Where
AND
-Infinity
0

Trending

Last week
Last month
Last year

Vendor Risk Score

See how vmware compares to other vendors in security performance

View Risk Score →

Software

vmware workstation and esxi
93
vmware fusion
67
vmware vcenter server and cloud foundation
57
vmware esxi and horizon daas
43
vmware workstation
43
vmware vsphere
42
vmware esxi
38
vmware vrealize operations
30
vmware vcenter
29
vmware player
22
vmware spring framework
19
vmware server
18
vmware esx
16
vmware workspace one access and identity manager
16
vmware vrealize suite lifecycle manager
12
vmware spring ai
10
vmware ace
9
vmware horizon
9
vmware cloud foundation
8
vmware spring security
8
vmware access
7
vmware horizon view
7
vmware identity manager connector
7
vmware workspace one access
7
vmware workspace one launcher
7
vmware vrealize automation
6
vmware telco cloud infrastructure
5
vmware telco cloud platform
5
vmware tools
5
vmware velocloud orchestrator
5
vmware workstation player
5
vmware fusion pro
4
vmware horizon client
4
vmware remote console plug-in
4
vmware spring boot
4
vmware view
4
vmware vrealize log insight
4
vmware workstation pro
4
vmware aria automation
3
vmware aria operations
3
vmware gsx server
3
vmware installbuilder
3
vmware photon os
3
vmware spring boot tools
3
vmware vcloud director
3
vmware vma
3
vmware
2
vmware airwatch inbox
2
vmware avi load balancer
2
vmware horizon view agent
2

VMware VMware FusionTOCTOU local privilege escalation vulnerability

Risk 69
Severity
7.8
First published (updated )
CVE-2026-41702

VMware ESXiAn untrusted pointer dereference in the ionic cloud driver for VMWare ESXi could allow an attacker w…

Risk 58
Severity
7.2
First published (updated )
CVE-2025-62627

VMware ESXiBuffer Overflow

Risk 71
Severity
8.8
First published (updated )
CVE-2025-62624

VMware Ionic cloud driver for VMware ESXiBuffer Overflow

Risk 71
Severity
8.8
First published (updated )
CVE-2025-62623

VMware Spring AiPrompt Injection via Memory Poisoning in PromptChatMemoryAdvisor

Risk 54
Severity
8.2
First published (updated )
CVE-2026-41713
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

VMware Spring AiChatMemory DEFAULT_CONVERSATION_ID causes unintended cross-user data leakage

Risk 43
Severity
7.5
First published (updated )
CVE-2026-41712

VMware Spring AiSpring AI's MilvusVectorStore#doDelete(List) implementation is vulnerable to filter-expression injec…

Risk 64
Severity
8.6
First published (updated )
CVE-2026-41705

VMware Spring Cloud ConfigWhen using Google Secrets Manager as a backend for the Spring Cloud Config server a client can craft…

Risk 43
Severity
7.5
First published (updated )
CVE-2026-40981

VMware Spring Cloud ConfigThe base directory (`spring.cloud.config.server.git.basedir`) used by the Spring Cloud Config Server…

Risk 75
Severity
8.1
First published (updated )
CVE-2026-41002

Spring Spring gRPCSpring gRPC SecurityContext leaks across requests on authorization failure

Risk 79
Severity
8.8
First published (updated )
CVE-2026-40968
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

VMware Spring AiSQL Injection

Risk 79
Severity
8.8
First published (updated )
CVE-2026-40978

VMware Spring AiCode Injection

Risk 64
Severity
8.6
First published (updated )
CVE-2026-40967

VMware Spring BootValues produced by ${random.value} are not suitable for use as secrets. ${random.uuid} is not affect…

Risk 43
Severity
7.5
First published (updated )
CVE-2026-40975

VMware Spring BootA local attacker on the same host as the application may be able to take control of the directory us…

Risk 63
Severity
7
First published (updated )
CVE-2026-40973

VMware Spring BootAn attacker on the same network as the remote application may be able to utilize a timing attack to …

Risk 70
Severity
7.5
First published (updated )
CVE-2026-40972
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

SUSE Linux Enterprise ServerLinux Kernel Incorrect Resource Transfer Between Spheres Vulnerability

Risk 91
Severity
7.8
Exploited
Trending
Year
First published (updated )
CVE-2026-31431

Spring Spring Securityervlet Path Not Correctly Included in Path Matching of XML Authorization Rules

Risk 43
Severity
7.5
First published (updated )
CVE-2026-22754

Spring Spring SecurityServlet Path Not Correctly Included in Path Matching of HttpSecurity#securityMatchers

Risk 43
Severity
7.5
First published (updated )
CVE-2026-22753

Spring Spring SecurityUnauthorized User Impersonation when Using X.509 Client Certificates

Risk 60
Severity
8.1
First published (updated )
CVE-2026-22747

VMware Spring AiIn RedisFilterExpressionConverter of spring-ai-redis-store, when a user-controlled string is passed …

Risk 43
Severity
7.5
First published (updated )
CVE-2026-22744
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

VMware Spring AiServer-Side Request Forgery via Filter Expression Keys in Neo4jVectorStore

Risk 43
Severity
7.5
First published (updated )
CVE-2026-22743

VMware Spring AiServer-Side Request Forgery in BedrockProxyChatModel via Unvalidated Media URL Fetching

Risk 49
Severity
8.6
First published (updated )
CVE-2026-22742

VMware Spring CloudSpring Cloud Config Profile Substitution Can Allow Unintended Access To Files And Enable SSRF Attacks

Risk 64
Severity
8.6
First published (updated )
CVE-2026-22739

VMware Spring BootAuthentication Bypass under Actuator Health groups paths

Risk 54
Severity
8.2
First published (updated )
CVE-2026-22731

maven/org.springframework.ai:spring-ai-vector-storeJSONPath Injection in Spring AI Vector Stores FilterExpressionConverter

Risk 51
Severity
8.6
First published (updated )
CVE-2026-22729
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

maven/org.springframework.ai:spring-ai-mariadb-storeSQL Injection in Spring AI MariaDBFilterExpressionConverter

Risk 83
Severity
8.8
First published (updated )
CVE-2026-22730

VMware Aria OperationsVMware Aria Operations privilege escalation vulnerability

Risk 66
Severity
7.2
First published (updated )
CVE-2026-22721

Broadcom VMware Aria OperationsBroadcom VMware Aria Operations Command Injection Vulnerability

Risk 92
Severity
8.1
Exploited
First published (updated )
CVE-2026-22719

VMware NSXUsername enumeration vulnerability

Risk 46
Severity
7.5
First published (updated )
CVE-2025-41252

VMware NSXWeak password recovery vulnerability

Risk 80
Severity
8.1
First published (updated )
CVE-2025-41251
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2026 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203