{"resultsPerPage":5,"startIndex":0,"totalResults":5,"format":"NVD_CVE","version":"2.0","timestamp":"2026-07-14T03:03:02.804","vulnerabilities":[{"cve":{"id":"CVE-2026-41696","sourceIdentifier":"security@vmware.com","published":"2026-06-10T00:16:50.800","lastModified":"2026-06-22T12:25:29.293","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Spring Data MongoDB repository query methods annotated with @Query that use regex parameter binding perform insufficient validation of the bound parameter. An attacker can supply a crafted string to break out of the intended regular expression quoting.\n\nAffected versions:\nSpring Data MongoDB 5.0.0 through 5.0.5; 4.5.0 through 4.5.11; 4.4.0 through 4.4.14; 4.3.0 through 4.3.16; 4.2.0 through 4.2.15; 4.1.0 through 4.1.14; 4.0.0 through 4.0.15; 3.4.0 through 3.4.19."}],"affected":[{"source":"security@vmware.com","affectedData":[{"vendor":"Spring","product":"Spring Data MongoDB","defaultStatus":"unaffected","versions":[{"version":"5.0.0","lessThan":"5.0.6","versionType":"custom","status":"affected"},{"version":"4.5.0","lessThan":"4.5.12","versionType":"custom","status":"affected"},{"version":"4.4.0","lessThan":"4.4.15","versionType":"custom","status":"affected"},{"version":"4.3.0","lessThan":"4.3.17","versionType":"custom","status":"affected"},{"version":"4.2.0","lessThan":"4.2.16","versionType":"custom","status":"affected"},{"version":"4.1.0","lessThan":"4.1.15","versionType":"custom","status":"affected"},{"version":"4.0.0","lessThan":"4.0.16","versionType":"custom","status":"affected"},{"version":"3.4.0","lessThan":"3.4.20","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@vmware.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":5.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-10T17:52:05.245642Z","id":"CVE-2026-41696","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@vmware.com","type":"Secondary","description":[{"lang":"en","value":"CWE-943"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:spring_data_mongodb:*:*:*:*:*:*:*:*","versionStartIncluding":"3.4.0","versionEndIncluding":"3.4.19","matchCriteriaId":"24E63679-8070-4DE5-97D7-255785C74EC3"},{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:spring_data_mongodb:*:*:*:*:*:*:*:*","versionStartIncluding":"4.0.0","versionEndIncluding":"4.0.15","matchCriteriaId":"1BEBCD2A-409F-4DEF-AF40-9EEC62A099C2"},{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:spring_data_mongodb:*:*:*:*:*:*:*:*","versionStartIncluding":"4.1.0","versionEndIncluding":"4.1.14","matchCriteriaId":"A5820FCC-F941-4399-B2B9-EDC5EE3F6953"},{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:spring_data_mongodb:*:*:*:*:*:*:*:*","versionStartIncluding":"4.2.0","versionEndIncluding":"4.2.15","matchCriteriaId":"67E36C20-FF20-4F82-B161-74E3838D67FD"},{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:spring_data_mongodb:*:*:*:*:*:*:*:*","versionStartIncluding":"4.3.0","versionEndIncluding":"4.3.16","matchCriteriaId":"7F4E6193-BF09-4103-9020-27B836CFC122"},{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:spring_data_mongodb:*:*:*:*:*:*:*:*","versionStartIncluding":"4.4.0","versionEndIncluding":"4.4.11","matchCriteriaId":"DD43FC80-BB33-4C1E-89CA-0FCE6AEF8901"},{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:spring_data_mongodb:*:*:*:*:*:*:*:*","versionStartIncluding":"4.5.0","versionEndIncluding":"4.5.11","matchCriteriaId":"048DA51D-F7AA-4A9B-9E12-23625CB26D0F"},{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:spring_data_mongodb:*:*:*:*:*:*:*:*","versionStartIncluding":"5.0.0","versionEndIncluding":"5.0.5","matchCriteriaId":"4172C445-67E9-40E6-80A1-94D8997D4435"}]}]}],"references":[{"url":"https://spring.io/security/cve-2026-41696","source":"security@vmware.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-41729","sourceIdentifier":"security@vmware.com","published":"2026-06-10T00:16:52.367","lastModified":"2026-06-22T12:10:33.533","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Spring Data REST is vulnerable to SpEL expression injection through map-typed properties when processing JSON Patch (application/json-patch+json) requests. When a persistent entity exposes a Map-typed property, the JSON Pointer path segment used as the map key is embedded directly into a SpEL expression without sanitization or validation.\n\nAffected versions:\nSpring Data REST 3.7.0 through 3.7.19; 4.3.0 through 4.3.16; 4.4.0 through 4.4.14; 4.5.0 through 4.5.11; 5.0.0 through 5.0.5."