vmware

1,004 tracked vulnerabilities.

CVE-2026-59269 LOW
Pinniped 0.11.0-0.46.0 - Active Directory LDAP Privilege Escalation
Jul 09, 2026
CVSS 3.8
EPSS 0.00
CVE-2026-47835 HIGH
Spring AI vector store metadata filtering to handle special characters in Elasticsearch, OpenSearch, and GemFire Vector Stores
Jun 15, 2026
CVSS 8.6
EPSS 0.00
CVE-2026-41856 HIGH
Spring GraphQL Annotation Detection Vulnerability
Jun 11, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-41700 HIGH
Cross-Site WebSocket Hijacking in Spring for GraphQL
Jun 11, 2026
CVSS 8.1
EPSS 0.00
CVE-2026-41699 HIGH
Unsafe Deserialization in Spring GraphQL
Jun 11, 2026
CVSS 8.1
EPSS 0.00
CVE-2026-47838 MEDIUM
Unauthorized User Impersonation when Using X.509 Client Certificates
Jun 10, 2026
CVSS 6.8
EPSS 0.00
CVE-2026-41837 MEDIUM
Spring Data REST Querydsl integration exposes Jackson-hidden persistent fields as filter keys
Jun 10, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-41732 HIGH
In Spring for Apache Pulsar, overly broad trusted-package matching in header mapper exposes JDK classes to deserialization
Jun 10, 2026
CVSS 8.1
EPSS 0.00
CVE-2026-41731 HIGH
In Spring for Apache Kafka, overly broad trusted-package matching in header mappers exposes JDK classes to deserialization
Jun 10, 2026
CVSS 8.1
EPSS 0.00
CVE-2026-41730 MEDIUM
Spring Data REST exposes persistence-layer internals in error responses
Jun 10, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-41729 HIGH
Spring Data REST SpEL Injection via Map Key in JSON Patch
Jun 10, 2026
CVSS 8.1
EPSS 0.00
CVE-2026-41728 HIGH
Spring Data REST JSON Patch bypasses Jackson read-only property protection on nested objects and collections
Jun 10, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-41727 MEDIUM
In Spring for Apache Kafka, forged retry topic headers subvert retry routing and backoff behavior
Jun 10, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-41717 HIGH
Spring Data MongoDB - SpEL Expression Injection via Annotated Query Parameter Binding
Jun 10, 2026
CVSS 8.1
EPSS 0.00
CVE-2026-41706 MEDIUM
Spring Security - Open Redirect When Using CookieRequestCache
Jun 10, 2026
CVSS 6.1
EPSS 0.00
CVE-2026-41696 MEDIUM
Spring Data MongoDB Bind Parameter Literal Quoting Breakout
Jun 10, 2026
CVSS 5.9
EPSS 0.00
CVE-2026-41694 LOW
Spring Security - SAML Payloads Decrypted Without Valid Signature
Jun 10, 2026
CVSS 3.7
EPSS 0.00
CVE-2026-41008 MEDIUM
Spring Security Authorization Server Open Redirect via request_uri
Jun 10, 2026
CVSS 6.1
EPSS 0.00
CVE-2026-41003 HIGH
Unencoded HTML Outputs in Spring Security May Allow Cross-Site Scripting
Jun 10, 2026
CVSS 7.6
EPSS 0.00
CVE-2026-40993 HIGH
Unfiltered Java Native Deserialization of SAML 2.0 Asserting Party Credentials BLOB Database Entry
Jun 10, 2026
CVSS 7.3
EPSS 0.00
CVE-2026-40988 HIGH
Unbounded DEFLATE Inflation in SAML 2.0 Service Provider
Jun 10, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-41855 HIGH
Spring Framework Unsafe Deserialization via Jackson JMS Converters
Jun 09, 2026
CVSS 8.1
EPSS 0.00
CVE-2026-41854 MEDIUM
Spring Framework Server-Side Request Forgery via UriComponentsBuilder
Jun 09, 2026
CVSS 4.2
EPSS 0.00
CVE-2026-41853 MEDIUM
Spring Framework Multipart Request Smuggling in Spring MVC and WebFlux
Jun 09, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-41852 LOW
Spring Framework Arbitrary Method Invocation in SpEL Expressions
Jun 09, 2026
CVSS 3.7
EPSS 0.00