6 matches found
CVE-2026-2741
Specially crafted ZIP archives can escape the intended extraction directory during Node.js download and extraction in Vaadin 14.2.0 through 14.14.0, 15.0.0 through 23.6.6, 24.0.0 through 24.9.8, and 25.0.0 through 25.0.2. Vaadin’s build process can automatically download and extract Node.js if it...
vaadin 安全漏洞
Vaadin is an open-source platform for web application development developed by Vaadin contributors. The Vaadin platform includes a set of web components, a Java web framework, as well as a set of tools and application starters. Vulnerabilities exist in Vaadin versions 14.14.0 and earlier, 23.6.6...
EUVD-2021-1309
Malware in sbrugna...
Vaadin Platform possible file bypass via upload validation on the server-side
Description When the Vaadin Upload's start listener is used to validate metadata about an incoming upload, it is possible to bypass the upload validation. Users of affected versions should apply the upgrade to a more recent Vaadin version...
GHSA-C7V7-RQFM-F44J Vaadin Platform possible file bypass via upload validation on the server-side
Description When the Vaadin Upload's start listener is used to validate metadata about an incoming upload, it is possible to bypass the upload validation. Users of affected versions should apply the upgrade to a more recent Vaadin version...
Reflected cross-site scripting in development mode handler in Vaadin 14, 15-19
URL encoding error in development mode handler in com.vaadin:flow-server versions 2.0.0 through 2.6.1 Vaadin 14.0.0 through 14.6.1, 3.0.0 through 6.0.9 Vaadin 15.0.0 through 19.0.8 allows local user to execute arbitrary JavaScript code by opening crafted URL in browser. See CWE-172: Encoding Erro...