CVE-2026-2742

Summary of CVE-2026-2742 : Vaadin flow-server contains an authentication bypass via the /VAADIN endpoint when accessed without a trailing slash, allowing unauthenticated users to trigger framework initialization and create sessions. Affected products/versions include Vaadin 14.0.0–14.14.0, 23.0.0...

PT-2026-24206

Name of the Vulnerable Software and Affected Versions Vaadin versions 14.0.0 through 14.14.0 Vaadin versions 23.0.0 through 23.6.6 Vaadin versions 24.0.0 through 24.9.7 Vaadin versions 25.0.0 through 25.0.1 Description An authentication bypass issue exists in applications using Spring Security...

UBUNTU-CVE-2019-10173

It was found that xstream API version 1.4.10 before 1.4.11 introduced a regression for a previous deserialization flaw. If the security framework has not been initialized, it may allow a remote attacker to run arbitrary shell commands when unmarshalling XML or any supported format. e.g. JSON...

PT-2019-7010 · Thoughtworks · Xstream Api

Name of the Vulnerable Software and Affected Versions: Xstream API versions up to 1.4.6 Xstream API version 1.4.10 Description: The issue allows a remote attacker to execute arbitrary shell commands by manipulating the processed input stream when unmarshaling XML or any supported format, such as...