Known Vulnerabilities for products from VMware
Listed below are 20 of the newest known vulnerabilities associated with the vendor "VMware".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-41713 json | A malicious user could craft input that is stored in conversation memory and later interpreted by the model in an unintended ... | Not Provided | 2026-05-12 | 2026-05-12 |
| CVE-2026-41712 json | Spring AI's chat memory component contained a problematic default that, when not explicitly overridden, could result in unint... | Not Provided | 2026-05-12 | 2026-05-12 |
| CVE-2026-41705 json | Spring AI's MilvusVectorStore#doDelete(List) implementation is vulnerable to filter-expression injection via unsanitized docu... | Not Provided | 2026-05-09 | 2026-05-12 |
| CVE-2026-41004 json | When enabling trace logging in Spring Cloud Config Server sensitive information was placed in plain text in the logs. Spring ... | Not Provided | 2026-05-07 | 2026-05-12 |
| CVE-2026-41002 json | The base directory (`spring.cloud.config.server.git.basedir`) used by the Spring Cloud Config Server to clone Git repositorie... | Not Provided | 2026-05-07 | 2026-05-12 |
| CVE-2026-40982 json | Spring Cloud Config allows applications to serve arbitrary text and binary files through the spring-cloud-config-server modul... | Not Provided | 2026-05-07 | 2026-05-12 |
| CVE-2026-40981 json | When using Google Secrets Manager as a backend for the Spring Cloud Config server a client can craft a request to the config ... | Not Provided | 2026-05-07 | 2026-05-12 |
| CVE-2026-40980 json | In Spring AI, a malicious PDF file can be crafted that triggers the allocation of unreasonable amounts of memory when handled... | Not Provided | 2026-04-28 | 2026-04-29 |
| CVE-2026-40979 json | In Spring AI, having access to a shared environment can expose the ONNX model used by the application. Affected versions: Sp... | Not Provided | 2026-04-28 | 2026-04-29 |
| CVE-2026-40978 json | SQL injection vulnerability in Spring AI's `CosmosDBVectorStore` allows attackers to execute arbitrary SQL queries via crafte... | Not Provided | 2026-04-28 | 2026-04-29 |
| CVE-2026-40977 json | When an application is configured to use `ApplicationPidFileWriter`, a local attacker with write access to the PID file's loc... | Not Provided | 2026-04-28 | 2026-04-30 |
| CVE-2026-40976 json | In certain circumstances, Spring Boot's default web security is ineffective allowing unauthorized access to all endpoints. Fo... | Not Provided | 2026-04-28 | 2026-04-30 |
| CVE-2026-40975 json | Values produced by ${random.value} are not suitable for use as secrets. ${random.uuid} is not affected. ${random.int} and ${r... | Not Provided | 2026-04-28 | 2026-04-30 |
| CVE-2026-40973 json | A local attacker on the same host as the application may be able to take control of the directory used by `ApplicationTemp`. ... | Not Provided | 2026-04-28 | 2026-04-30 |
| CVE-2026-40972 json | An attacker on the same network as the remote application may be able to utilize a timing attack to discover information abou... | Not Provided | 2026-04-28 | 2026-04-30 |
| CVE-2026-40969 json | The raw message of every server-side AuthenticationException is returned to the unauthenticated remote caller in the gRPC sta... | Not Provided | 2026-04-28 | 2026-04-30 |
| CVE-2026-40968 json | When an authenticated user is denied access to a gRPC method, their authenticated identity remains bound to the gRPC worker t... | Not Provided | 2026-04-28 | 2026-04-30 |
| CVE-2026-40967 json | In Spring AI, various FilterExpressionConverter implementations accept a filter expression object and translate them to speci... | Not Provided | 2026-04-28 | 2026-04-29 |
| CVE-2026-40966 json | In Spring AI, an attacker can bypass conversation isolation and exfiltrate sensitive memory from other users’ chat historie... | Not Provided | 2026-04-28 | 2026-04-29 |
| CVE-2026-22754 json | Vulnerability in Spring Spring Security. If an application uses |
2026-04-22 | 2026-04-24 |
Known software with vulnerabilities from VMware
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Vmware | Ace | - |
| Application | Vmware | Ace 2 | - |
| Application | Vmware | Airwatch | 7.3.0.0 |
| Application | Vmware | Airwatch Console | 9.1.0.0 |
| Application | Vmware | Airwatch Launcher | 3.2.2 |
| Application | Vmware | App Volumes | 2.10 |
| Application | Vmware | Capacityiq | 1.0.0 |
| Application | Vmware | Capacity Planner | 2.6.2.22938 |
| Application | Vmware | Cloud Foundation | - |
| Application | Vmware | Consolidated Backup Framework | 1.5.0.2192 |
| Application | Vmware | Converter | 1.0.0 |
| Application | Vmware | Converter Enterprise Client | 4.0.3.62417 |
| Application | Vmware | Data Recovery | 1.2.0 |
| Operating System | Vmware | Esx | - |
| Operating System | Vmware | Esxi | 3.5 |
| Application | Vmware | Esx Server | - |
| Application | Vmware | Fusion | - |
| Application | Vmware | Fusion Pro | 8.0.0 |
| Application | Vmware | Gemfire | 9.7.0 |
| Application | Vmware | Gsx Server | - |