Known Vulnerabilities for products from Vmware
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Vmware".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-40980 json | In Spring AI, a malicious PDF file can be crafted that triggers the allocation of unreasonable amounts of memory when handled... | Not Provided | 2026-04-28 | 2026-04-29 |
| CVE-2026-40979 json | In Spring AI, having access to a shared environment can expose the ONNX model used by the application. Affected versions: Sp... | Not Provided | 2026-04-28 | 2026-04-29 |
| CVE-2026-40978 json | SQL injection vulnerability in Spring AI's `CosmosDBVectorStore` allows attackers to execute arbitrary SQL queries via crafte... | Not Provided | 2026-04-28 | 2026-04-29 |
| CVE-2026-40977 json | When an application is configured to use `ApplicationPidFileWriter`, a local attacker with write access to the PID file's loc... | Not Provided | 2026-04-28 | 2026-04-30 |
| CVE-2026-40976 json | In certain circumstances, Spring Boot's default web security is ineffective allowing unauthorized access to all endpoints. Fo... | Not Provided | 2026-04-28 | 2026-04-30 |
| CVE-2026-40975 json | Values produced by ${random.value} are not suitable for use as secrets. ${random.uuid} is not affected. ${random.int} and ${r... | Not Provided | 2026-04-28 | 2026-04-30 |
| CVE-2026-40973 json | A local attacker on the same host as the application may be able to take control of the directory used by `ApplicationTemp`. ... | Not Provided | 2026-04-28 | 2026-04-30 |
| CVE-2026-40972 json | An attacker on the same network as the remote application may be able to utilize a timing attack to discover information abou... | Not Provided | 2026-04-28 | 2026-04-30 |
| CVE-2026-40969 json | The raw message of every server-side AuthenticationException is returned to the unauthenticated remote caller in the gRPC sta... | Not Provided | 2026-04-28 | 2026-04-30 |
| CVE-2026-40968 json | When an authenticated user is denied access to a gRPC method, their authenticated identity remains bound to the gRPC worker t... | Not Provided | 2026-04-28 | 2026-04-30 |
| CVE-2026-40967 json | In Spring AI, various FilterExpressionConverter implementations accept a filter expression object and translate them to speci... | Not Provided | 2026-04-28 | 2026-04-29 |
| CVE-2026-40966 json | In Spring AI, an attacker can bypass conversation isolation and exfiltrate sensitive memory from other users’ chat historie... | Not Provided | 2026-04-28 | 2026-04-29 |
| CVE-2026-22754 json | Vulnerability in Spring Spring Security. If an application uses |
2026-04-22 | 2026-04-24 | |
| CVE-2026-22753 json | Vulnerability in Spring Spring Security. If an application is using securityMatchers(String) and a PathPatternRequestMatch... | Not Provided | 2026-04-22 | 2026-04-24 |
| CVE-2026-22751 json | Vulnerability in Spring Spring Security. Applications that explicitly configure One-Time Token login with JdbcOneTimeTokenSe... | Not Provided | 2026-04-21 | 2026-05-01 |
| CVE-2026-22748 json | Vulnerability in Spring Spring Security. When an application configures JWT decoding with NimbusJwtDecoder or NimbusReact... | Not Provided | 2026-04-22 | 2026-04-24 |
| CVE-2026-22747 json | Vulnerability in Spring Spring Security. SubjectX500PrincipalExtractor does not correctly handle certain malformed X.509 ce... | Not Provided | 2026-04-22 | 2026-04-24 |
| CVE-2026-22746 json | Vulnerability in Spring Spring Security. If an application is using the UserDetails#isEnabled, #isAccountNonExpired, or #i... | Not Provided | 2026-04-22 | 2026-04-24 |
| CVE-2026-22745 json | Spring MVC and WebFlux applications are vulnerable to Denial of Service attacks when resolving static resources. More preci... | Not Provided | 2026-04-29 | 2026-05-04 |
| CVE-2026-22744 json | In RedisFilterExpressionConverter of spring-ai-redis-store, when a user-controlled string is passed as a filter value for ... | Not Provided | 2026-03-27 | 2026-04-16 |
Known software with vulnerabilities from Vmware
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Vmware | Ace | - |
| Application | Vmware | Ace 2 | - |
| Application | Vmware | Airwatch | 7.3.0.0 |
| Application | Vmware | Airwatch Console | 9.1.0.0 |
| Application | Vmware | Airwatch Launcher | 3.2.2 |
| Application | Vmware | App Volumes | 2.10 |
| Application | Vmware | Capacityiq | 1.0.0 |
| Application | Vmware | Capacity Planner | 2.6.2.22938 |
| Application | Vmware | Cloud Foundation | - |
| Application | Vmware | Consolidated Backup Framework | 1.5.0.2192 |
| Application | Vmware | Converter | 1.0.0 |
| Application | Vmware | Converter Enterprise Client | 4.0.3.62417 |
| Application | Vmware | Data Recovery | 1.2.0 |
| Operating System | Vmware | Esx | - |
| Operating System | Vmware | Esxi | 3.5 |
| Application | Vmware | Esx Server | - |
| Application | Vmware | Fusion | - |
| Application | Vmware | Fusion Pro | 8.0.0 |
| Application | Vmware | Gemfire | 9.7.0 |
| Application | Vmware | Gsx Server | - |