Lucene search
K

9 matches found

vulnersOsv
vulnersOsv
added 2026/03/10 12:8 p.m.11 views

com.github.mcollovati:quarkus-hilla-commons-deployment (=25.0.0-beta1), com.github.mcollovati:quarkus-hilla-deployment (=25.0.0-beta1) +23 more potentially affected by CVE-2026-2741 via com.vaadin:flow-build-tools (>=25.0.0-rc1 <=25.0.2)

com.vaadin:flow-build-tools MAVEN version =25.0.0-rc1, =25.0.0, =25.0.0, =4.0.0, =25.0.0, =25.0.0, =25.0.0, =25.0.0, =25.0.0, =25.0.0, =25.0.0, =25.0.0, =25.0.14 - com.vaadin:gradle-plugin =25.0.13 and more Source cves: CVE-2026-2741 Source advisory: SNYK:JAVA-COMVAADIN-15518324...

6.8CVSS5.7AI score0.00342EPSS
Exploits0
Vaadin
Vaadin
added 2025/09/26 12:0 a.m.23 views

Vaadin Flow, Hilla and the September 2025 npm supply-chain attacks

Recently two major npm supply-chain attacks have been reported, raising concerns about the safety of the broader software ecosystem, including for Vaadin users. The first incident involved compromised maintainer accounts and malicious releases of widely used packages such as debug and chalk. The...

7.4AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2024/10/04 12:45 p.m.4 views

Malicious code in hilla-components-dependencies (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b10fa0be1901d7dc877afdf66a185a7450e3e75a9377cf32d1618128c64862a2 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.8AI score
Exploits0References1
OSV
OSV
added 2024/10/04 12:45 p.m.6 views

MAL-2024-9090 Malicious code in hilla-components-dependencies (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b10fa0be1901d7dc877afdf66a185a7450e3e75a9377cf32d1618128c64862a2 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
vulnersOsv
vulnersOsv
added 2023/09/20 12:30 p.m.9 views

com.github.fmcejudo:quarkus-eureka (>=1.0.0 <=1.2.0), com.github.fmcejudo:quarkus-eureka-deployment (>=1.0.0 <=1.2.0) +72 more potentially affected by CVE-2023-4853 via io.quarkus:quarkus-undertow (>=3.0.0.Alpha1 <=3.2.5.Final)

io.quarkus:quarkus-undertow MAVEN version =3.0.0.Alpha1, =1.0.0, =1.0.0, =2.0.0-alpha1, =24.4.0, =24.4.0, =2.0.0-alpha1, =24.4.0, =24.4.0, =1.0.0, =2.0.0, =2.0.0, =24.0.0, =24.8.3, =9.2.3, =0.23.0, =0.24.5 and more Source cves: CVE-2023-4853 Source advisory: OSV:GHSA-4F4R-WGV2-JJVG...

8.1CVSS7.2AI score0.01215EPSS
Exploits1
Spring Security Advisories
Spring Security Advisories
added 2022/12/08 11:0 a.m.12 views

A Bootiful Podcast: Vaadin's Marcus Hellberg on rich UIs, Spring Boot 3, GraalVM native images, and more

Hi, Spring fans! In this installment, Josh Long @starbuxman talks to Vaadins Marcus Hellberg @marcushellberg about rich UIs, Vaadin Flow, the new Hilla Framework, GraalVM native image compilation, and so much more...

2.1AI score
Exploits0
Spring Security Advisories
Spring Security Advisories
added 2022/07/05 9:0 a.m.22 views

This Week in Spring - July 5th, 2022

Hi, Spring fans! Welcome to another installment of This Week in Spring! This weeks all sorts of weird for me. Its Tuesday! But here in the US we just celebrated the 4th of July, and I, like many Americans, took a long weekend. Took some time with the family to do a little road trip up north to...

7.1AI score
Exploits0
Vaadin
Vaadin
added 2022/04/01 12:0 a.m.83 views

Spring Core Remote Code Execution via Data Binding on JDK 9+

A remote code execution RCE vulnerability was discovered in the Spring framework, affecting at least Spring versions 4.x and 5.x. A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution RCE via data binding. The specific exploit requires the...

9.8CVSS0.6AI score0.99677EPSS
Exploits102References2
Openbugbounty
Openbugbounty
added 2021/10/28 3:49 p.m.6 views

hilla-holtmann.de Improper Access Control vulnerability OBB-2215319

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

0.1AI score
Exploits0
Rows per page
Query Builder