}],"affected":[{"source":"security@vmware.com","affectedData":[{"vendor":"Spring","product":"Spring Data REST","defaultStatus":"unaffected","versions":[{"version":"3.7.0","lessThan":"3.7.20","versionType":"custom","status":"affected"},{"version":"4.3.0","lessThan":"4.3.17","versionType":"custom","status":"affected"},{"version":"4.4.0","lessThan":"4.4.15","versionType":"custom","status":"affected"},{"version":"4.5.0","lessThan":"4.5.12","versionType":"custom","status":"affected"},{"version":"5.0.0","lessThan":"5.0.6","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@vmware.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-10T00:00:00+00:00","id":"CVE-2026-41729","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@vmware.com","type":"Secondary","description":[{"lang":"en","value":"CWE-917"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:spring_data_rest:*:*:*:*:*:*:*:*","versionStartIncluding":"3.7.0","versionEndIncluding":"3.7.19","matchCriteriaId":"2FFE338E-51AF-4B1D-87C1-88EDC13467A7"},{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:spring_data_rest:*:*:*:*:*:*:*:*","versionStartIncluding":"4.3.0","versionEndIncluding":"4.3.16","matchCriteriaId":"6A6EE920-6058-40E5-B05F-F3E6ED4AE5B9"},{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:spring_data_rest:*:*:*:*:*:*:*:*","versionStartIncluding":"4.4.0","versionEndIncluding":"4.4.14","matchCriteriaId":"E27C29C8-A46E-4670-B6B1-E18121A3420D"},{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:spring_data_rest:*:*:*:*:*:*:*:*","versionStartIncluding":"4.5.0","versionEndIncluding":"4.5.11","matchCriteriaId":"E6C268EB-C017-42FF-AAAA-8EB641C24304"},{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:spring_data_rest:*:*:*:*:*:*:*:*","versionStartIncluding":"5.0.0","versionEndIncluding":"5.0.5","matchCriteriaId":"D748F371-708C-4F21-BA47-3C5F4AF583C9"}]}]}],"references":[{"url":"https://spring.io/security/cve-2026-41729","source":"security@vmware.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-20246","sourceIdentifier":"psirt@cisco.com","published":"2026-06-17T17:16:43.423","lastModified":"2026-06-22T13:24:17.140","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability in the vmadmin CLI of Cisco Umbrella Virtual Appliance could allow an authenticated, local attacker to elevate privileges on an affected device.\r\n\r\nThis vulnerability is due to insufficient validation of user-supplied commands. An attacker with vmadmin privileges could exploit this vulnerability by using certain commands at the CLI. A successful exploit could allow the attacker to elevate privileges to root."}],"affected":[{"source":"psirt@cisco.com","affectedData":[{"vendor":"Cisco","product":"Cisco Umbrella Insights Virtual Appliance","defaultStatus":"unknown","versions":[{"version":"2.6.0","status":"affected"},{"version":"2.5.6","status":"affected"},{"version":"2.5","status":"affected"},{"version":"2.4.12","status":"affected"},{"version":"2.7","status":"affected"},{"version":"2.6.2","status":"affected"},{"version":"2.5.5","status":"affected"},{"version":"2.5.4","status":"affected"},{"version":"2.8","status":"affected"},{"version":"2.6.1","status":"affected"},{"version":"2.5.7","status":"affected"},{"version":"1.5.4","status":"affected"},{"version":"1.5.5","status":"affected"},{"version":"1.5.6","status":"affected"},{"version":"2.0.0","status":"affected"},{"version":"2.0.2","status":"affected"},{"version":"2.0.3","status":"affected"},{"version":"2.1.0","status":"affected"},{"version":"2.1.2","status":"affected"},{"version":"2.1.4","status":"affected"},{"version":"2.1.5","status":"affected"},{"version":"2.2","status":"affected"},{"version":"2.2.1","status":"affected"},{"version":"2.3","status":"affected"},{"version":"2.3.1","status":"affected"},{"version":"2.4","status":"affected"},{"version":"2.4.4","status":"affected"},{"version":"2.4.6","status":"affected"},{"version":"2.8.9","status":"affected"},{"version":"3.0","status":"affected"},{"version":"3.1","status":"affected"},{"version":"3.2","status":"affected"},{"version":"2.8.1","status":"affected"},{"version":"2.8.2","status":"affected"},{"version":"2.8.3","status":"affected"},{"version":"2.8.4","status":"affected"},{"version":"2.8.5","status":"affected"},{"version":"3.0.1","status":"affected"},{"version":"3.0.2","status":"affected"},{"version":"3.0.4","status":"affected"},{"version":"3.0.5","status":"affected"},{"version":"3.1.1","status":"affected"},{"version":"3.1.2","status":"affected"},{"version":"3.1.3","status":"affected"},{"version":"3.1.4","status":"affected"},{"version":"3.2.1","status":"affected"},{"version":"3.2.2","status":"affected"},{"version":"3.2.3","status":"affected"},{"version":"3.3","status":"affected"},{"version":"3.3.1","status":"affected"},{"version":"3.3.2","status":"affected