vmware

1,004 tracked vulnerabilities.

CVE-2026-41851 MEDIUM
Spring Framework Denial of Service via Unbounded Cache in SpEL
Jun 09, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-41850 HIGH
Spring Framework Algorithmic Denial of Service via SpEL Expressions
Jun 09, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-41849 HIGH
Spring Framework Denial of Service via Integer Overflow in SpEL Expressions
Jun 09, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-41848 LOW
Spring Framework Denial of Service via AntPathMatcher
Jun 09, 2026
CVSS 3.7
EPSS 0.00
CVE-2026-41847 MEDIUM
Spring Framework Security Filter Bypass in WebFlux Kotlin Router DSL
Jun 09, 2026
CVSS 4.8
EPSS 0.00
CVE-2026-41846 MEDIUM
Spring Framework Cross-site Scripting via JSP Form Tags
Jun 09, 2026
CVSS 5.9
EPSS 0.00
CVE-2026-41845 HIGH
Spring Framework Cross-site Scripting via JavaScriptUtils
Jun 09, 2026
CVSS 7.1
EPSS 0.00
CVE-2026-41844 MEDIUM
Spring Framework Open Redirect in Spring MVC and WebFlux
Jun 09, 2026
CVSS 4.2
EPSS 0.00
CVE-2026-41843 MEDIUM
Spring Framework Path Traversal via Versioned Static Resources in Spring MVC and WebFlux
Jun 09, 2026
CVSS 5.9
EPSS 0.00
CVE-2026-41842 HIGH
Spring Framework Denial of Service via Versioned Resources in Spring MVC and WebFlux
Jun 09, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-41841 MEDIUM
Spring Framework Information Disclosure via Static Resource Cache in Spring MVC and WebFlux
Jun 09, 2026
CVSS 5.9
EPSS 0.00
CVE-2026-41840 MEDIUM
Spring Framework Denial of Service via Multipart Requests in WebFlux
Jun 09, 2026
CVSS 5.9
EPSS 0.00
CVE-2026-41838 MEDIUM
Spring Framework Predictable Session ID in WebSocket Module
Jun 09, 2026
CVSS 4.8
EPSS 0.00
CVE-2026-41007 HIGH
Spring HATEOAS heap exhaustion through unbounded internal caching
Jun 09, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-41006 HIGH
Spring HATEOAS Collection+JSON/UBER deserializers do not honor Jackson configuration
Jun 09, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-41724 HIGH
VMware Cloud Foundation Operations - Authenticated Stored Cross-Site Scripting
Jun 08, 2026
CVSS 8.0
EPSS 0.00
CVE-2026-41723 HIGH
VMware Cloud Foundation Operations - Authenticated Stored Cross-Site Scripting
Jun 08, 2026
CVSS 8.0
EPSS 0.00
CVE-2026-41722 HIGH
VMware Cloud Foundation Operations - Authenticated Stored Cross-Site Scripting
Jun 08, 2026
CVSS 8.0
EPSS 0.00
CVE-2026-40990 MEDIUM
Spring Cloud Function DoS via Function Registry Overflow
Jun 01, 2026
CVSS 5.7
EPSS 0.00
CVE-2026-40989 MEDIUM
Spring Cloud Function DoS via Infinite Recursion in Routing Layer
Jun 01, 2026
CVSS 5.7
EPSS 0.00
CVE-2026-41863 MEDIUM
LLM-influenced filename used unsanitized in Path.resolve before file write in Spring AI support for Anthropic Skills API
May 25, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-41702 HIGH
VMware Fusion >=2025H2 <2026H1 - Privilege Escalation via SETUID Binary TOCTOU Race Condition
May 15, 2026
CVSS 7.8
EPSS 0.00
CVE-2026-41713 HIGH
VMware Spring AI - Prompt Injection via Memory Poisoning in PromptChatMemoryAdvisor
May 12, 2026
CVSS 8.2
EPSS 0.00
CVE-2026-41712 HIGH
ChatMemory DEFAULT_CONVERSATION_ID causes unintended cross-user data leakage
May 12, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-41705 HIGH
Spring AI - Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')
May 09, 2026
CVSS 8.6
EPSS 0.00