (XSS) vulnerability exists in the WebAuthn Relying Party field within the Datacenter configuration of Proxmox Virtual Environment… |
CVE-2025-57539 | Medium | 5.4 | 2025-09-09 | A stored cross-site scripting (XSS) vulnerability in the U2F Origin field of the Datacenter configuration in Proxmox Virtual Environment (PVE) 8.4 allows authe… |
CVE-2025-57538 | Medium | 5.4 | 2025-09-09 | A stored cross-site scripting (XSS) vulnerability in the HTTP Proxy field within the Datacenter configuration panel of Proxmox Virtual Environment (PVE) 8.4 al… |
CVE-2014-4156 | Medium | 5.3 | 2020-01-27 | Proxmox VE prior to 3.2: 'AccessControl.pm' User Enumeration Vulnerability |