63 matches found
PraisonAI 信息泄露漏洞
PraisonAI is a low-code multi-agent collaboration framework developed by Mervin Praison. Versions of PraisonAI prior to 4.5.115 contained an information leakage vulnerability. This vulnerability stemmed from a lack of authentication in the event flow server, which could lead to information leaks...
Access Control Bypass
Overview Affected versions of this package are vulnerable to Access Control Bypass due to inconsistent path pattern matching of reserved framework paths. An attacker can create unauthorized sessions and trigger framework initialization by accessing the /VAADIN endpoint without a trailing slash,...
com.flowingcode.vaadin.test:testbench-rpc (>=1.4.0 <=1.5.0), com.github.mcollovati.vertx:vaadin-flow-sockjs (>=14.0.0 <=14.0.13) +201 more potentially affected by CVE-2026-2741 via com.vaadin:flow-server (>=2.0.0 <=2.13.0)
com.vaadin:flow-server MAVEN version =2.0.0, =1.4.0, =14.0.0, =14.0.0, =5.3.0, =5.3.0, =5.3.0, =5.3.0, =5.3.0, =5.3.0, =5.3.1 and more Source cves: CVE-2026-2741 Source advisory: SNYK:JAVA-COMVAADIN-15518323...
ch.artaios:openchemlib-vaadin (>=1.0.0 <=3.0.0), ch.jubnl:vsecureflow (>=0.0.15 <=0.0.16) +662 more potentially affected by CVE-2023-25499 via com.vaadin:flow-server (>=1.1.0 <=2.8.1)
com.vaadin:flow-server MAVEN version =1.1.0, =1.0.0, =0.0.15, =2.1.1, =1.0.0, =1.0.0, =0.1, =1.0.0, =1.4.0, =0.1.0, =0.2.0 and more Source cves: CVE-2023-25499 Source advisory: OSV:GHSA-5F9V-MV5G-JH5Q...
com.alibaba.rsocket:alibaba-broker-server (>=1.0.1 <=1.1.2), com.beirtipol:jfixtools-reporting (=1.0-BETA) +129 more potentially affected by CVE-2023-25499 via com.vaadin:flow-server (>=3.0.0 <=9.1.0)
com.vaadin:flow-server MAVEN version =3.0.0, =1.0.1, =1.1.6, =15.0.0, =15.0.0, =3.2.3, =0.17.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =9.1.0 and more Source cves: CVE-2023-25499 Source advisory: OSV:GHSA-5F9V-MV5G-JH5Q...
com.vaadin:flow (>=1.0.0 <=1.0.19), com.vaadin:flow-client (>=1.0.0 <=1.0.19) +44 more potentially affected by CVE-2023-25499 via com.vaadin:flow-server (>=1.0.0 <=1.0.2)
com.vaadin:flow-server MAVEN version =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =10.0.2, =2.0.1, =1.0.0, =6.0.1, =1.0.0, =1.0.2 and more Source cves: CVE-2023-25499 Source advisory: OSV:GHSA-5F9V-MV5G-JH5Q...
ch.artaios:openchemlib-vaadin (>=1.0.0 <=3.0.0), ch.jubnl:vsecureflow (>=0.0.15 <=0.0.16) +664 more potentially affected by CVE-2023-25500 via com.vaadin:flow-server (>=1.1.0 <=2.9.2)
com.vaadin:flow-server MAVEN version =1.1.0, =1.0.0, =0.0.15, =2.1.1, =1.0.0, =1.0.0, =0.1, =14.8, =3.7.0, =2.9.3, =1.0.0, =1.0.1 - com.flowingcode.vaadin.addons:zoomist-addon =1.0.0 and more Source cves: CVE-2023-25500 Source advisory: OSV:GHSA-CH48-9R3Q-PV7X...
com.alibaba.rsocket:alibaba-broker-server (>=1.0.1 <=1.1.2), com.beirtipol:jfixtools-reporting (=1.0-BETA) +129 more potentially affected by CVE-2023-25500 via com.vaadin:flow-server (>=3.0.0 <=9.1.10)
com.vaadin:flow-server MAVEN version =3.0.0, =1.0.1, =1.1.6, =15.0.0, =15.0.0, =3.2.3, =0.17.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =9.1.10 and more Source cves: CVE-2023-25500 Source advisory: OSV:GHSA-CH48-9R3Q-PV7X...
com.vaadin:flow (>=1.0.0 <=1.0.20), com.vaadin:flow-client (>=1.0.0 <=1.0.20) +44 more potentially affected by CVE-2023-25500 via com.vaadin:flow-server (>=1.0.0 <=1.0.20)
com.vaadin:flow-server MAVEN version =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =10.0.2, =2.0.1, =1.0.0, =6.0.1, =1.0.0, =1.0.2 and more Source cves: CVE-2023-25500 Source advisory: OSV:GHSA-CH48-9R3Q-PV7X...
