Known Vulnerabilities for products from Vmware
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Vmware".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-41713 json | A malicious user could craft input that is stored in conversation memory and later interpreted by the model in an unintended ... | Not Provided | 2026-05-12 | 2026-05-12 |
| CVE-2026-41712 json | Spring AI's chat memory component contained a problematic default that, when not explicitly overridden, could result in unint... | Not Provided | 2026-05-12 | 2026-05-12 |
| CVE-2026-41705 json | Spring AI's MilvusVectorStore#doDelete(List) implementation is vulnerable to filter-expression injection via unsanitized docu... | Not Provided | 2026-05-09 | 2026-05-12 |
| CVE-2026-41702 json | VMware Fusion contains a TOCTOU (Time-of-check Time-of-use) vulnerability that occurs during an operation performed by a SET... | Not Provided | 2026-05-15 | 2026-05-18 |
| CVE-2026-41004 json | When enabling trace logging in Spring Cloud Config Server sensitive information was placed in plain text in the logs. Spring ... | Not Provided | 2026-05-07 | 2026-05-12 |
| CVE-2026-41002 json | The base directory (`spring.cloud.config.server.git.basedir`) used by the Spring Cloud Config Server to clone Git repositorie... | Not Provided | 2026-05-07 | 2026-05-12 |
| CVE-2026-40982 json | Spring Cloud Config allows applications to serve arbitrary text and binary files through the spring-cloud-config-server modul... | Not Provided | 2026-05-07 | 2026-05-12 |
| CVE-2026-40981 json | When using Google Secrets Manager as a backend for the Spring Cloud Config server a client can craft a request to the config ... | Not Provided | 2026-05-07 | 2026-05-12 |
| CVE-2026-40980 json | In Spring AI, a malicious PDF file can be crafted that triggers the allocation of unreasonable amounts of memory when handled... | Not Provided | 2026-04-28 | 2026-04-29 |
| CVE-2026-40979 json | In Spring AI, having access to a shared environment can expose the ONNX model used by the application. Affected versions: Sp... | Not Provided | 2026-04-28 | 2026-04-29 |
| CVE-2026-40978 json | SQL injection vulnerability in Spring AI's `CosmosDBVectorStore` allows attackers to execute arbitrary SQL queries via crafte... | Not Provided | 2026-04-28 | 2026-04-29 |
| CVE-2026-40977 json | When an application is configured to use `ApplicationPidFileWriter`, a local attacker with write access to the PID file's loc... | Not Provided | 2026-04-28 | 2026-04-30 |
| CVE-2026-40976 json | In certain circumstances, Spring Boot's default web security is ineffective allowing unauthorized access to all endpoints. Fo... | Not Provided | 2026-04-28 | 2026-04-30 |
| CVE-2026-40975 json | Values produced by ${random.value} are not suitable for use as secrets. ${random.uuid} is not affected. ${random.int} and ${r... | Not Provided | 2026-04-28 | 2026-04-30 |
| CVE-2026-40974 json | Spring Boot's Cassandra auto-configuration does not perform hostname verification when establishing an SSL connection to Cass... | Not Provided | 2026-04-28 | 2026-05-14 |
| CVE-2026-40973 json | A local attacker on the same host as the application may be able to take control of the directory used by `ApplicationTemp`. ... | Not Provided | 2026-04-28 | 2026-04-30 |
| CVE-2026-40972 json | An attacker on the same network as the remote application may be able to utilize a timing attack to discover information abou... | Not Provided | 2026-04-28 | 2026-04-30 |
| CVE-2026-40971 json | When configured to use an SSL bundle, Spring Boot's RabbitMQ auto-configuration does not perform hostname verification when c... | Not Provided | 2026-04-27 | 2026-05-14 |
| CVE-2026-40970 json | When configured to use an SSL bundle, Spring Boot's Elasticsearch auto-configuration does not perform hostname verification w... | Not Provided | 2026-04-27 | 2026-05-14 |
| CVE-2026-40969 json | The raw message of every server-side AuthenticationException is returned to the unauthenticated remote caller in the gRPC sta... | Not Provided | 2026-04-28 | 2026-04-30 |
Known software with vulnerabilities from Vmware
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Vmware | Ace | - |
| Application | Vmware | Ace 2 | - |
| Application | Vmware | Airwatch | 7.3.0.0 |
| Application | Vmware | Airwatch Console | 9.1.0.0 |
| Application | Vmware | Airwatch Launcher | 3.2.2 |
| Application | Vmware | App Volumes | 2.10 |
| Application | Vmware | Capacityiq | 1.0.0 |
| Application | Vmware | Capacity Planner | 2.6.2.22938 |
| Application | Vmware | Cloud Foundation | - |
| Application | Vmware | Consolidated Backup Framework | 1.5.0.2192 |
| Application | Vmware | Converter | 1.0.0 |
| Application | Vmware | Converter Enterprise Client | 4.0.3.62417 |
| Application | Vmware | Data Recovery | 1.2.0 |
| Operating System | Vmware | Esx | - |
| Operating System | Vmware | Esxi | 3.5 |
| Application | Vmware | Esx Server | - |
| Application | Vmware | Fusion | - |
| Application | Vmware | Fusion Pro | 8.0.0 |
| Application | Vmware | Gemfire | 9.7.0 |
| Application | Vmware | Gsx Server | - |