浏览 611+ 条来自 NVD 与 CNNVD 的 CVE 漏洞,配 AI 中文翻译、AI POC 生成、每日情报;可按厂商、产品、严重等级、CWE 检索。
| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-40966 | VectorStoreChatMemoryAdvisor conversation scoping can lead to cross-tenant memory exfiltration | VMware | Spring AI | Medium | 5.9 | 2026-04-28 06:42:37 | Deep Dive |
| CVE-2026-22750 | SSL bundle configuration silently bypassed in Spring Cloud Gateway | VMware | Spring Cloud Gateway | High | 7.5 | 2026-04-10 07:32:31 | Deep Dive |
| CVE-2026-22732 | Under Some Conditions Spring Security HTTP Headers Are not Written | VMware | Spring Security | Critical | 9.1 | 2026-03-19 22:47:38 | Deep Dive |
| CVE-2026-22729 | CVE-2026-22729: JSONPath Injection in Spring AI Vector Stores FilterExpressionConverter | VMware | Spring AI | High | 8.6 | 2026-03-18 07:39:57 | Deep Dive |
| CVE-2026-22730 | CVE-2026-22730: SQL Injection in Spring AI MariaDBFilterExpressionConverter | VMware | Spring AI | High | 8.8 | 2026-03-18 07:36:31 | Deep Dive |
| CVE-2026-22717 | VMware Workstation out-of-bound read vulnerability | VMware | Workstation | Low | 2.7 | 2026-02-27 19:11:55 | Deep Dive |
| CVE-2026-22716 | VMware Workstation out-of-bounds write vulnerability | VMware | Workstation | Medium | 5.0 | 2026-02-27 19:01:44 | Deep Dive |
| CVE-2026-22722 | VMware Workstation for Windows null pointer dereference may allow an authenticated user to trigger a crash | VMware | Workstation | Medium | 6.1 | 2026-02-26 18:35:21 | Deep Dive |
| CVE-2026-22715 | VMware Workstation/Fusion NAT vulnerability | VMware | Workstation | Medium | 5.9 | 2026-02-26 18:29:14 | Deep Dive |
| CVE-2026-22721 | VMware Aria Operations privilege escalation vulnerability | VMware | VMware Aria Operations | Medium | 6.2 | 2026-02-25 20:00:16 | Deep Dive |
| CVE-2026-22720 | VMware Aria Operations stored cross-site scripting vulnerability | VMware | VMware Aria Operations | High | 8.0 | 2026-02-25 19:33:15 | Deep Dive |
| CVE-2026-22719 | VMware Aria Operations command injection vulnerability | VMware | VMware Aria Operations | High | 8.1 | 2026-02-25 19:18:59 | Deep Dive |
| CVE-2026-2818 | Zip Slip Path Traversal in Snapshot Archive Extraction (Windows-Specific) | VMware | Spring Data Geode | High | 8.2 | 2026-02-20 16:03:21 | Deep Dive |
| CVE-2026-2817 | Spring Data Geode Insecure Temporary Directory Usage | VMware | Spring Data Geode | Medium | 4.4 | 2026-02-19 17:18:10 | Deep Dive |
| CVE-2025-41254 | Spring Framework STOMP CSRF Vulnerability | VMware | Spring Framework | Medium | 4.3 | 2025-10-16 14:48:37 | Deep Dive |
| CVE-2025-41253 | Spring Cloud Gateway Webflux SpEL Injection Vulnerability Allowing Exposure of Environment Variables | VMware | Spring Cloud Gateway Server Webflux | High | 7.5 | 2025-10-16 14:25:21 | Deep Dive |
| CVE-2025-41252 | Username enumeration vulnerability | VMware | NSX | High | 7.5 | 2025-09-29 19:02:07 | Deep Dive |
| CVE-2025-41251 | Weak password recovery vulnerability | vmware | NSX | High | 8.1 | 2025-09-29 18:45:17 | Deep Dive |
| CVE-2025-41250 | Header injection vulnerability | VMware | vCenter | High | 8.5 | 2025-09-29 17:44:28 | Deep Dive |
| CVE-2025-41245 | VMSA-2025-0015: VMware Aria Operations and VMware Tools updates address multiple vulnerabilities (CVE-2025-41244,CVE-2025-41245, CVE-2025-41246) | VMware | VMware Aria Operations | Medium | 4.9 | 2025-09-29 16:19:16 | Deep Dive |