vmware
1,004 tracked vulnerabilities.
CVE-2026-59269
LOW
Pinniped 0.11.0-0.46.0 - Active Directory LDAP Privilege Escalation
Jul 09, 2026
CVSS 3.8
EPSS 0.00
CVE-2026-47835
HIGH
Spring AI vector store metadata filtering to handle special characters in Elasticsearch, OpenSearch, and GemFire Vector Stores
Jun 15, 2026
CVSS 8.6
EPSS 0.00
CVE-2026-41856
HIGH
Spring GraphQL Annotation Detection Vulnerability
Jun 11, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-41700
HIGH
Cross-Site WebSocket Hijacking in Spring for GraphQL
Jun 11, 2026
CVSS 8.1
EPSS 0.00
CVE-2026-41699
HIGH
Unsafe Deserialization in Spring GraphQL
Jun 11, 2026
CVSS 8.1
EPSS 0.00
CVE-2026-47838
MEDIUM
Unauthorized User Impersonation when Using X.509 Client Certificates
Jun 10, 2026
CVSS 6.8
EPSS 0.00
CVE-2026-41837
MEDIUM
Spring Data REST Querydsl integration exposes Jackson-hidden persistent fields as filter keys
Jun 10, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-41732
HIGH
In Spring for Apache Pulsar, overly broad trusted-package matching in header mapper exposes JDK classes to deserialization
Jun 10, 2026
CVSS 8.1
EPSS 0.00
CVE-2026-41731
HIGH
In Spring for Apache Kafka, overly broad trusted-package matching in header mappers exposes JDK classes to deserialization
Jun 10, 2026
CVSS 8.1
EPSS 0.00
CVE-2026-41730
MEDIUM
Spring Data REST exposes persistence-layer internals in error responses
Jun 10, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-41729
HIGH
Spring Data REST SpEL Injection via Map Key in JSON Patch
Jun 10, 2026
CVSS 8.1
EPSS 0.00
CVE-2026-41728
HIGH
Spring Data REST JSON Patch bypasses Jackson read-only property protection on nested objects and collections
Jun 10, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-41727
MEDIUM
In Spring for Apache Kafka, forged retry topic headers subvert retry routing and backoff behavior
Jun 10, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-41717
HIGH
Spring Data MongoDB - SpEL Expression Injection via Annotated Query Parameter Binding
Jun 10, 2026
CVSS 8.1
EPSS 0.00
CVE-2026-41706
MEDIUM
Spring Security - Open Redirect When Using CookieRequestCache
Jun 10, 2026
CVSS 6.1
EPSS 0.00
CVE-2026-41696
MEDIUM
Spring Data MongoDB Bind Parameter Literal Quoting Breakout
Jun 10, 2026
CVSS 5.9
EPSS 0.00
CVE-2026-41694
LOW
Spring Security - SAML Payloads Decrypted Without Valid Signature
Jun 10, 2026
CVSS 3.7
EPSS 0.00
CVE-2026-41008
MEDIUM
Spring Security Authorization Server Open Redirect via request_uri
Jun 10, 2026
CVSS 6.1
EPSS 0.00
CVE-2026-41003
HIGH
Unencoded HTML Outputs in Spring Security May Allow Cross-Site Scripting
Jun 10, 2026
CVSS 7.6
EPSS 0.00
CVE-2026-40993
HIGH
Unfiltered Java Native Deserialization of SAML 2.0 Asserting Party Credentials BLOB Database Entry
Jun 10, 2026
CVSS 7.3
EPSS 0.00
CVE-2026-40988
HIGH
Unbounded DEFLATE Inflation in SAML 2.0 Service Provider
Jun 10, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-41855
HIGH
Spring Framework Unsafe Deserialization via Jackson JMS Converters
Jun 09, 2026
CVSS 8.1
EPSS 0.00
CVE-2026-41854
MEDIUM
Spring Framework Server-Side Request Forgery via UriComponentsBuilder
Jun 09, 2026
CVSS 4.2
EPSS 0.00
CVE-2026-41853
MEDIUM
Spring Framework Multipart Request Smuggling in Spring MVC and WebFlux
Jun 09, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-41852
LOW
Spring Framework Arbitrary Method Invocation in SpEL Expressions
Jun 09, 2026
CVSS 3.7
EPSS 0.00
Products
workstation 213
esxi 139
cloud_foundation 135
fusion 131
player 89
esx 86
vcenter_server 79
spring_framework 65
server 58
ace 44
spring_security 36
identity_manager 28
workstation_pro 27
workstation_player 26
horizon_client 25
Workstation 23
tools 22
vrealize_suite_lifecycle_manager 21
vrealize_automation 20
spring_boot 18
vrealize_operations 18
ESXi 16
aria_operations 16
spring_ai 16
vmware_workstation 15
vrealize_log_insight 15
workspace_one_access 15
horizon_view 14
telco_cloud_platform 14
vcenter_server_appliance 14
Quick Filters