vmware
1,004 tracked vulnerabilities.
CVE-2026-41851
MEDIUM
Spring Framework Denial of Service via Unbounded Cache in SpEL
Jun 09, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-41850
HIGH
Spring Framework Algorithmic Denial of Service via SpEL Expressions
Jun 09, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-41849
HIGH
Spring Framework Denial of Service via Integer Overflow in SpEL Expressions
Jun 09, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-41848
LOW
Spring Framework Denial of Service via AntPathMatcher
Jun 09, 2026
CVSS 3.7
EPSS 0.00
CVE-2026-41847
MEDIUM
Spring Framework Security Filter Bypass in WebFlux Kotlin Router DSL
Jun 09, 2026
CVSS 4.8
EPSS 0.00
CVE-2026-41846
MEDIUM
Spring Framework Cross-site Scripting via JSP Form Tags
Jun 09, 2026
CVSS 5.9
EPSS 0.00
CVE-2026-41845
HIGH
Spring Framework Cross-site Scripting via JavaScriptUtils
Jun 09, 2026
CVSS 7.1
EPSS 0.00
CVE-2026-41844
MEDIUM
Spring Framework Open Redirect in Spring MVC and WebFlux
Jun 09, 2026
CVSS 4.2
EPSS 0.00
CVE-2026-41843
MEDIUM
Spring Framework Path Traversal via Versioned Static Resources in Spring MVC and WebFlux
Jun 09, 2026
CVSS 5.9
EPSS 0.00
CVE-2026-41842
HIGH
Spring Framework Denial of Service via Versioned Resources in Spring MVC and WebFlux
Jun 09, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-41841
MEDIUM
Spring Framework Information Disclosure via Static Resource Cache in Spring MVC and WebFlux
Jun 09, 2026
CVSS 5.9
EPSS 0.00
CVE-2026-41840
MEDIUM
Spring Framework Denial of Service via Multipart Requests in WebFlux
Jun 09, 2026
CVSS 5.9
EPSS 0.00
CVE-2026-41838
MEDIUM
Spring Framework Predictable Session ID in WebSocket Module
Jun 09, 2026
CVSS 4.8
EPSS 0.00
CVE-2026-41007
HIGH
Spring HATEOAS heap exhaustion through unbounded internal caching
Jun 09, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-41006
HIGH
Spring HATEOAS Collection+JSON/UBER deserializers do not honor Jackson configuration
Jun 09, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-41724
HIGH
VMware Cloud Foundation Operations - Authenticated Stored Cross-Site Scripting
Jun 08, 2026
CVSS 8.0
EPSS 0.00
CVE-2026-41723
HIGH
VMware Cloud Foundation Operations - Authenticated Stored Cross-Site Scripting
Jun 08, 2026
CVSS 8.0
EPSS 0.00
CVE-2026-41722
HIGH
VMware Cloud Foundation Operations - Authenticated Stored Cross-Site Scripting
Jun 08, 2026
CVSS 8.0
EPSS 0.00
CVE-2026-40990
MEDIUM
Spring Cloud Function DoS via Function Registry Overflow
Jun 01, 2026
CVSS 5.7
EPSS 0.00
CVE-2026-40989
MEDIUM
Spring Cloud Function DoS via Infinite Recursion in Routing Layer
Jun 01, 2026
CVSS 5.7
EPSS 0.00
CVE-2026-41863
MEDIUM
LLM-influenced filename used unsanitized in Path.resolve before file write in Spring AI support for Anthropic Skills API
May 25, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-41702
HIGH
VMware Fusion >=2025H2 <2026H1 - Privilege Escalation via SETUID Binary TOCTOU Race Condition
May 15, 2026
CVSS 7.8
EPSS 0.00
CVE-2026-41713
HIGH
VMware Spring AI - Prompt Injection via Memory Poisoning in PromptChatMemoryAdvisor
May 12, 2026
CVSS 8.2
EPSS 0.00
CVE-2026-41712
HIGH
ChatMemory DEFAULT_CONVERSATION_ID causes unintended cross-user data leakage
May 12, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-41705
HIGH
Spring AI - Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')
May 09, 2026
CVSS 8.6
EPSS 0.00
Products
workstation 213
esxi 139
cloud_foundation 135
fusion 131
player 89
esx 86
vcenter_server 79
spring_framework 65
server 58
ace 44
spring_security 36
identity_manager 28
workstation_pro 27
workstation_player 26
horizon_client 25
Workstation 23
tools 22
vrealize_suite_lifecycle_manager 21
vrealize_automation 20
spring_boot 18
vrealize_operations 18
ESXi 16
aria_operations 16
spring_ai 16
vmware_workstation 15
vrealize_log_insight 15
workspace_one_access 15
horizon_view 14
telco_cloud_platform 14
vcenter_server_appliance 14
Quick Filters