These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.
CVE-2026-41856 is a HIGH severity vulnerability in Spring for GraphQL. The Spring GraphQL annotation detection mechanism for @Controller data fetchers may not correctly resolve annotations on methods within type hierarchies. This can be an issue if such annotations are used for authorization decisions. When all conditions are met, security annotations can be ignored at runtime. Affected versions include S [truncated]
CVE-2026-47838 is a medium-severity vulnerability (CVSS Score: 6.8) affecting Spring Security versions 5.7.0 through 5.7.24, 5.8.0 through 5.8.26, 6.3.0 through 6.3.17, 6.4.0 through 6.4.17, and 6.5.0 through 6.5.10. The vulnerability is caused by the SubjectDnX509PrincipalExtractor not correctly handling certain malformed X.509 certificate CN values, which can lead to reading the wrong value for the user [truncated]
CVE-2026-41845 is a high-severity vulnerability in the Spring Framework, a popular Java framework for building enterprise-level applications. The vulnerability has a CVSS score of 7.1 and is classified as HIGH. It was published on 2026-06-09T05:16:36.557Z and modified on 2026-06-11T16:12:37.023Z.
CVE-2026-41724 is a HIGH severity vulnerability in VMware Cloud Foundation Operations. A malicious actor with privileges to create policies, views, or text-widgets may be able to inject scripts to perform administrative actions.
CVE-2026-41723 is a HIGH severity vulnerability in VMware Cloud Foundation Operations. A malicious actor with privileges to create policies, views or text-widgets may be able to inject scripts to perform administrative actions in VMware Cloud Foundation Operations. The vulnerability has a CVSS score of 8 and was first published on [cve-org](https://www.cve.org/CVERecord?id=CVE-2026-41723).
CVE-2026-41722 is a HIGH severity vulnerability in VMware Cloud Foundation Operations. A malicious actor with privileges to create policies, views, or text-widgets may be able to inject scripts to perform administrative actions.
A Time-of-check Time-of-use (TOCTOU) vulnerability in VMware Fusion allows local privilege escalation to root. The flaw exists in a SETUID binary operation, where a race condition between checking a resource's state and using it can be exploited by an attacker with local non-administrative access. The CVSS 3.1 vector (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) indicates high impact across confidentiality, integ [truncated]
CVE-2026-22750 was published on [cvePublishedAt](https://www.cve.org/CVERecord?id=CVE-2026-22750) with a CVSS score of 7.5 and HIGH severity. The vulnerability affects Spring Cloud Gateway, specifically when configuring SSL bundles using the configuration property `spring.ssl.bundle`. The configuration was silently ignored, and the default SSL configuration was used instead. The CVE was modified on [cveMo [truncated]
CVE-2026-22742 describes a server-side request forgery (SSRF) issue in Spring AI's spring-ai-bedrock-converse component. When BedrockProxyChatModel processes multimodal messages that include user-supplied media URLs, insufficient validation can let an attacker cause the server to send HTTP requests to unintended destinations. The issue is rated HIGH with CVSS 8.6 and affects Spring AI versions from 1.0.0 [truncated]
CVE-2026-22738 is a critical Spring AI vulnerability in SimpleVectorStore. If an application uses user-supplied input as a filter expression key, a malicious actor may be able to trigger SpEL injection and execute arbitrary code. NVD lists this as CVSS 9.8, with network attack vector, no privileges required, and no user interaction.
