vmware
950 tracked vulnerabilities.
CVE-2026-40970
MEDIUM
Spring Boot 4.0.0-4.0.5 - Auth Bypass
Apr 27, 2026
CVSS 5.0
EPSS 0.00
CVE-2026-31431
HIGH
KEV
crypto: algif_aead - Revert to operating out-of-place
Apr 22, 2026
CVSS 7.8
EPSS 0.03
CVE-2026-22751
MEDIUM
Spring Security JdbcOneTimeTokenService allows a one-time token to authenticate multiple sessions
Apr 21, 2026
CVSS 4.8
EPSS 0.00
CVE-2026-22750
HIGH
SSL bundle configuration silently bypassed in Spring Cloud Gateway
Apr 10, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-22744
HIGH
Spring AI <1.0.5 - Command Injection
Mar 27, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-22743
HIGH
Server-Side Request Forgery via Filter Expression Keys in Neo4jVectorStore
Mar 27, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-22742
HIGH
Server-Side Request Forgery in BedrockProxyChatModel via Unvalidated Media URL Fetching
Mar 27, 2026
CVSS 8.6
EPSS 0.00
CVE-2026-22738
CRITICAL
SpEL Injection via Unescaped Filter Key in SimpleVectorStore Leads to Remote Code Execution
Mar 27, 2026
CVSS 9.8
EPSS 0.00
CVE-2026-22737
MEDIUM
Spring Framework Improper Path Limitation with Script View Templates
Mar 20, 2026
CVSS 5.9
EPSS 0.00
CVE-2026-22735
LOW
Server Sent Event stream corruption
Mar 20, 2026
CVSS 2.6
EPSS 0.00
CVE-2026-22733
HIGH
Authentication Bypass under Actuator CloudFoundry endpoints
Mar 20, 2026
CVSS 8.2
EPSS 0.00
CVE-2026-22732
CRITICAL
Under Some Conditions Spring Security HTTP Headers Are not Written
Mar 19, 2026
CVSS 9.1
EPSS 0.00
CVE-2026-22731
HIGH
Authentication Bypass under Actuator Health groups paths
Mar 19, 2026
CVSS 8.2
EPSS 0.00
CVE-2026-22730
HIGH
CVE-2026-22730: SQL Injection in Spring AI MariaDBFilterExpressionConverter
Mar 18, 2026
CVSS 8.8
EPSS 0.00
CVE-2026-22729
HIGH
CVE-2026-22729: JSONPath Injection in Spring AI Vector Stores FilterExpressionConverter
Mar 18, 2026
CVSS 8.6
EPSS 0.00
CVE-2026-22722
MEDIUM
VMware Workstation >=17.0 <25H2u1 - Authenticated Denial of Service via Null Pointer Dereference
Feb 26, 2026
CVSS 6.1
EPSS 0.00
CVE-2026-22715
MEDIUM
VMWare Workstation/Fusion - Privilege Escalation
Feb 26, 2026
CVSS 5.9
EPSS 0.00
CVE-2026-22721
MEDIUM
VMware Aria Operations - Privilege Escalation
Feb 25, 2026
CVSS 6.2
EPSS 0.00
CVE-2026-22720
HIGH
VMware Aria Operations - Stored XSS
Feb 25, 2026
CVSS 8.0
EPSS 0.00
CVE-2026-22719
HIGH
KEV
VMware Aria Operations - Command Injection
Feb 25, 2026
CVSS 8.1
EPSS 0.02
CVE-2026-2818
HIGH
Spring Data Geode 2.0.0-2.7.17 and Spring Data Gemfire 1.7.0-2.2.12 - Path Traversal via Import Snapshot
Feb 20, 2026
CVSS 8.2
EPSS 0.00
CVE-2026-2817
MEDIUM
Spring Data Geode - Info Disclosure
Feb 19, 2026
CVSS 4.4
EPSS 0.00
CVE-2025-41254
MEDIUM
Spring Framework 5.3.0-5.3.45, 6.0.x-6.0.29, 6.1.0-6.1.23, 6.2.0-6.2.11 - Security Bypass via STOMP over WebSocket
Oct 16, 2025
CVSS 4.3
EPSS 0.00
CVE-2025-41253
HIGH
Spring Cloud Gateway Server Webflux - Info Disclosure
Oct 16, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-41252
HIGH
VMware NSX 9.x, 4.2.x, 4.1.x, 4.0.x; NSX-T 3.x; Cloud Foundation 5.x, 4.5.x - Unauthenticated Username Enumeration
Sep 29, 2025
CVSS 7.5
EPSS 0.00
Products
workstation 213
esxi 139
cloud_foundation 132
fusion 131
player 89
esx 86
vcenter_server 79
server 58
spring_framework 48
ace 44
identity_manager 28
workstation_pro 27
workstation_player 26
horizon_client 25
spring_security 24
Workstation 23
tools 22
vrealize_suite_lifecycle_manager 21
vrealize_automation 20
spring_boot 18
vrealize_operations 18
ESXi 16
vmware_workstation 15
vrealize_log_insight 15
workspace_one_access 15
horizon_view 14
spring_ai 14
vcenter_server_appliance 14
Fusion 13
aria_operations 13
Quick Filters