35 matches found
📄 Vaadin 25.x Authentication Bypass
An authentication bypass affects Vaadin versions 6.8.13, 14.x, 23.x, 24.x, and 25.x when used with Spring Security, due to inconsistent path pattern matching on reserved framework routes. Accessing the /VAADIN endpoint without a trailing slash can bypass security filters, allowing unauthenticated...
EUVD-2026-10496
Specially crafted ZIP archives can escape the intended extraction directory during Node.js download and extraction in Vaadin 14.2.0 through 14.14.0, 23.0.0 through 23.6.6, 24.0.0 through 24.9.8, and 25.0.0 through 25.0.2. Vaadin’s build process can automatically download and extract Node.js if it...
GHSA-8JRH-7JG8-FVMV Vaadin: Specially crafted ZIP archives can escape the intended extraction directory
Specially crafted ZIP archives can escape the intended extraction directory during Node.js download and extraction in Vaadin 14.2.0 through 14.14.0, 23.0.0 through 23.6.6, 24.0.0 through 24.9.8, and 25.0.0 through 25.0.2. Vaadin’s build process can automatically download and extract Node.js if it...
EUVD-2026-10499
An authentication bypass vulnerability exists in Vaadin 14.0.0 through 14.14.0, 23.0.0 through 23.6.6, 24.0.0 through 24.9.7 and 25.0.0 through 25.0.1, applications using Spring Security due to inconsistent path pattern matching of reserved framework paths. Accessing the /VAADIN endpoint without ...
CVE-2026-2742
An authentication bypass vulnerability exists in Vaadin 14.0.0 through 14.14.0, 23.0.0 through 23.6.6, 24.0.0 through 24.9.7 and 25.0.0 through 25.0.1, applications using Spring Security due to inconsistent path pattern matching of reserved framework paths. Accessing the /VAADIN endpoint without ...
CVE-2026-2741 Zip Slip Path Traversal on Node Unpack
Specially crafted ZIP archives can escape the intended extraction directory during Node.js download and extraction in Vaadin 14.2.0 through 14.14.0, 15.0.0 through 23.6.6, 24.0.0 through 24.9.8, and 25.0.0 through 25.0.2. Vaadin’s build process can automatically download and extract Node.js if it...
Zip Slip Path Traversal on Node Unpack
Specially crafted ZIP archives can escape the intended extraction directory during Node.js download and extraction in Vaadin 14.2.0 through 14.14.0, 23.0.0 through 23.6.6, 24.0.0 through 24.9.8, and 25.0.0 through 25.0.2. See CWE-22 Improper Limitation of a Pathname to a Restricted Directory 'Pat...
com.vaadin:vaadin (>=24.9.0 <=24.9.18) potentially affected by CVE-2025-15022 via com.vaadin:vaadin-spreadsheet-flow (>=24.9.0 <=24.9.6)
com.vaadin:vaadin-spreadsheet-flow MAVEN version =24.9.0, =24.9.0, =24.9.18 Source cves: CVE-2025-15022 Source advisory: OSV:GHSA-7WWV-79XW-RVVG...
com.vaadin:vaadin (>=24.7.0 <=24.10.7) potentially affected by CVE-2025-15022 via com.vaadin:vaadin-spreadsheet-flow (>=24.10.0-beta1 <=24.8.13)
com.vaadin:vaadin-spreadsheet-flow MAVEN version =24.10.0-beta1, =24.7.0, =24.10.7 Source cves: CVE-2025-15022 Source advisory: OSV:GHSA-7WWV-79XW-RVVG...
ca.qc.ircm:plate-layout (=0.8), com.github.ilgun:expandingtextarea (=2.0) +107 more potentially affected by CVE-2025-15022 via com.vaadin:vaadin-server (>=8.0.0 <=8.2.1)
com.vaadin:vaadin-server MAVEN version =8.0.0, =1.0.0, =1.0.0, =1.1.20, =1.0.9, =1.0.9, =1.1.8, =5.0.0, =5.0.0, =5.0.0, =5.0.0, =5.0.5 and more Source cves: CVE-2025-15022 Source advisory: SNYK:JAVA-COMVAADIN-14860883...
com.vaadin:vaadin (>=24.7.0 <=24.10.7) potentially affected by CVE-2025-15022 via com.vaadin:vaadin-spreadsheet-flow (>=24.10.0-beta1 <=24.8.13)
com.vaadin:vaadin-spreadsheet-flow MAVEN version =24.10.0-beta1, =24.7.0, =24.10.7 Source cves: CVE-2025-15022 Source advisory: SNYK:JAVA-COMVAADIN-14860869...
PT-2026-1225
Name of the Vulnerable Software and Affected Versions Vaadin versions 7.0.0 through 7.7.49 Vaadin versions 8.0.0 through 8.29.1 Vaadin versions 23.1.0 through 23.6.5 Vaadin versions 24.0.0 through 24.8.13 Vaadin versions 24.9.0 through 24.9.6 Description The application allows HTML in action...
EUVD-2021-2248
Malware in sbrugna...
EUVD-2021-1386
Malware in sbrugna...
EUVD-2021-1147
Malware in sbrugna...
EUVD-2021-0784
Malware in sbrugna...
EUVD-2021-0750
Malware in sbrugna...
EUVD-2021-0890
Malware in sbrugna...
EUVD-2021-0873
Malware in sbrugna...
EUVD-2021-1033
Malware in sbrugna...