CVE-2025-41239 is a high-severity information disclosure vulnerability in VMware vSockets caused by uninitialized memory in VMware ESXi, Workstation, Fusion, and VMware Tools. In the Rockwell Automation advisory, several VMware-dependent offerings are affected, including Industrial Data Center (IDC) with VMware, VersaVirtual Appliance (VVA) with VMware, Threat Detection Managed Services (TDMS) with VMware [truncated]
CVE-2025-41238 is a critical VMware vulnerability affecting the Paravirtualized SCSI (PVSCSI) controller in ESXi, Workstation, and Fusion. According to the advisory corpus, successful exploitation can cause an out-of-bounds write and lead to code execution on the host. Rockwell Automation’s CSAF advisory maps the issue to multiple Rockwell offerings that use VMware components and directs customers to VMwa [truncated]
CVE-2025-22226 is a VMware information disclosure vulnerability affecting ESXi, Workstation, and Fusion. CISA added it to the Known Exploited Vulnerabilities catalog on 2025-03-04, so defenders should treat it as an urgent remediation item rather than a routine patch task. The supplied corpus does not provide affected versions, a CVSS score, or a detailed attack path, so validation should start with the v [truncated]
CVE-2025-22225 is a VMware ESXi arbitrary write vulnerability that CISA added to its Known Exploited Vulnerabilities catalog on 2025-03-04. The KEV entry marks it as having known ransomware campaign use, which makes it a high-priority remediation item for any organization running ESXi. CISA’s required action is to apply vendor mitigations, follow applicable BOD 22-01 guidance for cloud services, or discon [truncated]
CVE-2025-22224 is a VMware ESXi and Workstation time-of-check to time-of-use (TOCTOU) race condition vulnerability that CISA added to its Known Exploited Vulnerabilities catalog on 2025-03-04. Because it is in KEV, defenders should treat it as a priority issue and follow vendor mitigation guidance and CISA’s required actions without delay.
CVE-2024-38813 is an official VMware vCenter Server privilege escalation vulnerability that CISA added to its Known Exploited Vulnerabilities catalog on 2024-11-20. The supplied timeline also shows a remediation due date of 2024-12-11. Because the source corpus provides limited technical detail, the safest response is to treat affected vCenter Server deployments as a high-priority exposure and follow vend [truncated]
CVE-2024-38812 is a VMware vCenter Server heap-based buffer overflow vulnerability that CISA added to its Known Exploited Vulnerabilities catalog on 2024-11-20. Because it is listed in KEV, defenders should treat it as actively exploited and prioritize vendor-directed mitigations or remediation immediately. CISA’s due date for remediation in the KEV catalog is 2024-12-11.
CVE-2024-37085 is a VMware ESXi authentication bypass vulnerability that CISA added to its Known Exploited Vulnerabilities catalog on 2024-07-30. The KEV entry marks it as having known ransomware campaign use, which makes this a high-priority issue for any organization running ESXi. The supplied authoritative sources direct defenders to apply vendor mitigations or discontinue use of the product if mitigat [truncated]
CVE-2022-22948 is described as an incorrect default file permissions issue in VMware vCenter Server. CISA includes it in the Known Exploited Vulnerabilities catalog, so defenders should treat it as a priority remediation item and follow VMware's guidance without delay.
CVE-2023-34048 affects VMware vCenter Server and is described as an out-of-bounds write vulnerability. CISA added it to the Known Exploited Vulnerabilities catalog on 2024-01-22, with remediation due by 2024-02-12, so affected environments should treat it as a priority issue and follow vendor guidance promptly.
CVE-2023-20867 is an authentication bypass vulnerability in VMware Tools. CISA added it to the Known Exploited Vulnerabilities catalog on 2023-06-23, which means it should be treated as a prioritized remediation item. The supplied corpus does not include exploit mechanics or affected-version details, so the safest response is to follow VMware’s update guidance and verify that VMware Tools is fully patched.
CVE-2023-20887 is a command injection vulnerability affecting VMware Aria Operations for Networks. CISA added it to the Known Exploited Vulnerabilities catalog on 2023-06-22 and set a remediation due date of 2023-07-13, which makes this a high-priority issue for affected deployments.
CVE-2022-22947 is a VMware Spring Cloud Gateway code injection vulnerability that CISA added to its Known Exploited Vulnerabilities catalog on 2022-05-16. Because it is listed in KEV, defenders should treat it as actively exploited and prioritize remediation using vendor guidance.
CVE-2022-22960 is a VMware Multiple Products privilege escalation vulnerability that CISA added to its Known Exploited Vulnerabilities catalog on 2022-04-15. Because it is in KEV, defenders should treat it as a priority issue and apply VMware updates per vendor instructions as soon as possible.
