Lucene search
K

35 matches found

Packet Storm
Packet Storm
added 2026/04/09 12:0 a.m.103 views

📄 Vaadin 25.x Authentication Bypass

An authentication bypass affects Vaadin versions 6.8.13, 14.x, 23.x, 24.x, and 25.x when used with Spring Security, due to inconsistent path pattern matching on reserved framework routes. Accessing the /VAADIN endpoint without a trailing slash can bypass security filters, allowing unauthenticated...

5.9AI score
Exploits0
EUVD
EUVD
added 2026/03/10 6:31 p.m.4 views

EUVD-2026-10496

Specially crafted ZIP archives can escape the intended extraction directory during Node.js download and extraction in Vaadin 14.2.0 through 14.14.0, 23.0.0 through 23.6.6, 24.0.0 through 24.9.8, and 25.0.0 through 25.0.2. Vaadin’s build process can automatically download and extract Node.js if it...

2.3CVSS5.8AI score0.00342EPSS
Exploits0References7
OSV
OSV
added 2026/03/10 6:31 p.m.2 views

GHSA-8JRH-7JG8-FVMV Vaadin: Specially crafted ZIP archives can escape the intended extraction directory

Specially crafted ZIP archives can escape the intended extraction directory during Node.js download and extraction in Vaadin 14.2.0 through 14.14.0, 23.0.0 through 23.6.6, 24.0.0 through 24.9.8, and 25.0.0 through 25.0.2. Vaadin’s build process can automatically download and extract Node.js if it...

2.3CVSS5.8AI score0.00342EPSS
Exploits0References8
EUVD
EUVD
added 2026/03/10 6:31 p.m.3 views

EUVD-2026-10499

An authentication bypass vulnerability exists in Vaadin 14.0.0 through 14.14.0, 23.0.0 through 23.6.6, 24.0.0 through 24.9.7 and 25.0.0 through 25.0.1, applications using Spring Security due to inconsistent path pattern matching of reserved framework paths. Accessing the /VAADIN endpoint without ...

5.3CVSS5.8AI score0.00391EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2026/03/10 12:8 p.m.6 views

CVE-2026-2742

An authentication bypass vulnerability exists in Vaadin 14.0.0 through 14.14.0, 23.0.0 through 23.6.6, 24.0.0 through 24.9.7 and 25.0.0 through 25.0.1, applications using Spring Security due to inconsistent path pattern matching of reserved framework paths. Accessing the /VAADIN endpoint without ...

5.3CVSS5.8AI score0.00391EPSS
Exploits0References8Affected Software2
Cvelist
Cvelist
added 2026/03/10 12:8 p.m.27 views

CVE-2026-2741 Zip Slip Path Traversal on Node Unpack

Specially crafted ZIP archives can escape the intended extraction directory during Node.js download and extraction in Vaadin 14.2.0 through 14.14.0, 15.0.0 through 23.6.6, 24.0.0 through 24.9.8, and 25.0.0 through 25.0.2. Vaadin’s build process can automatically download and extract Node.js if it...

2.3CVSS0.00342EPSS
Exploits0References6
Vaadin
Vaadin
added 2026/03/10 12:0 a.m.14 views

Zip Slip Path Traversal on Node Unpack

Specially crafted ZIP archives can escape the intended extraction directory during Node.js download and extraction in Vaadin 14.2.0 through 14.14.0, 23.0.0 through 23.6.6, 24.0.0 through 24.9.8, and 25.0.0 through 25.0.2. See CWE-22 Improper Limitation of a Pathname to a Restricted Directory 'Pat...

6.8CVSS5.8AI score0.00342EPSS
Exploits0Affected Software3
vulnersOsv
vulnersOsv
added 2026/01/05 9:30 a.m.7 views

com.vaadin:vaadin (>=24.9.0 <=24.9.18) potentially affected by CVE-2025-15022 via com.vaadin:vaadin-spreadsheet-flow (>=24.9.0 <=24.9.6)

com.vaadin:vaadin-spreadsheet-flow MAVEN version =24.9.0, =24.9.0, =24.9.18 Source cves: CVE-2025-15022 Source advisory: OSV:GHSA-7WWV-79XW-RVVG...

4.8CVSS5.7AI score0.00327EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/01/05 9:30 a.m.7 views

com.vaadin:vaadin (>=24.7.0 <=24.10.7) potentially affected by CVE-2025-15022 via com.vaadin:vaadin-spreadsheet-flow (>=24.10.0-beta1 <=24.8.13)

com.vaadin:vaadin-spreadsheet-flow MAVEN version =24.10.0-beta1, =24.7.0, =24.10.7 Source cves: CVE-2025-15022 Source advisory: OSV:GHSA-7WWV-79XW-RVVG...

4.8CVSS5.7AI score0.00327EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/01/05 8:40 a.m.7 views

ca.qc.ircm:plate-layout (=0.8), com.github.ilgun:expandingtextarea (=2.0) +107 more potentially affected by CVE-2025-15022 via com.vaadin:vaadin-server (>=8.0.0 <=8.2.1)

com.vaadin:vaadin-server MAVEN version =8.0.0, =1.0.0, =1.0.0, =1.1.20, =1.0.9, =1.0.9, =1.1.8, =5.0.0, =5.0.0, =5.0.0, =5.0.0, =5.0.5 and more Source cves: CVE-2025-15022 Source advisory: SNYK:JAVA-COMVAADIN-14860883...

4.8CVSS5.8AI score0.00327EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/01/05 8:40 a.m.6 views

com.vaadin:vaadin (>=24.7.0 <=24.10.7) potentially affected by CVE-2025-15022 via com.vaadin:vaadin-spreadsheet-flow (>=24.10.0-beta1 <=24.8.13)

com.vaadin:vaadin-spreadsheet-flow MAVEN version =24.10.0-beta1, =24.7.0, =24.10.7 Source cves: CVE-2025-15022 Source advisory: SNYK:JAVA-COMVAADIN-14860869...

4.8CVSS5.7AI score0.00327EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/01/05 12:0 a.m.5 views

PT-2026-1225

Name of the Vulnerable Software and Affected Versions Vaadin versions 7.0.0 through 7.7.49 Vaadin versions 8.0.0 through 8.29.1 Vaadin versions 23.1.0 through 23.6.5 Vaadin versions 24.0.0 through 24.8.13 Vaadin versions 24.9.0 through 24.9.6 Description The application allows HTML in action...

4.8CVSS5.9AI score0.00327EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2021-2248

Malware in sbrugna...

4.3CVSS4.6AI score0.00915EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2021-1386

Malware in sbrugna...

5.3CVSS5.3AI score0.01318EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2021-1147

Malware in sbrugna...

7.8CVSS7.5AI score0.00231EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2021-0784

Malware in sbrugna...

4CVSS4AI score0.00306EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2021-0750

Malware in sbrugna...

7.5CVSS7.5AI score0.01956EPSS
Exploits1References6
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2021-0890

Malware in sbrugna...

4CVSS4.1AI score0.0021EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2021-0873

Malware in sbrugna...

6.1CVSS6.1AI score0.00668EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2021-1033

Malware in sbrugna...

7.5CVSS7.4AI score0.01672EPSS
Exploits0References6
Rows per page
Query Builder