Lucene search
K

6 matches found

OSV
OSV
added 2026/03/10 6:18 p.m.6 views

CVE-2026-2741

Specially crafted ZIP archives can escape the intended extraction directory during Node.js download and extraction in Vaadin 14.2.0 through 14.14.0, 15.0.0 through 23.6.6, 24.0.0 through 24.9.8, and 25.0.0 through 25.0.2. Vaadin’s build process can automatically download and extract Node.js if it...

2.3CVSS5.8AI score0.00342EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/03/10 12:0 a.m.8 views

vaadin 安全漏洞

Vaadin is an open-source platform for web application development developed by Vaadin contributors. The Vaadin platform includes a set of web components, a Java web framework, as well as a set of tools and application starters. Vulnerabilities exist in Vaadin versions 14.14.0 and earlier, 23.6.6...

6.8CVSS5.9AI score0.00342EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/07 12:30 a.m.8 views

EUVD-2021-1309

Malware in sbrugna...

2.5CVSS3.8AI score0.00286EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2025/09/04 3:55 p.m.12 views

Vaadin Platform possible file bypass via upload validation on the server-side

Description When the Vaadin Upload's start listener is used to validate metadata about an incoming upload, it is possible to bypass the upload validation. Users of affected versions should apply the upgrade to a more recent Vaadin version...

5.3CVSS7AI score0.00358EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2025/09/04 3:55 p.m.11 views

GHSA-C7V7-RQFM-F44J Vaadin Platform possible file bypass via upload validation on the server-side

Description When the Vaadin Upload's start listener is used to validate metadata about an incoming upload, it is possible to bypass the upload validation. Users of affected versions should apply the upgrade to a more recent Vaadin version...

5.3CVSS5.9AI score0.00358EPSS
Exploits0References6
Vaadin
Vaadin
added 2021/06/24 12:0 a.m.35 views

Reflected cross-site scripting in development mode handler in Vaadin 14, 15-19

URL encoding error in development mode handler in com.vaadin:flow-server versions 2.0.0 through 2.6.1 Vaadin 14.0.0 through 14.6.1, 3.0.0 through 6.0.9 Vaadin 15.0.0 through 19.0.8 allows local user to execute arbitrary JavaScript code by opening crafted URL in browser. See CWE-172: Encoding Erro...

2.5CVSS1.7AI score0.00286EPSS
Exploits0References1Affected Software2
Rows per page
Query Builder