9 matches found
com.github.mcollovati:quarkus-hilla-commons-deployment (=25.0.0-beta1), com.github.mcollovati:quarkus-hilla-deployment (=25.0.0-beta1) +23 more potentially affected by CVE-2026-2741 via com.vaadin:flow-build-tools (>=25.0.0-rc1 <=25.0.2)
com.vaadin:flow-build-tools MAVEN version =25.0.0-rc1, =25.0.0, =25.0.0, =4.0.0, =25.0.0, =25.0.0, =25.0.0, =25.0.0, =25.0.0, =25.0.0, =25.0.0, =25.0.0, =25.0.14 - com.vaadin:gradle-plugin =25.0.13 and more Source cves: CVE-2026-2741 Source advisory: SNYK:JAVA-COMVAADIN-15518324...
Vaadin Flow, Hilla and the September 2025 npm supply-chain attacks
Recently two major npm supply-chain attacks have been reported, raising concerns about the safety of the broader software ecosystem, including for Vaadin users. The first incident involved compromised maintainer accounts and malicious releases of widely used packages such as debug and chalk. The...
Malicious code in hilla-components-dependencies (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b10fa0be1901d7dc877afdf66a185a7450e3e75a9377cf32d1618128c64862a2 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2024-9090 Malicious code in hilla-components-dependencies (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b10fa0be1901d7dc877afdf66a185a7450e3e75a9377cf32d1618128c64862a2 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
com.github.fmcejudo:quarkus-eureka (>=1.0.0 <=1.2.0), com.github.fmcejudo:quarkus-eureka-deployment (>=1.0.0 <=1.2.0) +72 more potentially affected by CVE-2023-4853 via io.quarkus:quarkus-undertow (>=3.0.0.Alpha1 <=3.2.5.Final)
io.quarkus:quarkus-undertow MAVEN version =3.0.0.Alpha1, =1.0.0, =1.0.0, =2.0.0-alpha1, =24.4.0, =24.4.0, =2.0.0-alpha1, =24.4.0, =24.4.0, =1.0.0, =2.0.0, =2.0.0, =24.0.0, =24.8.3, =9.2.3, =0.23.0, =0.24.5 and more Source cves: CVE-2023-4853 Source advisory: OSV:GHSA-4F4R-WGV2-JJVG...
A Bootiful Podcast: Vaadin's Marcus Hellberg on rich UIs, Spring Boot 3, GraalVM native images, and more
Hi, Spring fans! In this installment, Josh Long @starbuxman talks to Vaadins Marcus Hellberg @marcushellberg about rich UIs, Vaadin Flow, the new Hilla Framework, GraalVM native image compilation, and so much more...
This Week in Spring - July 5th, 2022
Hi, Spring fans! Welcome to another installment of This Week in Spring! This weeks all sorts of weird for me. Its Tuesday! But here in the US we just celebrated the 4th of July, and I, like many Americans, took a long weekend. Took some time with the family to do a little road trip up north to...
Spring Core Remote Code Execution via Data Binding on JDK 9+
A remote code execution RCE vulnerability was discovered in the Spring framework, affecting at least Spring versions 4.x and 5.x. A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution RCE via data binding. The specific exploit requires the...
hilla-holtmann.de Improper Access Control vulnerability OBB-2215319
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...