Support Us — Your donation helps us keep running

Goal: 1000 CNY,Raised: 1000 CNY

100.0%
Donate Now

VMware — Vulnerabilities & Security Advisories 215

Browse all 215 CVE security advisories affecting VMware. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top 10 Products VMware:WorkstationESXiVMware ESXiVMware Aria OperationsSALTWorkstation Pro/PlayervCenter ServerVMware vCenter Server (vCenter Server)VMware Aria Operations for LogsSpring FrameworkvRealize AutomationCloud FoundationAirwatch ConsoleVMware vCenter ServerVMware NSXVMware ToolsVMware Aria AutomationFusionVMware ESXi, Workstation, and FusionvRealize Operations for Horizon AdapterWorkstation and FusionVMware Enhanced Authentication Plug-in (EAP)VMware FusionAirwatch AgentVMware ESXi, Workstation, FusionVMware WorkstationSpring AIVMware Horizon Agent for LinuxvCenterSalt Project
CVE IDTitleCVSSSeverityPaused
CVE-2026-22750 SSL bundle configuration silently bypassed in Spring Cloud Gateway — Spring Cloud Gateway 7.5 High2026-04-10
CVE-2026-22732 Under Some Conditions Spring Security HTTP Headers Are not Written — Spring Security 9.1 Critical2026-03-19
CVE-2026-22729 CVE-2026-22729: JSONPath Injection in Spring AI Vector Stores FilterExpressionConverter — Spring AI 8.6 High2026-03-18
CVE-2026-22730 CVE-2026-22730: SQL Injection in Spring AI MariaDBFilterExpressionConverter — Spring AI 8.8 High2026-03-18
CVE-2026-22717 VMware Workstation out-of-bound read vulnerability — WorkstationCWE-125 2.7 Low2026-02-27
CVE-2026-22716 VMware Workstation out-of-bounds write vulnerability — WorkstationCWE-787 5.0 Medium2026-02-27
CVE-2026-22722 VMware Workstation for Windows null pointer dereference may allow an authenticated user to trigger a crash — WorkstationCWE-476 6.1 Medium2026-02-26
CVE-2026-22715 VMware Workstation/Fusion NAT vulnerability — Workstation 5.9 Medium2026-02-26
CVE-2026-22721 VMware Aria Operations privilege escalation vulnerability — VMware Aria OperationsCWE-269 6.2 Medium2026-02-25
CVE-2026-22720 VMware Aria Operations stored cross-site scripting vulnerability — VMware Aria OperationsCWE-79 8.0 High2026-02-25
CVE-2026-22719 VMware Aria Operations command injection vulnerability — VMware Aria Operations 8.1 High2026-02-25
CVE-2026-2818 Zip Slip Path Traversal in Snapshot Archive Extraction (Windows-Specific) — Spring Data GeodeCWE-23 8.2 High2026-02-20
CVE-2026-2817 Spring Data Geode Insecure Temporary Directory Usage — Spring Data GeodeCWE-538 4.4 Medium2026-02-19
CVE-2025-41254 Spring Framework STOMP CSRF Vulnerability — Spring FrameworkCWE-352 4.3 Medium2025-10-16
CVE-2025-41253 Spring Cloud Gateway Webflux SpEL Injection Vulnerability Allowing Exposure of Environment Variables — Spring Cloud Gateway Server WebfluxCWE-917 7.5 High2025-10-16
CVE-2025-41252 Username enumeration vulnerability — NSXCWE-203 7.5 High2025-09-29
CVE-2025-41251 Weak password recovery vulnerability — NSXCWE-640 8.1 High2025-09-29
CVE-2025-41250 Header injection vulnerability — vCenterCWE-77 8.5 High2025-09-29
CVE-2025-41245 VMSA-2025-0015: VMware Aria Operations and VMware Tools updates address multiple vulnerabilities (CVE-2025-41244,CVE-2025-41245, CVE-2025-41246) — VMware Aria OperationsCWE-1188 4.9 Medium2025-09-29
CVE-2025-41244 VMSA-2025-0015: VMware Aria Operations and VMware Tools updates address multiple vulnerabilities (CVE-2025-41244,CVE-2025-41245, CVE-2025-41246) — VCF operationsCWE-267 7.8 High2025-09-29
CVE-2025-41246 Improper authorisation vulnerability — ToolsCWE-863 7.6 High2025-09-29
CVE-2025-41249 CVE-2025-41249: Spring Framework Annotation Detection Vulnerability — Spring Framework 7.5 High2025-09-16
CVE-2025-41248 CVE-2025-41248: Spring Security authorization bypass for method security annotations on parameterized types — Spring Security 7.5 High2025-09-16
CVE-2025-41242 CVE-2025-41242: Path traversal vulnerability on non-compliant Servlet containers — Spring Framework 5.9 Medium2025-08-18
CVE-2025-41241 Denial-of-service vulnerability — vCenterCWE-754 4.4 Medium2025-07-29
CVE-2025-41240 Mounted Kubernetes Secrets under a predictable path located within the web server document root — bitnamicharts/appsmith 10.0 Critical2025-07-24
CVE-2025-22227 CVE-2025-22227: Authentication Leak On Redirect With Reactor Netty HTTP Client — Reactor Netty 6.1 Medium2025-07-16
CVE-2025-41239 vSockets information-disclosure vulnerability — ESXiCWE-908 7.1 High2025-07-15
CVE-2025-41238 PVSCSI heap-overflow vulnerability — ESXiCWE-787 9.3 Critical2025-07-15
CVE-2025-41237 VMCI integer-underflow vulnerability — Cloud FoundationCWE-787 9.3 Critical2025-07-15

This page lists every published CVE security advisory associated with VMware. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.