2 matches found
CVE-2025-41242
CVE-2025-41242 is a path traversal vulnerability in Spring Framework MVC when deployed on a non‑compliant Servlet container. An app is at risk if it is WAR‑deployed or uses an embedded container, the container does not reject suspicious URI sequences, and the app serves static resources via Sprin...
Server classes and resources exposure in OSGi applications using Vaadin 12-14 and 19
Vulnerability in OSGi integration in com.vaadin:flow-server versions 1.2.0 through 2.4.7 Vaadin 12.0.0 through 14.4.9, and 6.0.0 through 6.0.1 Vaadin 19.0.0 allows attacker to access application classes and resources on the server via crafted HTTP request. See CWE-402: Transmission of Private...