CVE-2022-22954 is a VMware Workspace ONE Access and Identity Manager server-side template injection vulnerability that CISA added to its Known Exploited Vulnerabilities catalog on 2022-04-14. Because it is confirmed in KEV and marked as having known ransomware campaign use, organizations running the affected VMware products should treat it as a high-priority remediation item and follow vendor update guida [truncated]
CVE-2022-22965 is a VMware Spring Framework remote code execution vulnerability affecting JDK 9+ environments. CISA added it to the Known Exploited Vulnerabilities catalog on 2022-04-04, which indicates confirmed real-world exploitation and makes prompt remediation important.
CVE-2018-6961 is a VMware SD-WAN Edge by VeloCloud command injection vulnerability that CISA added to its Known Exploited Vulnerabilities catalog. Because it is in the KEV catalog, defenders should treat it as actively exploited and prioritize vendor-guided remediation for any exposed VMware SD-WAN Edge deployments.
CVE-2021-21973 is a VMware vCenter Server and Cloud Foundation server-side request forgery (SSRF) vulnerability that CISA lists in the Known Exploited Vulnerabilities catalog. For defenders, the key takeaway is not just that the issue exists, but that it is considered known exploited and should be treated as a high-priority patching item. CISA’s KEV entry directs organizations to apply updates per vendor [truncated]
CVE-2021-21975 is a VMware server-side request forgery (SSRF) issue affecting the vRealize Operations Manager API. CISA added it to the Known Exploited Vulnerabilities catalog on 2022-01-18 and marked it as having known ransomware campaign use. The listed required action is to apply updates per vendor instructions.
CVE-2021-22017 is an improper access control issue in VMware vCenter Server that CISA lists in its Known Exploited Vulnerabilities catalog. Because it is marked as known to be exploited, organizations running vCenter Server should treat it as a high-priority remediation item and apply VMware’s updates as soon as possible.
CVE-2021-22005 is a VMware vCenter Server file upload vulnerability that CISA lists in its Known Exploited Vulnerabilities catalog. The public KEV record marks it as known exploited and notes known ransomware campaign use, which makes this a high-priority defensive issue. The KEV catalog entry also sets a remediation due date of 2021-11-17 and directs defenders to apply updates per vendor instructions.
CVE-2021-21985 is an improper input validation vulnerability in VMware vCenter Server. CISA lists it in the Known Exploited Vulnerabilities catalog and notes known ransomware campaign use, which raises the defensive priority for exposed or widely relied-on vCenter deployments. The practical response is to apply vendor updates per VMware guidance as soon as possible.
CVE-2021-21972 is a VMware vCenter Server remote code execution vulnerability that CISA added to the Known Exploited Vulnerabilities catalog on 2021-11-03. CISA also marks it as associated with known ransomware campaign use, which makes this a high-priority remediation item for any environment running vCenter Server.
CVE-2020-4006 is a command injection vulnerability affecting multiple VMware products and is listed in CISA’s Known Exploited Vulnerabilities catalog, which makes it a clear defensive priority for organizations running VMware software. The official KEV entry directs defenders to apply updates per vendor instructions. Because the source corpus does not provide affected versions or product-specific details, [truncated]
CVE-2020-3992 is a VMware ESXi vulnerability in OpenSLP described by CISA as a use-after-free issue. It was added to the CISA Known Exploited Vulnerabilities catalog on 2021-11-03, indicating confirmed exploitation in the wild. CISA also marks it as having known ransomware campaign use, so ESXi environments should treat it as an urgent remediation item and follow VMware’s update guidance.
CVE-2020-3952 is a VMware vCenter Server information disclosure vulnerability that CISA added to its Known Exploited Vulnerabilities catalog on 2021-11-03. Because it is in KEV, defenders should treat it as a high-priority remediation item and apply vendor updates per VMware instructions.
CVE-2020-3950 is a VMware Multiple Products privilege escalation vulnerability that CISA lists in its Known Exploited Vulnerabilities catalog. The available official record indicates active concern from a known-exploitation authority, so organizations running VMware products should treat vendor updates as a priority and verify exposure quickly.
CVE-2019-5544 is a VMware OpenSLP heap-based buffer overflow affecting VMware ESXi and Horizon DaaS. CISA has listed it in the Known Exploited Vulnerabilities catalog, and the KEV entry indicates known ransomware campaign use. That combination makes it a high-priority remediation item for any exposed VMware environment.