Browse all 219 CVE security advisories affecting VMware. AI-powered Chinese analysis, POCs, and references for each vulnerability.
VMware operates as a leading provider of cloud computing and virtualization platforms, enabling enterprises to manage data centers and deploy software-defined infrastructure. With 219 recorded CVEs, its attack surface reflects the complexity of managing hypervisors and management interfaces. Historically, vulnerabilities have frequently involved remote code execution, cross-site scripting, and privilege escalation, often stemming from improper input validation or authentication bypasses in web-based management consoles. Notable incidents include critical flaws in vCenter Server and ESXi that allowed attackers to gain unauthorized administrative access or execute arbitrary commands on host systems. These exploits underscore the risks associated with centralized management tools, where a single compromise can impact entire virtualized environments. The high volume of vulnerabilities highlights the necessity for rigorous patch management and secure configuration practices to mitigate potential breaches in enterprise infrastructure.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-40966 | VectorStoreChatMemoryAdvisor conversation scoping can lead to cross-tenant memory exfiltration — Spring AICWE-284 | 5.9 | Medium | 2026-04-28 |
| CVE-2026-22729 | CVE-2026-22729: JSONPath Injection in Spring AI Vector Stores FilterExpressionConverter — Spring AI | 8.6 | High | 2026-03-18 |
| CVE-2026-22730 | CVE-2026-22730: SQL Injection in Spring AI MariaDBFilterExpressionConverter — Spring AI | 8.8 | High | 2026-03-18 |
This page lists every published CVE security advisory associated with VMware. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.