"},{"version":"3.3.3","status":"affected"},{"version":"3.3.4","status":"affected"},{"version":"3.4","status":"affected"},{"version":"3.4.1","status":"affected"},{"version":"3.4.2","status":"affected"},{"version":"3.4.3","status":"affected"},{"version":"3.4.4","status":"affected"},{"version":"3.4.5","status":"affected"},{"version":"3.4.6","status":"affected"},{"version":"3.5","status":"affected"},{"version":"2.7.1","status":"affected"},{"version":"2.7.2","status":"affected"},{"version":"2.7.6","status":"affected"},{"version":"2.7.9","status":"affected"},{"version":"2.7.10","status":"affected"},{"version":"3.5.1","status":"affected"},{"version":"3.5.2","status":"affected"},{"version":"3.6.1","status":"affected"},{"version":"3.6.2","status":"affected"},{"version":"3.7","status":"affected"},{"version":"3.7.1","status":"affected"},{"version":"3.8.3","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"psirt@cisco.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N","baseScore":6.0,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":0.8,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T17:15:44.900787Z","id":"CVE-2026-20246","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"psirt@cisco.com","type":"Secondary","description":[{"lang":"en","value":"CWE-269"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:umbrella_virtual_appliance:*:*:*:*:*:*:*:*","versionEndExcluding":"3.8.5","matchCriteriaId":"747DFEB4-0F17-4600-8E22-ECB545A12EE8"}]}]}],"references":[{"url":"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-umbrella-priv-esc-F4wJB7AU","source":"psirt@cisco.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-20265","sourceIdentifier":"psirt@cisco.com","published":"2026-06-17T18:17:40.600","lastModified":"2026-06-22T12:46:06.703","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In Splunk AI Toolkit versions below 5.7.4, a low-privileged user that does not hold the \"admin\" or \"power\" Splunk roles could cause the Splunk AI Toolkit to make outbound requests over HTTP to a server that an attacker controls, which could allow for data exfiltration.  \n\nThe vulnerability exists because of an insecure default domain allowlist in the Splunk AI Toolkit, which does not restrict outbound AI agent  requests to approved external domains."}],"affected":[{"source":"psirt@cisco.com","affectedData":[{"vendor":"Splunk","product":"Splunk AI Toolkit","versions":[{"version":"5.7","lessThan":"5.7.4","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"psirt@cisco.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T18:04:24.981105Z","id":"CVE-2026-20265","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"psirt@cisco.com","type":"Secondary","description":[{"lang":"en","value":"CWE-1188"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:splunk:ai_toolkit:*:*:*:*:*:*:*:*","versionStartIncluding":"5.7.0","versionEndExcluding":"5.7.4","matchCriteriaId":"433FFA09-42E8-4DB0-8677-0357A6458FA4"}]}]}],"references":[{"url":"https://advisory.splunk.com/advisories/SVD-2026-0613","source":"psirt@cisco.com","tags":["Vendor Advisory","Mitigation"]}]}},{"cve":{"id":"CVE-2026-20266","sourceIdentifier":"psirt@cisco.com","published":"2026-06-17T18:17:40.900","lastModified":"2026-06-22T12:48:37.440","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In Splunk AI Toolkit versions below 5.7.4, a user who holds the \"admin\" Splunk role could execute arbitrary OS commands on the host running the Splunk Enterprise instance.  \n\nThe vulnerability is possible because of an unsafe shell execution pattern in the btool configuration helper, which constructs OS command strings from dynamic parameters without disabling shell interpretation."}],"affected":[{"source":"psirt@cisco.com","affectedData":[{"vendor":"Splunk","product":"Splunk AI Toolkit","versions":[{"version":"5.7","lessThan":"5.7.4","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"psirt@cisco.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.3,"impactScore":6.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T18:03:52.980872Z","id":"CVE-2026-20266","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"psirt@cisco.com","type":"Primary","description":[{"lang":"en","value":"CWE-78"}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-78"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:splunk:ai_toolkit:*:*:*:*:*:*:*:*","versionStartIncluding":"5.7.0","versionEndExcluding":"5.7.4","matchCriteriaId":"433FFA09-42E8-4DB0-8677-0357A6458FA4"}]}]}],"references":[{"url":"https://advisory.splunk.com/advisories/SVD-2026-0614","source":"psirt@cisco.com","tags":["Vendor Advisory"]}]}}]}