Where
AND
-Infinity
0

Trending

Last week
Last month
Last year

Vendor Risk Score

See how vmware compares to other vendors in security performance

View Risk Score →

Software

vmware workstation and esxi
68
vmware fusion
49
vmware esxi and horizon daas
43
vmware esxi
41
vmware workstation
40
vmware player
37
vmware vcenter server and cloud foundation
37
vmware vcenter
32
vmware server
26
vmware ace
20
vmware spring framework
19
vmware vsphere
19
vmware horizon
15
vmware vrealize operations
15
vmware esx
12
vmware horizon client
9
vmware vrealize log insight
9
vmware vcenter server appliance
7
vmware spring boot
6
vmware vrealize automation
6
vmware spring security
5
vmware vrealize suite lifecycle manager
5
vmware workspace one access and identity manager
5
vmware esx server
4
vmware horizon view
4
vmware nsx
4
vmware spring ai
4
vmware vcloud director
4
vmware virtualcenter
4
vmware vma
4
vmware identity manager connector
3
vmware single sign-on for pivotal cloud foundry
3
vmware studio
3
vmware tools
3
vmware vmwgfx driver
3
vmware vsphere data protection
3
vmware workspace one launcher
3
vmware workstation player
3
vmware workstation pro
3
vmware access
2
vmware airwatch inbox
2
vmware gsx server
2
vmware ixgben
2
vmware nsx edge
2
vmware nsx-t data center
2
vmware pinniped
2
vmware rabbitmq
2
vmware sd-wan edge
2
vmware spring cloud config
2
vmware spring cloud netflix
2

VMware Spring AiLLM-influenced filename used unsanitized in Path.resolve before file write in Spring AI support for Anthropic Skills API

Risk 38
Severity
6.5
First published (updated )
CVE-2026-41863

VMware Spring Cloud ConfigWhen enabling trace logging in Spring Cloud Config Server sensitive information was placed in plain …

Risk 26
Severity
4.4
First published (updated )
CVE-2026-41004

VMware Spring FrameworkDenial of service in static resource handling on Windows platforms

Risk 27
Severity
5.3
First published (updated )
CVE-2026-22745

VMware Spring FrameworkSpring Framework DoS with Multipart Temp Files in WebFlux

Risk 38
Severity
6.5
First published (updated )
CVE-2026-22740

Spring Spring gRPCSpring gRPC AuthenticationException message reflected to remote client

Risk 27
Severity
5.3
First published (updated )
CVE-2026-40969
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

VMware Spring AiIn Spring AI, a malicious PDF file can be crafted that triggers the allocation of unreasonable amoun…

Risk 38
Severity
6.5
First published (updated )
CVE-2026-40980

VMware Spring AiIn Spring AI, having access to a shared environment can expose the ONNX model used by the applicatio…

Risk 41
Severity
6.1
First published (updated )
CVE-2026-40979

VMware Spring AiVectorStoreChatMemoryAdvisor conversation scoping can lead to cross-tenant memory exfiltration

Risk 35
Severity
5.9
First published (updated )
CVE-2026-40966

VMware Spring BootAn attacker on the same network as the remote application may be able to utilize a timing attack to …

Risk 19
Severity
4
First published (updated )
REDHAT-BUG-2463332

VMware Spring BootA local attacker on the same host as the application may be able to take control of the directory us…

Risk 19
Severity
4
First published (updated )
REDHAT-BUG-2463330
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

VMware Spring BootWhen an application is configured to use `ApplicationPidFileWriter`, a local attacker with write acc…

Risk 60
Severity
6.7
First published (updated )
CVE-2026-40977

VMware Spring BootWhen configured to use an SSL bundle, Spring Boot's Elasticsearch auto-configuration does not perfor…

Risk 52
Severity
6.8
First published (updated )
CVE-2026-40970

VMware Spring SecurityPotential Security Misconfiguration when Using withIssuerLocation

Risk 38
Severity
6.5
First published (updated )
CVE-2026-22748

VMware Spring SecuritySpring Security JdbcOneTimeTokenService allows a one-time token to authenticate multiple sessions

Risk 32
Severity
4.8
First published (updated )
CVE-2026-22751

maven/org.springframework:spring-webfluxSpring Framework Improper Path Limitation with Script View Templates

Risk 35
Severity
5.9
First published (updated )
CVE-2026-22737
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

VMware WorkstationVMware Workstation out-of-bounds write vulnerability

Risk 31
Severity
5
First published (updated )
CVE-2026-22716

VMware WorkstationVMware Workstation for Windows null pointer dereference may allow an authenticated user to trigger a crash

Risk 41
Severity
6.1
First published (updated )
CVE-2026-22722

VMware WorkstationVMware Workstation/Fusion NAT vulnerability

Risk 42
Severity
5.9
First published (updated )
CVE-2026-22715

VMware Workspace ONE UEMOmnissa Workspace ONE UEM contains an observable response discrepancy vulnerability. A malicious act…

Risk 27
Severity
5.3
First published (updated )
CVE-2025-25236

VMware Aria OperationsVMSA-2025-0015: VMware Aria Operations and VMware Tools updates address multiple vulnerabilities (CVE-2025-41244,CVE-2025-41245, CVE-2025-41246)

Risk 31
Severity
4.9
First published (updated )
CVE-2025-41245
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

VMware vCenterDenial-of-service vulnerability

Risk 26
Severity
4.4
First published (updated )
CVE-2025-41241

VMware Avi Load BalancerSQL Injection, Input Validation

Risk 37
Severity
6.8
First published (updated )
CVE-2025-41233

Broadcom Vmware NsxXSS, Input Validation

Risk 40
Severity
5.9
First published (updated )
CVE-2025-22245

Broadcom Vmware NsxXSS, Input Validation

Risk 43
Severity
6.9
First published (updated )
CVE-2025-22244

VMware ESXiVMware ESXi and vCenter Server Reflected Cross Site Scripting (XSS) Vulnerability

Risk 65
Severity
4.3
Exploited
First published (updated )
CVE-2025-41228
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

VMware ESXiDenial-of-Service Vulnerability

Risk 32
Severity
5.5
First published (updated )
CVE-2025-41227

VMware ESXiGuest Operations Denial-of-Service Vulnerability

Risk 39
Severity
6.8
First published (updated )
CVE-2025-41226

VMware open-vm-toolsInsecure file handling vulnerability

Risk 45
Severity
6.1
First published (updated )
CVE-2025-22247

Linux Linux kernelvmxnet3: unregister xdp rxq info in the reset path

Risk 32
Severity
5.5
First published (updated )
CVE-2025-22106

VMware Aria Operations for LogsVMware Aria Operations for Logs stored cross-site scripting vulnerability (CVE-2025-22221)

Risk 38
Severity
5.2
First published (updated )
CVE-2025-22221
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2026 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203