Where
-Infinity
0

Trending

Last week
Last month
Last year

Vendor Risk Score

See how vmware compares to other vendors in security performance

View Risk Score →

Software

vmware workstation and esxi
220
vmware fusion
139
vmware vcenter server and cloud foundation
134
vmware esxi
118
vmware esxi and horizon daas
111
vmware workstation
109
vmware player
92
vmware vcenter
91
vmware vrealize operations
65
vmware vsphere
63
vmware server
60
vmware horizon
58
vmware spring framework
49
vmware ace
47
vmware esx
36
vmware harbor container registry
29
vmware workspace one access and identity manager
29
vmware vrealize log insight
23
vmware vrealize suite lifecycle manager
21
vmware vrealize automation
20
vmware vcenter server appliance
18
vmware spring security
17
vmware cloud foundation
16
vmware horizon client
14
vmware spring ai
14
vmware spring boot
14
vmware horizon view
13
vmware identity manager connector
13
vmware access
11
vmware workspace one access
11
vmware workspace one launcher
11
vmware tools
10
vmware telco cloud platform
9
vmware vcloud director
9
vmware velocloud orchestrator
9
vmware site recovery manager
8
vmware spring boot tools
7
vmware telco cloud infrastructure
7
vmware vma
7
vmware vrealize network insight
7
vmware vsphere data protection
7
vmware aria automation
6
vmware gsx server
6
vmware movie decoder
6
vmware nsx
6
vmware photon os
6
vmware vcenter server
6
vmware workstation player
6
vmware aria operations
5
vmware esx server
5

BleepingComputerMicrosoft Exchange, Windows 11 hacked on second day of Pwn2Own

Exploited
Zeroday
First published (updated )
News
BleepingComputer

VMware VMware FusionTOCTOU local privilege escalation vulnerability

Risk 69
Severity
7.8
First published (updated )
CVE-2026-41702

VMware ESXiAn untrusted pointer dereference in the ionic cloud driver for VMWare ESXi could allow an attacker w…

Risk 58
Severity
7.2
First published (updated )
CVE-2025-62627

VMware ESXiBuffer Overflow

Risk 71
Severity
8.8
First published (updated )
CVE-2025-62624

VMware Ionic cloud driver for VMware ESXiBuffer Overflow

Risk 71
Severity
8.8
First published (updated )
CVE-2025-62623
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

VMware Spring AiPrompt Injection via Memory Poisoning in PromptChatMemoryAdvisor

Risk 54
Severity
8.2
First published (updated )
CVE-2026-41713

VMware Spring AiChatMemory DEFAULT_CONVERSATION_ID causes unintended cross-user data leakage

Risk 43
Severity
7.5
First published (updated )
CVE-2026-41712

VMware Spring AiSpring AI's MilvusVectorStore#doDelete(List) implementation is vulnerable to filter-expression injec…

Risk 64
Severity
8.6
First published (updated )
CVE-2026-41705

VMware Spring Cloud ConfigWhen using Google Secrets Manager as a backend for the Spring Cloud Config server a client can craft…

Risk 43
Severity
7.5
First published (updated )
CVE-2026-40981

VMware Spring Cloud ConfigThe base directory (`spring.cloud.config.server.git.basedir`) used by the Spring Cloud Config Server…

Risk 75
Severity
8.1
First published (updated )
CVE-2026-41002
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

VMware Spring Cloud ConfigWhen enabling trace logging in Spring Cloud Config Server sensitive information was placed in plain …

Risk 26
Severity
4.4
First published (updated )
CVE-2026-41004

VMware Spring Cloud ConfigPath Traversal

Risk 66
Severity
9.1
First published (updated )
CVE-2026-40982

VMware Spring FrameworkDenial of service in static resource handling on Windows platforms

Risk 27
Severity
5.3
First published (updated )
CVE-2026-22745

VMware Spring FrameworkStatic resource cache poisoning in Spring MVC and WebFlux

Risk 17
Severity
3.1
First published (updated )
CVE-2026-22741

VMware Spring FrameworkSpring Framework DoS with Multipart Temp Files in WebFlux

Risk 38
Severity
6.5
First published (updated )
CVE-2026-22740
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Spring Spring gRPCSpring gRPC AuthenticationException message reflected to remote client

Risk 27
Severity
5.3
First published (updated )
CVE-2026-40969

Spring Spring gRPCSpring gRPC SecurityContext leaks across requests on authorization failure

Risk 79
Severity
8.8
First published (updated )
CVE-2026-40968

VMware Spring AiIn Spring AI, a malicious PDF file can be crafted that triggers the allocation of unreasonable amoun…

Risk 38
Severity
6.5
First published (updated )
CVE-2026-40980

VMware Spring AiIn Spring AI, having access to a shared environment can expose the ONNX model used by the applicatio…

Risk 41
Severity
6.1
First published (updated )
CVE-2026-40979

VMware Spring AiSQL Injection

Risk 79
Severity
8.8
First published (updated )
CVE-2026-40978
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

VMware Spring AiVectorStoreChatMemoryAdvisor conversation scoping can lead to cross-tenant memory exfiltration

Risk 35
Severity
5.9
First published (updated )
CVE-2026-40966

VMware Spring AiCode Injection

Risk 64
Severity
8.6
First published (updated )
CVE-2026-40967

VMware Spring BootAn attacker on the same network as the remote application may be able to utilize a timing attack to …

Risk 19
Severity
4
First published (updated )
REDHAT-BUG-2463332

VMware Spring BootA local attacker on the same host as the application may be able to take control of the directory us…

Risk 19
Severity
4
First published (updated )
REDHAT-BUG-2463330

VMware Spring BootWhen an application is configured to use `ApplicationPidFileWriter`, a local attacker with write acc…

Risk 60
Severity
6.7
First published (updated )
CVE-2026-40977
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

VMware Spring BootIn certain circumstances, Spring Boot's default web security is ineffective allowing unauthorized ac…

Risk 66
Severity
9.1
First published (updated )
CVE-2026-40976

VMware Spring BootValues produced by ${random.value} are not suitable for use as secrets. ${random.uuid} is not affect…

Risk 43
Severity
7.5
First published (updated )
CVE-2026-40975

VMware Spring BootSpring Boot's Cassandra auto-configuration does not perform hostname verification when establishing …

Risk 86
Severity
9.8
First published (updated )
CVE-2026-40974

VMware Spring BootA local attacker on the same host as the application may be able to take control of the directory us…

Risk 63
Severity
7
First published (updated )
CVE-2026-40973

VMware Spring BootAn attacker on the same network as the remote application may be able to utilize a timing attack to …

Risk 70
Severity
7.5
First published (updated )
CVE-2026-40972
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2026 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203