vmware
950 tracked vulnerabilities.
CVE-2026-41702
HIGH
VMware Fusion >=2025H2 <2026H1 - Privilege Escalation via SETUID Binary TOCTOU Race Condition
May 15, 2026
CVSS 7.8
EPSS 0.00
CVE-2026-41713
HIGH
VMware Spring AI - Prompt Injection via Memory Poisoning in PromptChatMemoryAdvisor
May 12, 2026
CVSS 8.2
EPSS 0.00
CVE-2026-41712
HIGH
ChatMemory DEFAULT_CONVERSATION_ID causes unintended cross-user data leakage
May 12, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-41705
HIGH
Spring AI - Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')
May 09, 2026
CVSS 8.6
EPSS 0.00
CVE-2026-41004
MEDIUM
Spring Cloud Config Sensitive Information Exposure in Trace Logs
May 07, 2026
CVSS 4.4
EPSS 0.00
CVE-2026-41002
HIGH
Spring Cloud Config Race Condition in Git Repository Clone Directory
May 07, 2026
CVSS 7.2
EPSS 0.00
CVE-2026-40982
CRITICAL
Spring Cloud Config - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
May 07, 2026
CVSS 9.1
EPSS 0.00
CVE-2026-40981
HIGH
Spring Cloud Config Authorization Bypass via Google Secrets Manager
May 07, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-22745
MEDIUM
CVE-2026-22745 : Denial of service in static resource handling on Windows platforms
Apr 29, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-22741
LOW
Static resource cache poisoning in Spring MVC and WebFlux
Apr 29, 2026
CVSS 3.1
EPSS 0.00
CVE-2026-22740
MEDIUM
Spring Framework DoS with Multipart Temp Files in WebFlux
Apr 29, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-40969
LOW
Spring gRPC AuthenticationException message reflected to remote client
Apr 28, 2026
CVSS 3.7
EPSS 0.00
CVE-2026-40968
MEDIUM
Spring gRPC SecurityContext leaks across requests on authorization failure
Apr 28, 2026
CVSS 4.2
EPSS 0.00
CVE-2026-40980
MEDIUM
Spring AI 1.0.0-1.0.5 - Memory Corruption
Apr 28, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-40979
MEDIUM
Spring AI 1.0.0-1.0.5 - Info Disclosure
Apr 28, 2026
CVSS 6.1
EPSS 0.00
CVE-2026-40978
HIGH
Spring AI 1.0.0-1.0.5 1.1.0-1.1.4 - SQL Injection via CosmosDBVectorStore Document ID
Apr 28, 2026
CVSS 8.8
EPSS 0.00
CVE-2026-40966
MEDIUM
VectorStoreChatMemoryAdvisor conversation scoping can lead to cross-tenant memory exfiltration
Apr 28, 2026
CVSS 5.9
EPSS 0.00
CVE-2026-40967
HIGH
Spring AI 1.0.0-1.0.5 - Code Injection
Apr 28, 2026
CVSS 8.6
EPSS 0.00
CVE-2026-40977
MEDIUM
Spring Boot <4.0.6 - File Corruption
Apr 28, 2026
CVSS 4.7
EPSS 0.00
CVE-2026-40976
CRITICAL
Spring Boot 4.0.0-4.0.5 - Auth Bypass
Apr 28, 2026
CVSS 9.1
EPSS 0.00
CVE-2026-40975
MEDIUM
Spring Boot <4.0.6 - Weak PRNG for Secrets
Apr 28, 2026
CVSS 4.8
EPSS 0.00
CVE-2026-40974
MEDIUM
Spring Boot <4.0.6 - SSL Hostname Verification Bypass
Apr 28, 2026
CVSS 5.0
EPSS 0.00
CVE-2026-40973
HIGH
Spring Boot <4.0.6 - Privilege Escalation
Apr 28, 2026
CVSS 7.0
EPSS 0.00
CVE-2026-40972
HIGH
Spring Boot 2.7.0-2.7.32, 3.3.0-3.3.18, 3.4.0-3.4.15, 3.5.0-3.5.13, 4.0.0-4.0.5 - Timing Discrepancy in DevTools
Apr 28, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-40971
MEDIUM
Spring Boot 4.0.0-4.0.5 - Auth Bypass
Apr 27, 2026
CVSS 5.0
EPSS 0.00
Products
workstation 213
esxi 139
cloud_foundation 132
fusion 131
player 89
esx 86
vcenter_server 79
server 58
spring_framework 48
ace 44
identity_manager 28
workstation_pro 27
workstation_player 26
horizon_client 25
spring_security 24
Workstation 23
tools 22
vrealize_suite_lifecycle_manager 21
vrealize_automation 20
spring_boot 18
vrealize_operations 18
ESXi 16
vmware_workstation 15
vrealize_log_insight 15
workspace_one_access 15
horizon_view 14
spring_ai 14
vcenter_server_appliance 14
Fusion 13
aria_operations 13
Quick Filters