ch.artaios:openchemlib-vaadin (>=1.0.0 <=3.0.0), ch.jubnl:vsecureflow (>=0.0.15 <=0.0.16) +647 more potentially affected by CVE-2021-31412 via com.vaadin:flow-server (>=1.1.0 <=2.6.1)
com.vaadin:flow-server MAVEN version =1.1.0, =1.0.0, =0.0.15, =2.1.1, =1.0.0, =1.0.0, =0.1, =1.0.0, =1.4.0, =0.1.0, =0.2.0 - com.github.jochenw.afw:afw-vdn =0.9.2 and more Source cves: CVE-2021-31412 Source advisory: OSV:GHSA-FR26-QJC8-MVJX...
com.vaadin:flow (>=1.0.0 <=1.0.14), com.vaadin:flow-client (>=1.0.0 <=1.0.14) +30 more potentially affected by CVE-2021-31412 via com.vaadin:flow-server (>=1.0.0 <=1.0.14)
com.vaadin:flow-server MAVEN version =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =10.0.13, =10.0.18 - com.vaadin:vaadin-board-flow =2.0.1 - com.vaadin:vaadin-button-flow =1.0.0 - com.vaadin:vaadin-charts-flow =6.0.1 - com.vaadin:vaadin-checkbox-flow...
com.beirtipol:jfixtools-reporting (=1.0-BETA), com.beirtipol:jfixtools-ui-vaadin (=1.0-BETA) +109 more potentially affected by CVE-2021-31412 via com.vaadin:flow-server (>=3.0.0 <=6.0.1)
com.vaadin:flow-server MAVEN version =3.0.0, =1.1.6, =15.0.0, =15.0.0, =0.17.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =5.0.0, =6.0.1 and more Source cves: CVE-2021-31412 Source advisory: OSV:GHSA-FR26-QJC8-MVJX...
com.beirtipol:jfixtools-reporting (=1.0-BETA), com.beirtipol:jfixtools-ui-vaadin (=1.0-BETA) +109 more potentially affected by CVE-2021-33604 via com.vaadin:flow-server (>=3.0.0 <=6.0.1)
com.vaadin:flow-server MAVEN version =3.0.0, =1.1.6, =15.0.0, =15.0.0, =0.17.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =5.0.0, =6.0.1 and more Source cves: CVE-2021-33604 Source advisory: OSV:GHSA-8VFW-V2JV-9HWC...
com.alibaba.rsocket:alibaba-broker-server (>=1.0.0 <=1.0.0.RC4), com.dorkbox.GradleVaadin:com.dorkbox.GradleVaadin.gradle.plugin (>=0.1 <=14.1.4) +252 more potentially affected by CVE-2021-33604 via com.vaadin:flow-server (>=2.0.0 <=2.6.1)
com.vaadin:flow-server MAVEN version =2.0.0, =1.0.0, =0.1, =1.4.0, =1.0, =0.0.1, =14.0.0, =14.0.0, =0.0.3, =1.0.0, =0.3.1, =1.0.0, =1.0.0, =0.5.1, =2.0.1, =2.2.3 and more Source cves: CVE-2021-33604 Source advisory: OSV:GHSA-8VFW-V2JV-9HWC...
Information Disclosure
flow-server is vulnerable to information disclosure. Lack of validation and sanitization of path in the default RouteNotFoundError view allows an attacker to enumerate available routes via malicious HTTP requests...
Remote Code Execution (RCE)
flow-server is vulnerable to remote code execution. The vulnerability exists due to a the system not escaping the " character when passing request via DevModeHandlerImpl...
CVE-2021-33604
URL encoding error in development mode handler in com.vaadin:flow-server versions 2.0.0 through 2.6.1 Vaadin 14.0.0 through 14.6.1, 3.0.0 through 6.0.9 Vaadin 15.0.0 through 19.0.8 allows local user to execute arbitrary JavaScript code by opening crafted URL in browser...
CVE-2021-31412
The CVE-2021-31412 entry describes an information-disclosure issue in Vaadin Flow Server’s default RouteNotFoundError view. The vulnerability arises from improper sanitization of the path, enabling a network attacker to enumerate all available routes when the application runs in production mode a...
vaadin:flow-server 输入验证错误漏洞
Vaadin flow is a software application.The Vaadin platform is a Java framework for building modern websites that look great, perform well and keep you and your users happy. A security vulnerability exists in vaadin:flow-server that stems from improper path cleanup in the default RouteNotFoundError...
vaadin:flow-server 安全漏洞
Vaadin flow is a software application.The Vaadin platform is a Java framework for building modern websites that look great, perform well and keep you and your users happy. A security vulnerability exists in vaadin:flow-server that stems from a URL encoding error in the development mode handler. T...